Arbitrary Command Execution Vulnerability in libvirt's LXC Container Protection Mechanism

Arbitrary Command Execution Vulnerability in libvirt's LXC Container Protection Mechanism

CVE-2018-6764 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

Learn more about our User Device Pen Test.