CVE-2018-6764

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

References

Affected packages

Git / github.com/libvirt/libvirt

Affected ranges

Type

GIT

Repo

https://github.com/libvirt/libvirt

Events

Introduced

Last affected

5f6025945bf0f98debcd4ad8cf064e9cadca1cc9

Introduced

Last affected

21b0099b79eccb5e89cea037db6d58480ae02553

Introduced

Last affected

9160dfbfc513fe3ce06fb1ea7161926c390ea9f7

Introduced

Last affected

501563469e67ea54be4ec1b3b84d4f0405e90ea4

Introduced

Last affected

501563469e67ea54be4ec1b3b84d4f0405e90ea4

Introduced

Last affected

501563469e67ea54be4ec1b3b84d4f0405e90ea4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        }
    ]
}

Affected versions

Other

CVE-2008-5086

CVE-2010-2238

CVE-2010-2242

CVE-2011-1146

CVE-2011-1486

CVE-2011-2178

CVE-2012-3411

CVE-2012-3445

CVE-2012-4423

CVE-2013-0170

CVE-2013-1962

CVE-2013-2218

CVE-2013-2230

CVE-2013-4153

CVE-2013-4154

CVE-2013-4239

CVE-2013-4291

CVE-2013-4292

CVE-2013-4296

CVE-2013-4297

CVE-2013-4311

CVE-2013-4399

CVE-2013-4400-1

CVE-2013-4400-2

CVE-2013-4400-3

CVE-2013-4401

CVE-2013-5651

CVE-2013-6436

CVE-2013-6456

CVE-2013-6457

CVE-2013-6458-1

CVE-2013-6458-2

CVE-2013-6458-3

CVE-2013-6458-4

CVE-2013-7336

CVE-2014-0028

CVE-2014-0179

CVE-2014-1447-1

CVE-2014-1447-2

CVE-2014-3633

CVE-2014-3657

CVE-2014-7823

CVE-2014-8131

CVE-2014-8131-1

CVE-2014-8131-2

CVE-2014-8135

CVE-2014-8136

CVE-2015-0236

CVE-2015-0236-1

CVE-2015-0236-2

CVE-2015-5247-1

CVE-2015-5247-2

CVE-2015-5247-3

CVE-2015-5313

CVE-2016-5008

CVE-2017-1000256

CVE-2017-2635

CVE-2018-1064

CVE-2018-5748

CVE-2018-6764

CVE-2019-10132

CVE-2019-10161

CVE-2019-10166

CVE-2019-10167

CVE-2019-10168

CVE-2019-3886

CVE-2020-14339

CVE-2020-25637

CVE-2021-3631

CVE-2021-3667

LIBVIRT_0_0_3

LIBVIRT_0_0_4

LIBVIRT_0_0_5

LIBVIRT_0_1_0

LIBVIRT_0_1_1

LIBVIRT_0_1_10

LIBVIRT_0_1_11

LIBVIRT_0_1_3

LIBVIRT_0_1_4

LIBVIRT_0_1_6

LIBVIRT_0_1_7

LIBVIRT_0_1_8

LIBVIRT_0_1_9

LIBVIRT_0_2_0

LIBVIRT_0_2_1

LIBVIRT_0_2_2

LIBVIRT_0_3_0

LIBVIRT_0_3_1

LIBVIRT_0_3_2

LIBVIRT_0_3_3

LIBVIRT_0_4_1

LIBVIRT_0_4_2

LIBVIRT_0_4_4

