CVE-2019-10132 -- libvirt0Deprecated |
ID: oval:org.secpod.oval:def:1902013 | Date: (C)2019-06-07 (M)2023-11-10 |
Class: VULNERABILITY | Family: unix |
Insecure permissions for systemd socket for virtlockd/virtlogd The virtlockd-admin.socket and virtlogd-admin.socket unit files do not set the SocketMode parameter and thus create a world accessible UNIX domain socket. Furthermore the code fails to validate the identity of clients connecting to these sockets. An unprivileged user is able to connect to the virtlockd or virtlogd daemons and use the administrative RPC commands to elevate their privileges
Platform: |
Ubuntu 18.10 |
Ubuntu 19.04 |