CVE-2016-5008 Oracle Enterprise Linux Security Update for libvirt (ELSA-2016-2577)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for libvirt to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Sucessful exploitation of the vulnerability can allow an attacker to:

1)allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.

2)allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2577: Oracle Linux 7

0day

发表评论