github - ghsa-j4r2-c3hx-6f4x

ghsa-j4r2-c3hx-6f4x

Vulnerability from github

Published

2022-05-17 05:47

Modified

2022-05-17 05:47

Details

Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2242"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-19T18:00:00Z",
    "severity": "LOW"
  },
  "details": "Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.",
  "id": "GHSA-j4r2-c3hx-6f4x",
  "modified": "2022-05-17T05:47:08Z",
  "published": "2022-05-17T05:47:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2242"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=602455"
    },
    {
      "type": "WEB",
      "url": "http://libvirt.org/news.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1008-1"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1008-2"
    },
    {
      "type": "WEB",
      "url": "http://ubuntu.com/usn/usn-1008-3"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2062"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2763"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2010-2242

Vulnerability from cvelistv5

Published

2010-08-19 17:43

Modified

2024-08-07 02:25

Severity

Summary

References

URL	Tags
http://www.vupen.com/english/advisories/2010/2062	vdb-entry, x_refsource_VUPEN
http://libvirt.org/news.html	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html	vendor-advisory, x_refsource_FEDORA
http://ubuntu.com/usn/usn-1008-2	vendor-advisory, x_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html	vendor-advisory, x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2010-0615.html	vendor-advisory, x_refsource_REDHAT
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943	x_refsource_CONFIRM
http://ubuntu.com/usn/usn-1008-1	vendor-advisory, x_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=602455	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html	vendor-advisory, x_refsource_SUSE
http://ubuntu.com/usn/usn-1008-3	vendor-advisory, x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2010/2763	vdb-entry, x_refsource_VUPEN

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website