Upstream information

CVE-2008-5086 at MITRE

Description

Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.2
Vector AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 459009 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • libvirt >= 0.7.6-1.9.8
  • libvirt-doc >= 0.7.6-1.9.8
  • libvirt-python >= 0.7.6-1.9.8
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA libvirt
SUSE Linux Enterprise Server 11 SP2
  • libvirt >= 0.9.6-0.13.42
  • libvirt-client >= 0.9.6-0.13.42
  • libvirt-client-32bit >= 0.9.6-0.13.42
  • libvirt-doc >= 0.9.6-0.13.42
  • libvirt-python >= 0.9.6-0.13.42
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA libvirt
SUSE Linux Enterprise Server 11 SP3
  • libvirt >= 1.0.5.1-0.7.10
  • libvirt-client >= 1.0.5.1-0.7.10
  • libvirt-client-32bit >= 1.0.5.1-0.7.10
  • libvirt-doc >= 1.0.5.1-0.7.10
  • libvirt-lock-sanlock >= 1.0.5.1-0.7.10
  • libvirt-python >= 1.0.5.1-0.7.10
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libvirt
SUSE Linux Enterprise Server 11 SP4
  • libvirt >= 1.2.5-3.76
  • libvirt-client >= 1.2.5-3.76
  • libvirt-client-32bit >= 1.2.5-3.76
  • libvirt-doc >= 1.2.5-3.76
  • libvirt-lock-sanlock >= 1.2.5-3.76
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libvirt
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libvirt-devel >= 1.2.5-3.76
  • libvirt-devel-32bit >= 1.2.5-3.76
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libvirt-devel
SUSE Linux Enterprise SDK 10 SP2
  • libvirt-devel >= 0.3.3-18.11
  • libvirt-python >= 0.3.3-18.11
sle10-sp2-sdk.x86-64
sled10-sp2.x86
sles10-sp2.x86-64
sled10-sp2.x86-64
sles10-sp2.x86
sles10-sp2-debuginfo.x86
sle10-sp2-sdk.x86
sles10-sp2-debuginfo.x86-64
ZYPP Patch Nr: 5869
openSUSE 11.0
  • libvirt-debuginfo >= 0.4.0-59.4
  • libvirt-debugsource >= 0.4.0-59.4
openSUSE 11.0
  • libvirt >= 0.4.0-59.4
  • libvirt-devel >= 0.4.0-59.4
  • libvirt-doc >= 0.4.0-59.4
  • libvirt-python >= 0.4.0-59.4
openSUSE 11.1
  • libvirt >= 0.4.6-11.2
  • libvirt-debuginfo >= 0.4.6-11.2
  • libvirt-debugsource >= 0.4.6-11.2
  • libvirt-devel >= 0.4.6-11.2
  • libvirt-doc >= 0.4.6-11.2
  • libvirt-python >= 0.4.6-11.2
openSUSE 11.1
  • libvirt >= 0.4.6-11.2
  • libvirt-devel >= 0.4.6-11.2
  • libvirt-doc >= 0.4.6-11.2
  • libvirt-python >= 0.4.6-11.2