Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 10 Mar 2011 15:04:35 -0500 (EST)
From: Josh Bressers <>
To:, Petr Matousek <>
Subject: Re: CVE request: libvirt: several API calls do not
 honour read-only connection

----- Original Message -----
> "It has been found that several libvirt API calls
> (virNodeDeviceDettach,
> virNodeDeviceReset, virDomainRevertToSnapshot,
> virDomainSnapshotDelete) did not
> honour read-only connection. Remote attacker could use this flaw to
> crash the
> host server (DoS)."
> Reference:

This should only need one ID.

Please use CVE-2011-1146



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