漏洞类别:OEL
漏洞等级: 
漏洞信息
Oracle Enterprise Linux has released security update for libvirt to fix the vulnerabilities.
Affected Products:
Oracle Linux 7
漏洞危害
Sucessful exploitation of the vulnerability can allow an attacker to:
1)allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
2)allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
解决方案
To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论