LIBVIRT_0_4_6

LIBVIRT_0_5_0

LIBVIRT_0_5_1

LIBVIRT_0_6_0

LIBVIRT_0_6_1

LIBVIRT_0_6_2

LIBVIRT_0_6_3

LIBVIRT_0_6_4

LIBVIRT_0_6_5

LIBVIR_0_0_1

LIBVIR_0_0_2

LIVIRT_0_2_3

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.1.0

v0.1.1

v0.1.10

v0.1.11

v0.1.3

v0.1.4

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.10.0

v0.10.0-rc0

v0.10.0-rc1

v0.10.0-rc2

v0.10.1

v0.10.2

v0.10.2-rc1

v0.10.2-rc2

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.4.1

v0.4.2

v0.4.4

v0.4.6

v0.5.0

v0.5.1

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.9.0

v0.9.1

v0.9.10

v0.9.10-rc1

v0.9.10-rc2

v0.9.11

v0.9.11-rc1

v0.9.11-rc2

v0.9.12

v0.9.12-rc1

v0.9.12-rc2

v0.9.13

v0.9.13-rc1

v0.9.13-rc2

v0.9.2

v0.9.3

v0.9.3-rc1

v0.9.3-rc2

v0.9.4

v0.9.4-rc1

v0.9.4-rc2

v0.9.5

v0.9.5-rc1

v0.9.5-rc2

v0.9.5-rc3

v0.9.6

v0.9.7

v0.9.7-rc1

v0.9.8

v0.9.8-rc1

v0.9.8-rc2

v0.9.9

v0.9.9-rc1

v0.9.9-rc2

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.0.1

v1.0.1-rc1

v1.0.1-rc2

v1.0.2

v1.0.2-rc1

v1.0.2-rc2

v1.0.3

v1.0.3-rc1

v1.0.3-rc2

v1.0.4

v1.0.4-rc1

v1.0.4-rc2

v1.0.5

v1.0.5-rc1

v1.0.6

v1.0.6-rc1

v1.0.6-rc2

v1.1.0

v1.1.0-rc1

v1.1.0-rc2

v1.1.1

v1.1.1-rc1

v1.1.1-rc2

v1.1.2

v1.1.2-rc1

v1.1.2-rc2

v1.1.3

v1.1.3-rc1

v1.1.3-rc2

v1.1.4

v1.1.4-rc1

v1.1.4-rc2

v1.2.0

v1.2.0-rc1

v1.2.0-rc2

v1.2.1

v1.2.1-rc1

v1.2.1-rc2

v1.2.10

v1.2.10-rc1

v1.2.10-rc2

v1.2.11

v1.2.11-rc1

v1.2.11-rc2

v1.2.12

v1.2.12-rc1

v1.2.12-rc2

v1.2.13

v1.2.13-rc1

v1.2.13-rc2

v1.2.14

v1.2.14-rc1

v1.2.14-rc2

v1.2.15

v1.2.15-rc1

v1.2.15-rc2

v1.2.16

v1.2.16-rc1

v1.2.16-rc2

v1.2.17

v1.2.17-rc1

v1.2.17-rc2

v1.2.18

v1.2.18-rc1

v1.2.18-rc2

v1.2.19

v1.2.19-rc1

v1.2.19-rc2

v1.2.2

v1.2.2-rc1

v1.2.2-rc2

v1.2.20

v1.2.20-rc1

v1.2.20-rc2

v1.2.21

v1.2.21-rc1

v1.2.21-rc2

v1.2.3

v1.2.3-rc1

v1.2.3-rc2

v1.2.4

v1.2.4-rc1

v1.2.4-rc2

v1.2.5

v1.2.5-rc1

v1.2.5-rc2

v1.2.6

v1.2.6-rc1

v1.2.6-rc2

v1.2.7

v1.2.7-rc1

v1.2.7-rc2

v1.2.8

v1.2.8-rc1

v1.2.8-rc2

v1.2.9

v1.2.9-rc1

v1.2.9-rc2

v1.3.0

v1.3.0-rc1

v1.3.0-rc2

v1.3.1

v1.3.1-rc1

v1.3.1-rc2

v1.3.2

v1.3.2-rc1

v1.3.2-rc2

