CVE-2015-5313

Priority
Description
Directory traversal vulnerability in the
virStorageBackendFileSystemVolCreate function in
storage/storage_backend_fs.c in libvirt, when fine-grained Access Control
Lists (ACL) are in effect, allows local users with storage_vol:create ACL
but not domain:write permission to write to arbitrary files via a .. (dot
dot) in a volume name.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (1.2.2-0ubuntu13.1.16)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.21-2ubuntu5)
Patches:
Upstream:https://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7
More Information

Updated: 2019-12-05 18:42:22 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)