1
PublicDateAtUSN: 2013-11-02
2
Candidate: CVE-2013-4401
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4401
6
https://usn.ubuntu.com/usn/usn-2026-1
8
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3
9
checks for the connect:read permission instead of the connect:write
10
permission, which allows attackers to gain domain:write privileges and
11
execute Qemu binaries via crafted XML. NOTE: some of these details are
12
obtained from third party information.
15
mdeslaur> introduced in 1.1.0
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727101
18
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4401
19
https://bugzilla.redhat.com/show_bug.cgi?id=1012196
25
upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
26
upstream_libvirt: needs-triage
27
lucid_libvirt: not-affected
28
precise_libvirt: not-affected
29
quantal_libvirt: not-affected
30
raring_libvirt: not-affected (1.0.2-0ubuntu11.13.04.4)
31
saucy_libvirt: released (1.1.1-0ubuntu8.1)
32
devel_libvirt: released (1.1.4-0ubuntu1)