Summary
Check the version of libvirt
Solution
Please Install the Updated Packages.
Insight
Pavel Hrdina discovered that libvirt
incorrectly handled locking when processing the virConnectListAllDomains command.
An attacker could use this issue to cause libvirtd to hang, resulting in a denial of service. (CVE-2014-3657)
Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file. (CVE-2014-7823)
Affected
libvirt on Ubuntu 14.10 ,
Ubuntu 14.04 LTS
Detection
Get the installed version with the
help of detect NVT and check if the version is vulnerable or not.
Severity
Classification
-
CVE CVE-2014-3657, CVE-2014-7823 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities