[Libguestfs] CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk
Richard W.M. Jones
rjones at redhat.com
Tue Oct 19 11:37:19 UTC 2010
(This bug was found by Matthew Booth during routine code review)
We found a security issue which affects libguestfs programs in some
circumstances. Since we don't pass the disk format through to qemu, a
malicious guest backed by raw-format storage might craft a qcow2
header into its own disk. QEmu would interpret this, and qcow2 offers
a wide range of features such as accessing arbitrary backing files
from the host, allowing the guest to read a host file (under rather
narrow conditions, see below).
All versions of virt-v2v are vulnerable. virt-inspector is vulnerable
for versions <= 1.5.3. Other programs that use libguestfs may be
vulnerable.
You should review the bug below carefully to find out if you could be
affected, particularly the Description and Comment 1:
https://bugzilla.redhat.com/show_bug.cgi?id=643958
A CVE has been allocated to this bug:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=+CVE-2010-3851
No fix is available at present, but we are working on one. In the
meantime, avoid using libguestfs / tools on:
- untrusted, malicious guests that use raw-format storage
- where you are running commands from these guests
(http://libguestfs.org/guestfs.3.html#running_commands)
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
More information about the Libguestfs
mailing list