Launchpad CVE tracker

CVE 2010-2242

Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.

Related bugs and status

CVE-2010-2242 (Candidate) is related to these bugs:

Bug #578527: map serial port throws "chardev: opening backend "tty" failed"

		In	Importance	Status
578527	map serial port throws "chardev: opening backend "tty" failed"	libvirt (Ubuntu)	Low	Fix Released
578527	map serial port throws "chardev: opening backend "tty" failed"	libvirt	Medium	Won't Fix
578527	map serial port throws "chardev: opening backend "tty" failed"	libvirt (Ubuntu Lucid)	Low	Won't Fix
578527	map serial port throws "chardev: opening backend "tty" failed"	libvirt (Ubuntu Maverick)	Low	Fix Released

Bug #585964: VMs won't start after purging apparmor

Summary				In	Importance	Status
	585964	VMs won't start after purging apparmor		libvirt (Ubuntu)	Low	Fix Released

Bug #588369: can't disable AppArmor via qemu.conf

Summary				In	Importance	Status
	588369	can't disable AppArmor via qemu.conf		libvirt (Ubuntu)	Low	Fix Released

Bug #609055: problems with using parallel port

Summary				In	Importance	Status
	609055	problems with using parallel port		libvirt (Ubuntu)	Undecided	Fix Released

Bug #613549: does not support cloning vm storage on lvm backend

Summary				In	Importance	Status
	613549	does not support cloning vm storage on lvm backend		libvirt (Ubuntu)	Low	Fix Released
	613549	does not support cloning vm storage on lvm backend		virt-manager (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2242

References