libvirt: file disclosure vulnerabilities

Users of libvirt please be advised of a file disclosure vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

USN-1008-1: [USN-1008-1] libvirt file disclosure vulnerabilities
Details follow:

It was discovered that libvirt would probe disk backing stores without

consulting the defined format for the disk. A privileged attacker in the

guest could exploit this to read arbitrary files on the host. This issue

only affected Ubuntu 10.04 LTS. By default, guests are confined by an

AppArmor profile which provided partial protection against this flaw.

(CVE-2010-2237, CVE-2010-2238)

Read more at http://www.criticalwatch.com

 

Advertisements