CVE-2018-6764

Impact:
Moderate
Public Date:
2018-02-05
CWE:
CWE-179
Bugzilla:
1541444: CVE-2018-6764 libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init

The MITRE CVE dictionary describes this issue as:

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

Find out more about CVE-2018-6764 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (libvirt) RHSA-2018:3113 2018-10-30

Affected Packages State

Platform Package State
Red Hat Gluster Storage 3 libvirt Not affected
Red Hat Enterprise Linux 8 libvirt Not affected
Red Hat Enterprise Linux 6 libvirt Not affected
Red Hat Enterprise Linux 5 libvirt Not affected
Last Modified

CVE description copyright © 2017, The MITRE Corporation