| CVE-2013-6456 | Date: (C)2014-04-16 (M)2023-12-22 |
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V2 Severity: |
| CVSS Score : 5.8 |
| Exploit Score: 4.4 |
| Impact Score: 7.8 |
| |
| CVSS V2 Metrics: |
| Access Vector: ADJACENT_NETWORK |
| Access Complexity: MEDIUM |
| Authentication: SINGLE |
| Confidentiality: NONE |
| Integrity: PARTIAL |
| Availability: COMPLETE |
| | |
