Back to search
CVE-2010-3851
Published: Nov 4, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851.
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=643958
x_refsource_MISC
http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/
x_refsource_CONFIRM
[Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851
mailing-list
x_refsource_MLIST
FEDORA-2010-16835
vendor-advisory
x_refsource_FEDORA
FEDORA-2010-17202
vendor-advisory
x_refsource_FEDORA
ADV-2010-2963
vdb-entry
x_refsource_VUPEN
RHSA-2011:0586
vendor-advisory
x_refsource_REDHAT
44166
vdb-entry
x_refsource_BID
41797
third-party-advisory
x_refsource_SECUNIA
[Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk
mailing-list
x_refsource_MLIST
42235
third-party-advisory
x_refsource_SECUNIA
ADV-2010-2874
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now