CVE-2008-5086 — Libvirt vulnerability

9 documents8 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 85.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Libvirt

Timeline

PublishedDec 19

Latest updateMay 17

Description

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶Debianredhat/libvirt< 0.4.6-10+3

▶NVDlibvirt/libvirt7 versions+6

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-g8pw-f6pq-hcg2: Multiple methods in libvirt 0↗2022-05-17

▶

OSV

CVE-2008-5086: Multiple methods in libvirt 0↗2008-12-19

▶

CVEList

CVE-2008-5086: Multiple methods in libvirt 0↗2008-12-19

▶

📋Vendor Advisories

Red Hat

libvirt: several API calls do not honour read-only connection↗2011-03-02

▶

Ubuntu

libvirt vulnerability↗2008-12-18

▶

Red Hat

libvirt: missing checks for read-only connection↗2008-12-17

▶

Debian

CVE-2008-5086: libvirt - Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is ...↗2008

▶

💬Community

Bugzilla

CVE-2008-5086 libvirt: missing checks for read-only connection↗2008-12-15

▶