Candidate: CVE-2008-5086
PublicDate: 2008-12-19 17:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5086
 https://ubuntu.com/security/notices/USN-694-1
Description:
 Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a
 connection is read-only, which allows local users to bypass intended access
 restrictions and perform administrative actions.
Ubuntu-Description: 
 It was discovered that libvirt did not mark certain operations as read-only. A
 local attacker may be able to perform privileged actions such as migrating
 virtual machines, adjusting autostart flags, or accessing privileged data in
 the virtual machine memory and disks. 
Notes: 
 jdstrand> should also be fixed in 0.5.1-4 in Debian experimental
Bugs: 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509106
Priority: medium
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_libvirt:
upstream_libvirt: released (0.4.6-10)
dapper_libvirt: DNE
gutsy_libvirt: released (0.3.0-0ubuntu2.1)
hardy_libvirt: released (0.4.0-2ubuntu8.1)
intrepid_libvirt: released (0.4.4-3ubuntu3.1)
devel_libvirt: released (0.4.6-5ubuntu2)