CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-4291

The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.0%

CVSS Severity

CVSS v2 Score 6.9

References

http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8
http://libvirt.org/news.html
http://wiki.libvirt.org/page/Maintenance_Releases
https://bugzilla.redhat.com/show_bug.cgi?id=1006509
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8
http://libvirt.org/news.html
http://wiki.libvirt.org/page/Maintenance_Releases
https://bugzilla.redhat.com/show_bug.cgi?id=1006509

Products affected by CVE-2013-4291

Redhat » Libvirt » Version: 0.10.2.7

cpe:2.3:a:redhat:libvirt:0.10.2.7
Redhat » Libvirt » Version: 1.0.5.5

cpe:2.3:a:redhat:libvirt:1.0.5.5
Redhat » Libvirt » Version: 1.1.1

cpe:2.3:a:redhat:libvirt:1.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-4291

Products

Pricing

Contact Us