Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 494072 (CVE-2013-4401)

Summary: <app-emulation/libvirt-1.1.3: Privilege escalation (CVE-2013-4401)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 17:31:04 UTC 
CVE-2013-4401 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4401):
  The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3
  checks for the connect:read permission instead of the connect:write
  permission, which allows attackers to gain domain:write privileges and
  execute Qemu binaries via crafted XML.  NOTE: some of these details are
  obtained from third party information.


Filing for tracking.
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-12-12 17:31:28 UTC 
Added to GLSA request.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-12-08 23:48:07 UTC 
This issue was resolved and addressed in
 GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).