CVE-2010-2242 — Libvirt vulnerability

CWE-2649 documents8 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 81.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Libvirt

Timeline

PublishedAug 19

Latest updateMay 17

Description

Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianredhat/libvirt< 0.8.3-1+3

▶NVDlibvirt/libvirt33 versions+32

🔴Vulnerability Details

GHSA

GHSA-j4r2-c3hx-6f4x: Red Hat libvirt 0↗2022-05-17

▶

OSV

CVE-2010-2242: Red Hat libvirt 0↗2010-08-19

▶

CVEList

CVE-2010-2242: Red Hat libvirt 0↗2010-08-19

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2010-10-21

▶

Red Hat

libvirt: improperly mapped source privileged ports may allow for obtaining privileged resources on the host↗2010-07-12

▶

Debian

CVE-2010-2242: libvirt - Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mapping...↗2010

▶

💬Community

Bugzilla

CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242 libvirt various flaws [fedora-all]↗2010-07-12

▶

Bugzilla

CVE-2010-2242 libvirt: improperly mapped source privileged ports may allow for obtaining privileged resources on the host↗2010-06-09

▶