CVE-2014-5177

{"id": "CVE-2014-5177", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-03T18:55:05.693", "references": [{"url": "http://libvirt.org/news.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00052.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0560.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/60895", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml", "source": "cve@mitre.org"}, {"url": "http://security.libvirt.org/2014/0003.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-2366-1", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors."}, {"lang": "es", "value": "libvirt 1.0.0 hasta 1.2.x anterior a 1.2.5, cuando el control de acceso detallado est\u00e1 habilitado, permite a usuarios locales leer ficheros arbitrarios a trav\u00e9s de un documento XML manipulado que contiene una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad en el m\u00e9todo API (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU o (19) virConnectBaselineCPU, relacionado con un problema de entidad externa XML (XXE). NOTA: este problema ha sido dividido (SPLIT) del CVE-2014-0179 por ADT3 debido a las diferentes versiones afectadas de algunos vectores."}], "lastModified": "2019-04-22T17:48:00.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "105130E9-D48E-4FB8-A715-E6438EC7E744"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E13A6AAE-BC1B-4CE1-B747-84F9C6B3FF73"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DDA1805-ED8A-44AA-96FF-E676D278CCFD"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD82EEA-279F-42CA-8F4C-A4D57EEBAB0D"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320C2182-DBCF-4564-940A-D12673C73543"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB635DBE-29F1-4055-A064-42539FC811C4"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67B77F63-C9AC-42D4-B9E2-4BBE196AC254"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3256288E-5A49-4DCD-AE30-6B4E21AEF970"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25E764AE-3B7C-4378-97C5-10E835511684"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49FEFFA5-371E-4B1D-AAAE-C71AEB79A4AF"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F982F65C-CBF9-4EE6-8FD6-C965141E42C9"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4BF8152-79A4-48C6-88EB-9D3FA7466844"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9E4DCDE-4D85-4339-99CB-70A464FA2EE9"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E03AF346-6F4E-4BEA-B29E-9C9C04148843"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54FAE380-0E7E-4468-A07B-5A9A3504F681"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB4B1021-4D01-4D86-AED4-0418F8839FD6"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "380686BB-7212-4285-BA00-B8EEAC6E1CC9"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A331072-326A-4E72-84E2-E0424E6DDE30"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB1666DD-AC49-477A-921C-8197F5EFECA6"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}