Vulnerability Details : CVE-2010-2239
Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2010-2239
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2239
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:S/C:C/I:N/A:N |
2.7
|
6.9
|
NIST |
CWE ids for CVE-2010-2239
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2239
-
http://www.vupen.com/english/advisories/2010/2763
Webmail | OVH- OVH
-
http://ubuntu.com/usn/usn-1008-1
USN-1008-1: libvirt vulnerabilities | Ubuntu security notices
-
http://ubuntu.com/usn/usn-1008-3
USN-1008-3: libvirt update | Ubuntu security notices
-
http://www.vupen.com/english/advisories/2010/2062
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
[SECURITY] Fedora 13 Update: libvirt-0.8.2-1.fc13
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:017
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
[SECURITY] Fedora 12 Update: libvirt-0.8.2-1.fc12
-
https://bugzilla.redhat.com/show_bug.cgi?id=607812
607812 – (CVE-2010-2239) CVE-2010-2239 libvirt: not setting user defined backing store format when creating new image
-
http://libvirt.org/news.html
libvirt: ReleasesVendor Advisory
-
http://ubuntu.com/usn/usn-1008-2
USN-1008-2: Virtinst update | Ubuntu security notices
-
http://www.redhat.com/support/errata/RHSA-2010-0615.html
Support
Products affected by CVE-2010-2239
- cpe:2.3:a:libvirt:libvirt:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.0:*:*:*:*:*:*:*