CVE-2011-4600

MEDIUM

Canonical Ubuntu Linux - Improper Access Control

Title source: rule

Description

The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.

References (4)

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2867-1

[Various Sources] http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=ae1232b298323dd7bef909426e2ebafa6bca9157

[Vendor Advisory] http://libvirt.org/news-2012.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=760442

Scores

CVSS v3 5.9

EPSS 0.0031

EPSS Percentile 53.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-284

Status draft

Affected Products (5)

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

redhat/libvirt

Timeline

Published Apr 14, 2016

Tracked Since Feb 18, 2026