CVE-2011-4600

CWE-284Improper Access Control10 documents8 sources
Severity
5.9MEDIUM
EPSS
0.3%
top 46.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical Ubuntu LinuxRedhat Libvirt
Timeline
PublishedApr 14
Latest updateMay 17

Description

The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

Debianlibvirt< 0.9.9-1+3
Ubuntulibvirt< 1.2.2-0ubuntu13.1.16
NVDredhat/libvirt0.9.8

Also affects: Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

4
GHSA
GHSA-r2xr-35cg-68vv: The networkReloadIptablesRules function in network/bridge_driver2022-05-17
OSV
CVE-2011-4600: The networkReloadIptablesRules function in network/bridge_driver2016-04-14
CVEList
CVE-2011-4600: The networkReloadIptablesRules function in network/bridge_driver2016-04-14
OSV
libvirt vulnerabilities2016-01-12

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities2016-01-12
Red Hat
libvirt: unintended firewall port exposure after restarting libvirtd when defining a bridged forward-mode network2011-12-09
Debian
CVE-2011-4600: libvirt - The networkReloadIptablesRules function in network/bridge_driver.c in libvirt be...2011

💬Community

2
Bugzilla
CVE-2011-4600 libvirt: unintended firewall port exposure after restarting libvirtd when defining a bridged forward-mode network [fedora-16]2011-12-10
Bugzilla
CVE-2011-4600 libvirt: unintended firewall port exposure after restarting libvirtd when defining a bridged forward-mode network2011-12-09
CVE-2011-4600 (MEDIUM CVSS 5.9) | The networkReloadIptablesRules func | cvebase.io