Upstream information
Description
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
National Vulnerability Database | |
---|---|
Base Score | 5.9 |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | None |
Integrity Impact | High |
Availability Impact | None |
CVSSv3 Version | 3 |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA libvirt-devel-1.2.5-3.76 |
SUSE Linux Enterprise Desktop 12 SP1 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA libvirt-1.2.18.1-4.22 SUSE Linux Enterprise Software Development Kit 12 SP1 GA libvirt-devel-1.2.18.1-4.22 SUSE Linux Enterprise Workstation Extension 12 SP1 GA libvirt-client-32bit-1.2.18.1-4.22 |
SUSE Linux Enterprise Desktop 12 SP2 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA libvirt-2.0.0-26.2 SUSE Linux Enterprise Software Development Kit 12 SP2 GA libvirt-devel-2.0.0-26.2 SUSE Linux Enterprise Workstation Extension 12 SP2 GA libvirt-client-32bit-2.0.0-26.2 |
SUSE Linux Enterprise Desktop 12 SP3 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP3 GA libvirt-3.3.0-4.28 SUSE Linux Enterprise Software Development Kit 12 SP3 GA libvirt-devel-3.3.0-4.28 |
SUSE Linux Enterprise Desktop 12 SP4 |
| Patchnames: SUSE Linux Enterprise Desktop 12 SP4 GA libvirt-4.0.0-6.13 SUSE Linux Enterprise Software Development Kit 12 SP4 GA libvirt-devel-4.0.0-6.13 |
SUSE Linux Enterprise Desktop 12 |
| Patchnames: SUSE Linux Enterprise Desktop 12 GA libvirt-1.2.5-13.3 SUSE Linux Enterprise Software Development Kit 12 GA libvirt-devel-1.2.5-13.3 SUSE Linux Enterprise Workstation Extension 12 GA libvirt-client-32bit-1.2.5-13.3 |
SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Module for Basesystem 15 |
| Patchnames: SUSE Linux Enterprise Module for Basesystem 15 GA libvirt-libs-4.0.0-7.4 |
SUSE Linux Enterprise High Performance Computing 12 SP5 |
| Patchnames: SUSE Linux Enterprise High Performance Computing 12 SP5 GA libvirt-5.1.0-11.10 |
SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 |
| Patchnames: SUSE Linux Enterprise Module for Basesystem 15 GA libvirt-libs-4.0.0-7.4 SUSE Linux Enterprise Module for Server Applications 15 GA libvirt-4.0.0-7.4 |
SUSE Linux Enterprise Module for Server Applications 15 |
| Patchnames: SUSE Linux Enterprise Module for Server Applications 15 GA libvirt-4.0.0-7.4 |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA libvirt-0.9.6-0.13.42 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA libvirt-1.0.5.1-0.7.10 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA libvirt-1.2.5-3.76 SUSE Linux Enterprise Software Development Kit 11 SP4 GA libvirt-devel-1.2.5-3.76 |
SUSE Linux Enterprise Server 12 SP1 |
| Patchnames: SUSE Linux Enterprise Server 12 SP1 GA libvirt-1.2.18.1-4.22 SUSE Linux Enterprise Software Development Kit 12 SP1 GA libvirt-devel-1.2.18.1-4.22 SUSE Linux Enterprise Workstation Extension 12 SP1 GA libvirt-client-32bit-1.2.18.1-4.22 |
SUSE Linux Enterprise Server 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server 12 SP2 GA libvirt-2.0.0-26.2 SUSE Linux Enterprise Software Development Kit 12 SP2 GA libvirt-devel-2.0.0-26.2 SUSE Linux Enterprise Workstation Extension 12 SP2 GA libvirt-client-32bit-2.0.0-26.2 |
SUSE Linux Enterprise Server 12 SP3 |
| Patchnames: SUSE Linux Enterprise Server 12 SP3 GA libvirt-3.3.0-4.28 SUSE Linux Enterprise Software Development Kit 12 SP3 GA libvirt-devel-3.3.0-4.28 |
SUSE Linux Enterprise Server 12 SP4 |
| Patchnames: SUSE Linux Enterprise Server 12 SP4 GA libvirt-4.0.0-6.13 SUSE Linux Enterprise Software Development Kit 12 SP4 GA libvirt-devel-4.0.0-6.13 |
SUSE Linux Enterprise Server 12 SP5 |
| Patchnames: SUSE Linux Enterprise Server 12 SP5 GA libvirt-5.1.0-11.10 SUSE Linux Enterprise Software Development Kit 12 SP5 GA libvirt-devel-5.1.0-11.10 |
SUSE Linux Enterprise Server 12 |
| Patchnames: SUSE Linux Enterprise Server 12 GA libvirt-1.2.5-13.1 SUSE Linux Enterprise Software Development Kit 12 GA libvirt-devel-1.2.5-13.3 SUSE Linux Enterprise Workstation Extension 12 GA libvirt-client-32bit-1.2.5-13.3 |
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 |
| Patchnames: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libvirt-2.0.0-26.2 |
SUSE Linux Enterprise Server for SAP Applications 12 SP1 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA libvirt-devel-1.2.18.1-4.22 SUSE Linux Enterprise Workstation Extension 12 SP1 GA libvirt-client-32bit-1.2.18.1-4.22 |
SUSE Linux Enterprise Server for SAP Applications 12 SP2 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA libvirt-devel-2.0.0-26.2 SUSE Linux Enterprise Workstation Extension 12 SP2 GA libvirt-client-32bit-2.0.0-26.2 |
SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA libvirt-devel-3.3.0-4.28 |
SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP4 GA libvirt-devel-4.0.0-6.13 |
SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP5 GA libvirt-devel-5.1.0-11.10 |
SUSE Linux Enterprise Server for SAP Applications 12 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 GA libvirt-devel-1.2.5-13.3 SUSE Linux Enterprise Workstation Extension 12 GA libvirt-client-32bit-1.2.5-13.3 |
SUSE Linux Enterprise Software Development Kit 12 SP1 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA libvirt-devel-1.2.18.1-4.22 |
SUSE Linux Enterprise Software Development Kit 12 SP2 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA libvirt-devel-2.0.0-26.2 |
SUSE Linux Enterprise Software Development Kit 12 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 12 GA libvirt-devel-1.2.5-13.3 |
SUSE Linux Enterprise Workstation Extension 12 SP1 |
| Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP1 GA libvirt-client-32bit-1.2.18.1-4.22 |
SUSE Linux Enterprise Workstation Extension 12 SP2 |
| Patchnames: SUSE Linux Enterprise Workstation Extension 12 SP2 GA libvirt-client-32bit-2.0.0-26.2 |
SUSE Linux Enterprise Workstation Extension 12 |
| Patchnames: SUSE Linux Enterprise Workstation Extension 12 GA libvirt-client-32bit-1.2.5-13.3 |
openSUSE Leap 15.0 |
| Patchnames: openSUSE Leap 15.0 GA libvirt-client-4.0.0-lp150.6.18 |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA libvirt-2.5.0-1.1 |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 19:21:20 2013CVE page last modified: Mon Feb 13 11:35:53 2023