CVE-2011-4600

MEDIUM

Canonical Ubuntu Linux - Improper Access Control

Title source: rule
STIX 2.1

Description

The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query.

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2867-1
Vendor Advisory x_refsource_confirm
http://libvirt.org/news-2012.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=760442

Scores

CVSS v3 5.9
EPSS 0.0178
EPSS Percentile 75.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-284
Status published
Products (5)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.04
canonical/ubuntu_linux 15.10
redhat/libvirt 0.9.8
Published Apr 14, 2016
Tracked Since Feb 18, 2026