[Libvirt-announce] LSN-2019-0006: virConnectGetDomainCapabilities does not check for read-only connection
Ján Tomko
jtomko at redhat.com
Mon Jun 24 12:35:02 UTC 2019
Libvirt Security Notice: LSN-2019-0006
======================================
Summary: virConnectGetDomainCapabilities does not check for
read-only connection
Reported on: 20190604
Published on: 20190620
Fixed on: 20190620
Reported by: Ján Tomko <jtomko at redhat.com>
Patched by: Ján Tomko <jtomko at redhat.com>
See also: CVE-2019-10167
Description
-----------
The virConnectGetDomainCapabilities API reports the domain
capabilities XML without checking for a read-only connection. This
allows unprivileged users to execute arbitrary binaries with
elevated privileges.
Impact
------
The default libvirt configuration allows all local user accounts
read-only access to the libvirtd daemon. Any local user can provide
an arbitrary emulator, executing arbitrary binaries as the
configured QEMU user. Since v5.1.0, the emulator binary is run with
CAP_DAC_OVERRIDE, essentially having root privileges.
Workaround
----------
Edit the /etc/libvirt/libvirtd.conf configuration file, to set the
'unix_sock_ro_perms = "0700"' to prevent local users from connecting
to libvirt. Alternatively setup a policy kit rule to prevent them
access without first authenticating as root.
Affected product
----------------
Name: libvirt
Repository: git://libvirt.org/git/libvirt.git
http://libvirt.org/git/?p=libvirt.git
Branch: master
Broken in: v1.2.19
Broken in: v1.2.20
Broken in: v1.2.21
Broken in: v1.3.0
Broken in: v1.3.1
Broken in: v1.3.2
Broken in: v1.3.3
Broken in: v1.3.4
Broken in: v1.3.5
Broken in: v2.0.0
Broken in: v2.1.0
Broken in: v2.2.0
Broken in: v2.3.0
Broken in: v2.4.0
Broken in: v2.5.0
Broken in: v3.0.0
Broken in: v3.1.0
Broken in: v3.2.0
Broken in: v3.3.0
Broken in: v3.4.0
Broken in: v3.5.0
Broken in: v3.6.0
Broken in: v3.7.0
Broken in: v3.8.0
Broken in: v3.9.0
Broken in: v3.10.0
Broken in: v4.0.0
Broken in: v4.1.0
Broken in: v4.2.0
Broken in: v4.3.0
Broken in: v4.4.0
Broken in: v4.5.0
Broken in: v4.6.0
Broken in: v4.7.0
Broken in: v4.8.0
Broken in: v4.9.0
Broken in: v4.10.0
Broken in: v5.0.0
Broken in: v5.1.0
Broken in: v5.2.0
Broken in: v5.3.0
Broken in: v5.4.0
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 8afa68bac0cf99d1f8aaa6566685c43c22622f26
Branch: v1.2.19-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 7d3b95b03880c8ade5f908dcb3d3c8b2d8e82a8f
Branch: v1.2.20-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: c5cc88c32320d46f27521aac69027baa3d426ff2
Branch: v1.2.21-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: badcb3662a5b28d3ed01c8ceff496e6197d12e3c
Branch: v1.3.0-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 6ba6bb236a7e293007eb21013d69f42dd1fb21c8
Branch: v1.3.1-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: be5d96d547ec54bc35e5eab6472ec900184ae837
Branch: v1.3.2-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: e433008df4867b43085961a0f8181ac9401e707b
Branch: v1.3.3-maint
Broken in: v1.3.3.1
Broken in: v1.3.3.2
Broken in: v1.3.3.3
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: a663e28410aa853675b8b090a1ffafa7c8711ead
Branch: v1.3.4-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: ab728b5658b307bcde90cf9e9d2e9c2cfb3e9de0
Branch: v1.3.5-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 5632ca00ef8b75ce600ebb7255d392339c07b967
Branch: v2.0-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 1e51b78a92fa2b381a5741599f4909c2516c0481
Branch: v2.1-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: e322b6f73dc2fb5eaab14406cc786361d17ffdc3
Branch: v2.2-maint
Broken in: v2.2.1
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: c97b296cf8b336ed1a3260af8c8bd79746cb2971
Branch: v3.0-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: bfea7de821a224782253061309e5005486b1b2f6
Branch: v3.2-maint
Broken in: v3.2.1
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 452fa3ae558bc842a88753fcdf0d1141a2fd212c
Branch: v3.7-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: d47a396e995180fd54a0f84cf137f024159b7967
Branch: v4.1-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 585be8edbef5ce4ef30e6c20386358ca1ba8e344
Branch: v4.2-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 4ce590b007d80b41abd00aba95f73c04e71ff53b
Branch: v4.3-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: f9b65fa812f6f121b7c5f5daa642f05310b4123c
Branch: v4.4-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 15502d85dd21d7badeb230285898fa28f67cba9d
Branch: v4.5-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: fd16bd525afeac6870ab3b747d9ee16002e2f1b2
Branch: v4.6-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 93edb0ea630556569320de83d45b100718f1391f
Branch: v4.7-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 5441f05a42a90779b0df86518286bf527e94aafb
Branch: v4.8-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 38a16f786794887cb2fd8e82d4b52e07a77d9f50
Branch: v4.9-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 6452b9fdff7988024a6157ca0a973ac3abf54468
Branch: v4.10-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: d238f132e6e0432a42d3cdff4571730dae3a85eb
Branch: v5.0-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 58f237d696310f3ac62e98b3b5e9cb98e13064e9
Branch: v5.1-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: c5085b7a9031f899c7bef0d2630aa77c461b92a6
Branch: v5.1.0-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Branch: v5.2-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 4f50f36c0004af0faf0f535b46e2a1841c2443d8
Branch: v5.3-maint
Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9
Fixed by: 97a737c58ff6080bd0e149830b860ef32b3d2acb
More information about the Libvirt-announce
mailing list