libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
http://advisories.mageia.org/MGASA-2015-0046.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html
http://rhn.redhat.com/errata/RHSA-2015-0323.html
http://secunia.com/advisories/62766
http://security.libvirt.org/2015/0001.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:035
http://www.mandriva.com/security/advisories?name=MDVSA-2015:070
OR
AND
OR
cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:1.2.9:*:*:*:*:*:*:*
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
88560 | SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2016:0304-1) | Nessus | SuSE Local Security Checks | low |
87888 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : libvirt vulnerabilities (USN-2867-1) | Nessus | Ubuntu Local Security Checks | medium |
82368 | Mandriva Linux Security Advisory : libvirt (MDVSA-2015:115) | Nessus | Mandriva Local Security Checks | medium |
82323 | Mandriva Linux Security Advisory : libvirt (MDVSA-2015:070) | Nessus | Mandriva Local Security Checks | low |
82257 | Scientific Linux Security Update : libvirt on SL7.x x86_64 (20150305) | Nessus | Scientific Linux Local Security Checks | low |
81887 | CentOS 7 : libvirt (CESA-2015:0323) | Nessus | CentOS Local Security Checks | low |
81801 | Oracle Linux 7 : libvirt (ELSA-2015-0323) | Nessus | Oracle Linux Local Security Checks | low |
81628 | RHEL 7 : libvirt (RHSA-2015:0323) | Nessus | Red Hat Local Security Checks | low |
81392 | Fedora 20 : libvirt-1.1.3.9-1.fc20 (2015-1883) | Nessus | Fedora Local Security Checks | low |
81365 | Fedora 21 : libvirt-1.2.9.2-1.fc21 (2015-1892) | Nessus | Fedora Local Security Checks | medium |
81238 | openSUSE Security Update : libvirt (openSUSE-2015-112) | Nessus | SuSE Local Security Checks | low |
81235 | Mandriva Linux Security Advisory : libvirt (MDVSA-2015:035) | Nessus | Mandriva Local Security Checks | low |