| Name | CVE-2015-5313 |
| Description | Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 808273 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| libvirt (PTS) | bullseye | 7.0.0-3+deb11u3 | fixed |
| bookworm | 9.0.0-4+deb12u2 | fixed | |
| trixie | 11.3.0-3+deb13u1 | fixed | |
| sid, forky | 11.9.0-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| libvirt | source | squeeze | (not affected) | |||
| libvirt | source | wheezy | (not affected) | |||
| libvirt | source | jessie | 1.2.9-9+deb8u2 | |||
| libvirt | source | (unstable) | 1.3.0-1 | 808273 |
[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7
Broken by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c930410bebae0a45889b992a7932c663b06cbbcd (v1.1.0-rc1)
http://security.libvirt.org/2015/0004.html