← voltar
CVE-2010-3851

CVE-2010-3851

EPSS 0.4%
libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.htmlhttp://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/https://bugzilla.redhat.com/show_bug.cgi?id=643958http://secunia.com/advisories/41797http://secunia.com/advisories/42235https://www.redhat.com/archives/libguestfs/2010-October/msg00036.htmlhttps://www.redhat.com/archives/libguestfs/2010-October/msg00037.htmlhttps://www.redhat.com/archives/libguestfs/2010-October/msg00041.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0586.htmlhttp://www.securityfocus.com/bid/44166http://www.vupen.com/english/advisories/2010/2874