CVE-2015-0236

NONE EPSS 75.8%
Published Jan 29, 201511y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 29, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.

Threat Intelligence

EPSS Exploit Probability
75.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 23

VendorProductVersionRange
mageiamageia4.0any
redhatlibvirt* ≤1.2.11
redhatlibvirt1.2.0any
redhatlibvirt1.2.1any
redhatlibvirt1.2.2any
redhatlibvirt1.2.3any
redhatlibvirt1.2.4any
redhatlibvirt1.2.5any
redhatlibvirt1.2.6any
redhatlibvirt1.2.7any
redhatlibvirt1.2.8any
redhatlibvirt1.2.9any
redhatlibvirt1.2.10any
opensuseopensuse13.1any
opensuseopensuse13.2any
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
canonicalubuntu_linux15.04any
canonicalubuntu_linux15.10any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_hpc_node7.0any
redhatenterprise_linux_server7.0any
redhatenterprise_linux_workstation7.0any

References 8

  • advisories.mageia.org http://advisories.mageia.org/MGASA-2015-0046.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-0323.html
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/62766
  • security.libvirt.org http://security.libvirt.org/2015/0001.html
    PatchVendor Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:035
    Broken Link
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:070
    Broken Link
  • ubuntu.com http://www.ubuntu.com/usn/USN-2867-1
    Third Party Advisory

Remediation