libvirt XML External Entity CVE-2014-5177 Multiple Information Disclosure Vulnerabilities

Bugtraq ID:	69033
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2014-5177
Remote:	Yes
Local:	No
Published:	Apr 16 2014 12:00AM
Updated:	Dec 10 2014 12:55AM
Credit:	Daniel P. Berrange and Richard Jones.
Vulnerable:	Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Gentoo Linux
Not Vulnerable:

libvirt XML External Entity CVE-2014-5177 Multiple Information Disclosure Vulnerabilities

libvirt is prone to multiple information disclosure vulnerabilities.

Successfully exploiting these issues may allow an attacker to obtain sensitive information or cause denial of service. This may aid in further attacks.

libvirt 1.0.0 through 1.2.x prior to 1.2.5 are vulnerable.

libvirt XML External Entity CVE-2014-5177 Multiple Information Disclosure Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

libvirt XML External Entity CVE-2014-5177 Multiple Information Disclosure Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

libvirt XML External Entity CVE-2014-5177 Multiple Information Disclosure Vulnerabilities

References:

• libvirt Homepage (libvirt )
  
• libvirt News (libvirt)