CVE-2010-2242

EUVD-2010-2254
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
libvirtlibvirt
0.2.0
libvirtlibvirt
0.2.1
libvirtlibvirt
0.2.2
libvirtlibvirt
0.2.3
libvirtlibvirt
0.3.0
libvirtlibvirt
0.3.1
libvirtlibvirt
0.3.2
libvirtlibvirt
0.3.3
libvirtlibvirt
0.4.0
libvirtlibvirt
0.4.1
libvirtlibvirt
0.4.2
libvirtlibvirt
0.4.3
libvirtlibvirt
0.4.4
libvirtlibvirt
0.4.6
libvirtlibvirt
0.5.0
libvirtlibvirt
0.5.1
libvirtlibvirt
0.6.0
libvirtlibvirt
0.6.1
libvirtlibvirt
0.6.2
libvirtlibvirt
0.6.3
libvirtlibvirt
0.6.4
libvirtlibvirt
0.6.5
libvirtlibvirt
0.7.0
libvirtlibvirt
0.7.1
libvirtlibvirt
0.7.2
libvirtlibvirt
0.7.3
libvirtlibvirt
0.7.4
libvirtlibvirt
0.7.5
libvirtlibvirt
0.7.6
libvirtlibvirt
0.7.7
libvirtlibvirt
0.8.0
libvirtlibvirt
0.8.1
libvirtlibvirt
0.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libvirt
bookworm
9.0.0-4+deb12u1
fixed
bullseye
7.0.0-3+deb11u3
fixed
sid
10.9.0-1
fixed
trixie
10.9.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libvirt
dapper
dne
hardy
Fixed 0.4.0-2ubuntu8.3
released
jaunty
Fixed 0.6.1-0ubuntu5.2
released
karmic
Fixed 0.7.0-1ubuntu13.2
released
lucid
Fixed 0.7.5-5ubuntu27.5
released
maverick
Fixed 0.8.3-1ubuntu8
released
Common Weakness Enumeration
References
http://libvirt.org/news.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://ubuntu.com/usn/usn-1008-1
http://ubuntu.com/usn/usn-1008-2
http://ubuntu.com/usn/usn-1008-3
http://www.redhat.com/support/errata/RHSA-2010-0615.html
http://www.vupen.com/english/advisories/2010/2062
http://www.vupen.com/english/advisories/2010/2763
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943
https://bugzilla.redhat.com/show_bug.cgi?id=602455
http://libvirt.org/news.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://ubuntu.com/usn/usn-1008-1
http://ubuntu.com/usn/usn-1008-2
http://ubuntu.com/usn/usn-1008-3
http://www.redhat.com/support/errata/RHSA-2010-0615.html
http://www.vupen.com/english/advisories/2010/2062
http://www.vupen.com/english/advisories/2010/2763
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943
https://bugzilla.redhat.com/show_bug.cgi?id=602455