[Libvirt-announce] LSN-2019-0007: virConnect*HypervisorCPU do not check for read-only connection
Ján Tomko
jtomko at redhat.com
Mon Jun 24 12:35:28 UTC 2019
Libvirt Security Notice: LSN-2019-0007
======================================
Summary: virConnect*HypervisorCPU do not check for
read-only connection
Reported on: 20190604
Published on: 20190620
Fixed on: 20190620
Reported by: Ján Tomko <jtomko at redhat.com>
Patched by: Ján Tomko <jtomko at redhat.com>
See also: CVE-2019-10168
Description
-----------
The virConnect*HypervisorCPU APIs allow reporting CPU capabilities
from arbitrary emulator binaries without checking for a read-only
connection. This allows unprivileged users to execute arbitrary
binaries with elevated privileges.
Impact
------
The default libvirt configuration allows all local user accounts
read-only access to the libvirtd daemon. Any local user can provide
an arbitrary emulator, executing arbitrary binaries as the
configured QEMU user. Since v5.1.0, the emulator binary is run with
CAP_DAC_OVERRIDE, essentially having root privileges.
Workaround
----------
Edit the /etc/libvirt/libvirtd.conf configuration file, to set the
'unix_sock_ro_perms = "0700"' to prevent local users from connecting
to libvirt. Alternatively setup a policy kit rule to prevent them
access without first authenticating as root.
Affected product
----------------
Name: libvirt
Repository: git://libvirt.org/git/libvirt.git
http://libvirt.org/git/?p=libvirt.git
Branch: master
Broken in: v4.4.0
Broken in: v4.5.0
Broken in: v4.6.0
Broken in: v4.7.0
Broken in: v4.8.0
Broken in: v4.9.0
Broken in: v4.10.0
Broken in: v5.0.0
Broken in: v5.1.0
Broken in: v5.2.0
Broken in: v5.3.0
Broken in: v5.4.0
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: bf6c2830b6c338b1f5699b095df36f374777b291
Branch: v4.4-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: a6116fc8618300f6e2a082396812363310d1420f
Branch: v4.5-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: 415cc5c0644304fd1e1bb721a092cf65e07be79f
Branch: v4.6-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: 890965e8943a8837b41c3c6f366135ccfef48fb3
Branch: v4.7-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: f5ace9c05d59b70d4899199a187cb32ec6f600d8
Branch: v4.8-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: fc30929ffdf339d920b2e2183faf4373920bff6f
Branch: v4.9-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: dd88b69a207c1ed6e89d7e9fa6b5f4a9ec4db97c
Branch: v4.10-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: 09c2635d0deec198de0f250abc2958f2d1c09eaa
Branch: v5.0-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: 1ef98539a655109480628c91feac48c3c69675ef
Branch: v5.1-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: 2a3f95a40725f743b5189868bcc1a78d922517f6
Branch: v5.1.0-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Branch: v5.2-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: 45ae5e529d4e886f47dacca9dfe5a08d95a3425a
Branch: v5.3-maint
Broken by: 24a41aa6435045df2cf711d34cf399c2d74e4bf2
Broken by: 7d0a1efcd6087096671f3769ec2b850292465e9a
Fixed by: d8e4d13446a0b04b757bd28c242a4cfecaaa8f1e
More information about the Libvirt-announce
mailing list