Vulnerability Details : CVE-2010-2242
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
Exploit prediction scoring system (EPSS) score for CVE-2010-2242
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2242
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2010-2242
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2242
-
http://www.vupen.com/english/advisories/2010/2763
Webmail | OVH- OVH
-
http://ubuntu.com/usn/usn-1008-1
USN-1008-1: libvirt vulnerabilities | Ubuntu security notices
-
http://ubuntu.com/usn/usn-1008-3
USN-1008-3: libvirt update | Ubuntu security notices
-
http://www.vupen.com/english/advisories/2010/2062
Webmail | OVH- OVHVendor Advisory
-
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943
Bug #591943 “improperly mapped source privileged ports may allow...” : Bugs : libvirt package : Ubuntu
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
[SECURITY] Fedora 13 Update: libvirt-0.8.2-1.fc13
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:017
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
[SECURITY] Fedora 12 Update: libvirt-0.8.2-1.fc12
-
https://bugzilla.redhat.com/show_bug.cgi?id=602455
602455 – (CVE-2010-2242) CVE-2010-2242 libvirt: improperly mapped source privileged ports may allow for obtaining privileged resources on the host
-
http://libvirt.org/news.html
libvirt: ReleasesVendor Advisory
-
http://ubuntu.com/usn/usn-1008-2
USN-1008-2: Virtinst update | Ubuntu security notices
-
http://www.redhat.com/support/errata/RHSA-2010-0615.html
Support
Products affected by CVE-2010-2242
- cpe:2.3:a:libvirt:libvirt:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:libvirt:libvirt:0.6.0:*:*:*:*:*:*:*