CVE-2010-2242

Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
libvirtlibvirt
0.2.0
libvirtlibvirt
0.2.1
libvirtlibvirt
0.2.2
libvirtlibvirt
0.2.3
libvirtlibvirt
0.3.0
libvirtlibvirt
0.3.1
libvirtlibvirt
0.3.2
libvirtlibvirt
0.3.3
libvirtlibvirt
0.4.0
libvirtlibvirt
0.4.1
libvirtlibvirt
0.4.2
libvirtlibvirt
0.4.3
libvirtlibvirt
0.4.4
libvirtlibvirt
0.4.6
libvirtlibvirt
0.5.0
libvirtlibvirt
0.5.1
libvirtlibvirt
0.6.0
libvirtlibvirt
0.6.1
libvirtlibvirt
0.6.2
libvirtlibvirt
0.6.3
libvirtlibvirt
0.6.4
libvirtlibvirt
0.6.5
libvirtlibvirt
0.7.0
libvirtlibvirt
0.7.1
libvirtlibvirt
0.7.2
libvirtlibvirt
0.7.3
libvirtlibvirt
0.7.4
libvirtlibvirt
0.7.5
libvirtlibvirt
0.7.6
libvirtlibvirt
0.7.7
libvirtlibvirt
0.8.0
libvirtlibvirt
0.8.1
libvirtlibvirt
0.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bullseye
7.0.0-3+deb11u3
fixed
bookworm
9.0.0-4+deb12u1
fixed
sid
10.9.0-1
fixed
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
maverick
Fixed 0.8.3-1ubuntu8
released
lucid
Fixed 0.7.5-5ubuntu27.5
released
karmic
Fixed 0.7.0-1ubuntu13.2
released
jaunty
Fixed 0.6.1-0ubuntu5.2
released
hardy
Fixed 0.4.0-2ubuntu8.3
released
dapper
dne
Common Weakness Enumeration
References
http://libvirt.org/news.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://ubuntu.com/usn/usn-1008-1
http://ubuntu.com/usn/usn-1008-2
http://ubuntu.com/usn/usn-1008-3
http://www.redhat.com/support/errata/RHSA-2010-0615.html
http://www.vupen.com/english/advisories/2010/2062
http://www.vupen.com/english/advisories/2010/2763
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943
https://bugzilla.redhat.com/show_bug.cgi?id=602455
http://libvirt.org/news.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://ubuntu.com/usn/usn-1008-1
http://ubuntu.com/usn/usn-1008-2
http://ubuntu.com/usn/usn-1008-3
http://www.redhat.com/support/errata/RHSA-2010-0615.html
http://www.vupen.com/english/advisories/2010/2062
http://www.vupen.com/english/advisories/2010/2763
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943
https://bugzilla.redhat.com/show_bug.cgi?id=602455