Unrated severityNVD Advisory· Published Feb 23, 2018· Updated Aug 5, 2024
CVE-2018-6764
CVE-2018-6764
Description
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
Affected products
13- osv-coords13 versionspkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/virt-manager&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/virt-manager&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/virt-manager&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 2.0.0-27.34.1+ 12 more
- (no CPE)range: < 2.0.0-27.34.1
- (no CPE)range: < 3.3.0-5.19.2
- (no CPE)range: < 2.0.0-27.34.1
- (no CPE)range: < 3.3.0-5.19.2
- (no CPE)range: < 2.0.0-27.34.1
- (no CPE)range: < 2.0.0-27.34.1
- (no CPE)range: < 3.3.0-5.19.2
- (no CPE)range: < 2.0.0-27.34.1
- (no CPE)range: < 3.3.0-5.19.2
- (no CPE)range: < 2.0.0-27.34.1
- (no CPE)range: < 1.4.1-5.8.1
- (no CPE)range: < 1.4.1-5.8.1
- (no CPE)range: < 1.4.1-5.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.ubuntu.com/usn/USN-3576-1mitrevendor-advisoryx_refsource_UBUNTU
- access.redhat.com/errata/RHSA-2018:3113mitrevendor-advisoryx_refsource_REDHAT
- www.debian.org/security/2018/dsa-4137mitrevendor-advisoryx_refsource_DEBIAN
- www.redhat.com/archives/libvir-list/2018-February/msg00239.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.