This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1
allows local users to (1) delete arbitrary host devices via the
virDomainDeviceDettach API and a symlink attack on /dev in the
container; (2) create arbitrary nodes (mknod) via the
virDomainDeviceAttach API and a symlink attack on /dev in the
container; and cause a denial of service (shutdown or reboot host OS)
via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink
attack on /dev/initctl in the container, related to paths under
/proc//root and the virInitctlSetRunLevel function (CVE-2013-6456).
libvirt was patched to prevent expansion of entities when parsing XML
files. This vulnerability allowed malicious users to read arbitrary
files or cause a denial of service (CVE-2014-0179).
The updated packages have been upgraded to the 18.104.22.168 version and
patched to correct these issues.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : false