Bug 1277121 (CVE-2015-5313)
| Summary: | CVE-2015-5313 libvirt: filesystem storage volume names path traversal flaw | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | unspecified | CC: | aavati, berrange, carnil, eblake, jdenemar, jsuchane, knoel, nlevinki, pkrempa, rfortier, security-response-team, sgirijan, sisharma, slawomir, slong, ssaha, vbellur | ||||
| Target Milestone: | --- | Keywords: | Reopened, Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-06-08 02:45:02 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1291035, 1291433, 1292585 | ||||||
| Bug Blocks: | 1277124 | ||||||
| Attachments: |
|
||||||
|
Description
Adam Mariš
2015-11-02 12:21:11 UTC
Created attachment 1103765 [details]
proposed patch
Issue is now public: https://www.redhat.com/archives/libvir-list/2015-December/msg00473.html This issue is not considered to have any security impact on libvirt versions as shipped with Red Hat Enterprise Linux 6 and earlier. In those versions, this can only be exploited by privileged libvirtd users, who are already root equivalent. In libvirt 1.1.0 and later, i.e. also in libvirt version in Red Hat Enterprise Linux 7, it is possible to grant finer grained privileges and hence grant user privilege to create storage volumes without allowing them to create or modify domains. In configurations using such ACL setttings, this may allow privilege escalation. Lowering impact rating to Moderate as this is limited to specific non-default configurations. Created libvirt tracking bugs for this issue: Affects: fedora-all [bug 1291433] Statement: This issue affects the versions of libvirt as shipped with Red Hat Enterprise Linux version 7 and Red Hat Gluster Storage 3.1. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. libvirt-1.2.18.2-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. libvirt-1.2.13.2-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2577 https://rhn.redhat.com/errata/RHSA-2016-2577.html |