Bug 1139000 - CVE-2014-3573 ovirt-engine-backend: oVirt Engine: XML eXternal Entity (XXE) flaw in backend module
Summary: CVE-2014-3573 ovirt-engine-backend: oVirt Engine: XML eXternal Entity (XXE) f...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: oVirt
Classification: Retired
Component: ovirt-engine-core
Version: 3.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.4.4
Assignee: Alon Bar-Lev
QA Contact: Petr Beňas
URL: https://www.redhat.com/security/data/...
Whiteboard: infra
Depends On:
Blocks: 1125803 1154674
TreeView+ depends on / blocked
 
Reported: 2014-09-07 11:13 UTC by Alon Bar-Lev
Modified: 2015-01-04 23:06 UTC (History)
8 users (show)

Fixed In Version: ovirt-3.5.0_rc2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-24 08:08:49 UTC
oVirt Team: ---

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 30973 0 None None None Never
oVirt gerrit 30974 0 None None None Never
oVirt gerrit 32563 0 master MERGED core: fix CVE-2014-3573 Never
oVirt gerrit 32609 0 None None None Never
oVirt gerrit 32610 0 None None None Never
oVirt gerrit 32611 0 ovirt-engine-3.5 MERGED core: fix CVE-2014-3573 Never
oVirt gerrit 32620 0 None None None Never
oVirt gerrit 32621 0 None None None Never
oVirt gerrit 32622 0 ovirt-engine-3.4 MERGED core: fix CVE-2014-3573 Never

Description Alon Bar-Lev 2014-09-07 11:13:46 UTC 
It was discovered that, when loading XML/RSDL documents, the oVirt Engine back end module used an insecure DocumentBuilderFactory. A remote, authenticated attacker could use this flaw to read files accessible to the user running the ovirt-engine server, and potentially perform other more advanced XML External Entity (XXE) attacks.
Comment 1 Petr Beňas 2014-09-16 13:00:05 UTC 
in ovirt-engine-backend-3.5.0-0.0.master.20140911085455.gite1c5ffd.el6.noarch
Comment 2 Sandro Bonazzola 2014-09-24 08:08:49 UTC 
oVirt 3.4.4 has been released.
Note You need to log in before you can comment on or make changes to this bug.