QwikSec

Security Database

CVE

CWE

Training

CVE-2013-6456

Published: Apr 15, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://libvirt.org/news.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=5fc590ad9f4

x_refsource_CONFIRM

openSUSE-SU-2014:0593

vendor-advisory

x_refsource_SUSE

http://security.libvirt.org/2013/0018.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1045643

x_refsource_CONFIRM

FEDORA-2014-2864

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_BID

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.