CVE - CVE-2015-5313

CVE-ID
CVE-2015-5313	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[libvirt] 20151211 [PATCH] CVE-2015-5313: storage: don't allow '/' in filesystem volume names URL:https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html CONFIRM:http://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7 CONFIRM:http://security.libvirt.org/2015/0004.html FEDORA:FEDORA-2015-30b347dff1 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174404.html GENTOO:GLSA-201612-10 URL:https://security.gentoo.org/glsa/201612-10 REDHAT:RHSA-2016:2577 URL:http://rhn.redhat.com/errata/RHSA-2016-2577.html BID:90913 URL:http://www.securityfocus.com/bid/90913
Assigning CNA
N/A
Date Entry Created
20150701	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150701)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org