[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2019-10132 -- libvirt0

Deprecated
ID: oval:org.secpod.oval:def:1902013Date: (C)2019-06-07   (M)2023-11-10
Class: VULNERABILITYFamily: unix




Insecure permissions for systemd socket for virtlockd/virtlogd The virtlockd-admin.socket and virtlogd-admin.socket unit files do not set the SocketMode parameter and thus create a world accessible UNIX domain socket. Furthermore the code fails to validate the identity of clients connecting to these sockets. An unprivileged user is able to connect to the virtlockd or virtlogd daemons and use the administrative RPC commands to elevate their privileges

Platform:
Ubuntu 18.10
Ubuntu 19.04
Product:
libvirt0
Reference:
CVE-2019-10132
CVE    1
CVE-2019-10132
CPE    3
cpe:/o:ubuntu:ubuntu_linux:18.10
cpe:/o:ubuntu:ubuntu_linux:19.04
cpe:/a:redhat:libvirt:0

© SecPod Technologies