Vulnerability Description
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libvirt | Libvirt | 0.2.0 |
Related Weaknesses (CWE)
References
- http://libvirt.org/news.htmlVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://ubuntu.com/usn/usn-1008-1
- http://ubuntu.com/usn/usn-1008-2
- http://ubuntu.com/usn/usn-1008-3
- http://www.redhat.com/support/errata/RHSA-2010-0615.html
- http://www.vupen.com/english/advisories/2010/2062Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2763
- https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943
- https://bugzilla.redhat.com/show_bug.cgi?id=602455
- http://libvirt.org/news.htmlVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
FAQ
What is CVE-2010-2242?
CVE-2010-2242 is a vulnerability with a CVSS score of 2.1 (LOW). Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP addres...
How severe is CVE-2010-2242?
CVE-2010-2242 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2242?
Check the references section above for vendor advisories and patch information. Affected products include: Libvirt Libvirt.