CVE-2013-4291

medium

Description

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

References

http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fe11d34a6d46d6641ce90dc665164fda7bb6bff8

http://libvirt.org/news.html

http://wiki.libvirt.org/page/Maintenance_Releases

https://bugzilla.redhat.com/show_bug.cgi?id=1006509

Details

Source: MITRE

Published: 2013-09-30

Updated: 2013-10-01

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM