[Libvirt-announce] LSN-2019-0003: Insecure permissions for systemd socket for virtlockd/virtlogd

[Daniel P. Berrangé]

        Libvirt Security Notice: LSN-2019-0003
        ======================================

       Summary: Insecure permissions for systemd socket for
                virtlockd/virtlogd
   Reported on: 20190430
  Published on: 20190421
      Fixed on: 20190421
   Reported by: Daniel P. Berrangé <berrange at redhat.com>
    Patched by: Daniel P. Berrangé <berrange at redhat.com>
      See also: CVE-2019-10132

Description
-----------

The virtlockd-admin.socket and virtlogd-admin.socket unit files do
not set the SocketMode parameter and thus create a world accessible
UNIX domain socket. Furthermore the code fails to validate the
identity of clients connecting to these sockets.

Impact
------

An unprivileged user is able to connect to the virtlockd or virtlogd
daemons and use the administrative RPC commands to elevate their
privileges

Workaround
----------

Disable the virtlockd-admin.socket and virtlogd-admin.socket units
in systemd. Alternative customize them to add SocketMode=0600
locally.

Affected product
----------------

        Name: libvirt
  Repository: git://libvirt.org/git/libvirt.git
              http://libvirt.org/git/?p=libvirt.git

      Branch: master
   Broken in: v4.1.0
   Broken in: v4.2.0
   Broken in: v4.3.0
   Broken in: v4.4.0
   Broken in: v4.5.0
   Broken in: v4.6.0
   Broken in: v4.7.0
   Broken in: v4.8.0
   Broken in: v4.9.0
   Broken in: v4.10.0
   Broken in: v5.0.0
   Broken in: v5.1.0
   Broken in: v5.2.0
   Broken in: v5.3.0
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7
    Fixed by: f111e09468693909b1f067aa575efdafd9a262a1
    Fixed by: e37bd65f9948c1185456b2cdaa3bd6e875af680f

      Branch: v4.1-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: 39fb5ab3125d1669344bab94ccb71bce814d9ae2
    Fixed by: 41f06e6095e17b61b2af35821d204afc5c34777c
    Fixed by: f0e014133104cdb5af5c7d96a7aa6dc0f1bbb03c

      Branch: v4.2-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: 9bef445981a244622bfd64086d91016868656978
    Fixed by: 63095b01eb9d9629c34a8a7c8a4b5ffd611b51c3
    Fixed by: f845754de1b44375879bae4937acfb5d0965ac08

      Branch: v4.3-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: acf17630336568984e3e00d356fd75cdf2b1f09c
    Fixed by: 93d9f05684c818fb5eab9ffef7a4f9f9adbd7d02
    Fixed by: 59fe946efccc1fe28a734a91de27550ece9467d5

      Branch: v4.4-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: ebc49c1dff2fc1999963dd225c3f9a7beb90e87b
    Fixed by: 13d340b328ad2d567f2878cfeedacd114a9172a7
    Fixed by: faac7d474ad696f7e105ba776167f8d18d78d5d7

      Branch: v4.5-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: d1017aeee9da6d3db4389141b0f07f0a8204303d
    Fixed by: 618358632b6bfe93e46f038656609cf79b471bef
    Fixed by: ec58805400e8d394169af2355168bc439586f414

      Branch: v4.6-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: 99decb0a65227aac7b072f9e1751b75ac50a62a5
    Fixed by: 223167124cf5c056c12d7c174307e490aa5fd2b3
    Fixed by: 0a9c2082e65579ab814fce701e58f91a71a73c11

      Branch: v4.7-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: dfd22fc50f8f268b9810d2ef21adada021f740eb
    Fixed by: 54005b84b0165b62b2ef88c7df229bddbaa29e76
    Fixed by: 030fdf57255f97289a407529194bf26c77548acb

      Branch: v4.8-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: 4369e90f8cacb24b55a22321923954874c14b44b
    Fixed by: 257c5589fe5138fdb36d434162b97599cc470f9b
    Fixed by: 5c3dcd0dd416f28520ce3a8fd33222b01c5a33a1

      Branch: v4.9-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: b0f788c2d3d9930015258a7df95dde80a498e657
    Fixed by: ea014c9fcf19539c75a7cb6926b14858426746a7
    Fixed by: a474f18dceed61d562508980999e5f2d7445d683

      Branch: v4.10-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: 8d12118171a250150f2cb16448c49271a1dcb077
    Fixed by: a712f01682078f48d3c258bff8cd523ab9100b0d
    Fixed by: f8d8a7a182c0854fa50d3976077b3a3d8de8980f

      Branch: v5.0-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: 78a00c539d271a250c62260bbf2c2594714b7e9b
    Fixed by: 5aa8b8d1b118f52bb2209c87482824b3ffac74c2
    Fixed by: be311e1ba9b7ac7f17a0f3d1a34496de50a7b914

      Branch: v5.1-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: 44a0bcdb107eb7ac251f9aa5a316f4c161f43542
    Fixed by: 771a7f2fa86a736770c3470f2a0fccd60cce3e9f
    Fixed by: 4aa6ce7dad1a0b66afd32f02fa17319762bb12b1

      Branch: v5.2-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: de48bfbe09a00d743eef4b3a7b03b1af0e26fa9d
    Fixed by: 16a5284eb1be6b0c00e277b604e62f394b426fbc
    Fixed by: c909c8e185a14bbab82564f219c0bb492a81ca43

      Branch: v5.3-maint
   Broken by: 85d45ff05db4a41ac3678ee0d4457b6b3323597e
   Broken by: ce7ae55ea1113bc574c5b5a61828e67fbd0e506f
    Fixed by: fd48a871a9dcdb8b8b1eb39612e5df870a7e2c3c
    Fixed by: 8c2c611df31d3b37f149385e4597c47300ae1489
    Fixed by: a968b3103c503db8a9fb6c9d64f0dd49d3b6f2a3


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|