Vulnerability Name:

CVE-2016-10746 (CCN-163579)

Assigned:2016-01-11
Published:2016-01-11
Updated:2019-05-01
Summary:libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-254
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2016-10746

Source: XF
Type: UNKNOWN
libvirt-cve201610746-sec-bypass(163579)

Source: CCN
Type: libvirt GIT Repository
virDomainGetTime: Deny on RO connections

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/libvirt/libvirt/commit/506e9d6c2d4baaf580d489fff0690c0ff2ff588f

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/libvirt/libvirt/compare/11288f5...8fd6867

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20190430 [SECURITY] [DLA 1772-1] libvirt security update

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-10746

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redhat:libvirt:*:*:*:*:*:*:*:* (Version < 1.3.1)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:redhat:libvirt:1.3.0:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:201610746
    V
    		CVE-2016-10746
    2022-09-02
    oval:org.opensuse.security:def:31373
    P
    		Security update for net-snmp (Important)
    2022-01-05
    oval:org.opensuse.security:def:31334
    P
    		Security update for log4j (Important)
    2021-12-17
    oval:org.opensuse.security:def:31285
    P
    		Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:35269
    P
    		Security update for python-reportlab (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:31229
    P
    		Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:36166
    P
    		krb5-doc-1.6.3-133.49.66.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36125
    P
    		file-32bit-4.24-43.27.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32076
    P
    		Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-04-28
    oval:org.opensuse.security:def:34644
    P
    		Security update for grub2 (Important)
    2021-03-02
    oval:org.opensuse.security:def:34633
    P
    		Security update for tomcat (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:34632
    P
    		Security update for ImageMagick (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:32114
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:35020
    P
    		Security update for gstreamer-0_10-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30708
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31394
    P
    		Security update for patch (Important)
    2020-12-01
    oval:org.opensuse.security:def:30930
    P
    		Security update for ghostscript-library (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35377
    P
    		Security update for libtasn1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31074
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:34728
    P
    		Security update for ImageMagick (Low)
    2020-12-01
    oval:org.opensuse.security:def:30622
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:35443
    P
    		Security update for pam (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34963
    P
    		Security update for freetype2
    2020-12-01
    oval:org.opensuse.security:def:30634
    P
    		Security update for Xen
    2020-12-01
    oval:org.opensuse.security:def:35110
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:30840
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31438
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35328
    P
    		Security update for microcode_ctl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30987
    P
    		Security update for ipsec-tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35416
    P
    		Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34864
    P
    		Security update for clamav (Important)
    2020-12-01
    oval:org.opensuse.security:def:30623
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:35487
    P
    		Security update for php53 (Important)
    2020-12-01
    oval:com.ubuntu.cosmic:def:201610746000
    V
    		CVE-2016-10746 on Ubuntu 18.10 (cosmic) - medium.
    2019-04-18
    oval:com.ubuntu.cosmic:def:2016107460000000
    V
    		CVE-2016-10746 on Ubuntu 18.10 (cosmic) - medium.
    2019-04-18
    oval:com.ubuntu.bionic:def:201610746000
    V
    		CVE-2016-10746 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-04-18
    oval:com.ubuntu.bionic:def:2016107460000000
    V
    		CVE-2016-10746 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-04-18
    oval:com.ubuntu.xenial:def:201610746000
    V
    		CVE-2016-10746 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-04-18
    oval:com.ubuntu.xenial:def:2016107460000000
    V
    		CVE-2016-10746 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-04-18
    oval:com.ubuntu.trusty:def:201610746000
    V
    		CVE-2016-10746 on Ubuntu 14.04 LTS (trusty) - medium.
    2019-04-18
    BACK
    redhat libvirt *
    debian debian linux 8.0
    redhat libvirt 1.3.0 -