v1.3.3

v1.3.3-rc1

v1.3.3-rc2

v1.3.4

v1.3.4-rc1

v1.3.4-rc2

v1.3.5

v1.3.5-rc1

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.1.0

v2.1.0-rc1

v2.2.0

v2.2.0-rc1

v2.2.0-rc2

v2.3.0

v2.3.0-rc1

v2.3.0-rc2

v2.4.0

v2.4.0-rc1

v2.4.0-rc2

v2.5.0

v2.5.0-rc1

v2.5.0-rc2

v3.*

v3.0.0

v3.0.0-rc1

v3.0.0-rc2

v3.1.0

v3.1.0-rc1

v3.1.0-rc2

v3.10.0

v3.10.0-rc1

v3.10.0-rc2

v3.2.0

v3.2.0-rc1

v3.2.0-rc2

v3.3.0

v3.3.0-rc1

v3.3.0-rc2

v3.4.0

v3.4.0-rc1

v3.4.0-rc2

v3.5.0

v3.5.0-rc1

v3.5.0-rc2

v3.6.0

v3.6.0-rc1

v3.6.0-rc2

v3.7.0

v3.7.0-rc1

v3.7.0-rc2

v3.8.0

v3.8.0-rc1

v3.9.0

v3.9.0-rc1

v3.9.0-rc2

v4.*

v4.0.0

v4.0.0-rc1

v4.0.0-rc2

v4.1.0

v4.1.0-rc1

v4.1.0-rc2

v4.10.0

v4.10.0-rc1

v4.10.0-rc2

v4.2.0

v4.2.0-rc1

v4.2.0-rc2

v4.3.0

v4.3.0-rc1

v4.3.0-rc2

v4.4.0

v4.4.0-rc1

v4.4.0-rc2

v4.5.0

v4.5.0-rc1

v4.5.0-rc2

v4.6.0

v4.6.0-rc1

v4.6.0-rc2

v4.7.0

v4.7.0-rc1

v4.7.0-rc2

v4.8.0

v4.8.0-rc1

v4.8.0-rc2

v4.9.0

v4.9.0-rc1

v5.*

v5.0.0

v5.0.0-rc1

v5.0.0-rc2

v5.1.0

v5.1.0-rc1

v5.1.0-rc2

v5.10.0

v5.10.0-rc1

v5.10.0-rc2

v5.2.0

v5.2.0-rc1

v5.2.0-rc2

v5.3.0

v5.3.0-rc1

v5.3.0-rc2

v5.4.0

v5.4.0-rc1

v5.4.0-rc2

v5.5.0

v5.5.0-rc1

v5.5.0-rc2

v5.6.0

v5.6.0-rc1

v5.6.0-rc2

v5.7.0

v5.7.0-rc1

v5.7.0-rc2

v5.8.0

v5.8.0-rc1

v5.8.0-rc2

v5.9.0

v5.9.0-rc1

v6.*

v6.0.0

v6.0.0-rc1

v6.0.0-rc2

v6.1.0

v6.1.0-rc1

v6.1.0-rc2

v6.10.0

v6.10.0-rc1

v6.10.0-rc2

v6.2.0

v6.2.0-rc1

v6.3.0

v6.3.0-rc1

v6.4.0

v6.4.0-rc1

v6.5.0

v6.5.0-rc1

v6.5.0-rc2

v6.6.0

v6.6.0-rc1

v6.7.0

v6.7.0-rc1

v6.7.0-rc2

v6.8.0

v6.8.0-rc1

v6.8.0-rc2

v6.9.0

v6.9.0-rc1

v6.9.0-rc2

v7.*

v7.0.0

v7.0.0-rc1

v7.0.0-rc2

v7.1.0

v7.1.0-rc1

v7.1.0-rc2

v7.10.0

v7.10.0-rc1

v7.10.0-rc2

v7.2.0

v7.2.0-rc1

v7.2.0-rc2

v7.3.0

v7.3.0-rc1

v7.3.0-rc2

v7.4.0

v7.4.0-rc1

v7.4.0-rc2

v7.5.0

v7.5.0-rc1

v7.5.0-rc2

v7.6.0

v7.6.0-rc1

v7.6.0-rc2

v7.7.0

v7.7.0-rc1

v7.7.0-rc2

v7.8.0

v7.8.0-rc1

v7.8.0-rc2

v7.9.0

v7.9.0-rc1

v7.9.0-rc2

v8.*

v8.0.0

v8.0.0-rc1

v8.0.0-rc2

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "17.10"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6764.json"