Bug 1694880 (CVE-2019-3886) - CVE-2019-3886 libvirt: virsh domhostname command discloses guest hostname in readonly mode
Summary: CVE-2019-3886 libvirt: virsh domhostname command discloses guest hostname in ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-3886
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1695456 1696054 1696055
Blocks: 1694881
TreeView+ depends on / blocked
 
Reported: 2019-04-01 22:57 UTC by Laura Pardo
Modified: 2024-03-20 10:31 UTC (History)
27 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
Clone Of:
Environment:
Last Closed: 2021-10-25 09:52:10 UTC
Embargoed:


Attachments (Terms of Use)

Description Laura Pardo 2019-04-01 22:57:43 UTC
A vulnerability was found in libvirt versions >= 4.8.0. An information exposure allows to retrieve the guest hostname under readonly mode


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1692619

Comment 2 Daniel Berrangé 2019-04-03 13:53:41 UTC
NB, the flaw isn't the fact that the guest hostname is disclosed, but rather that the act of getting the hostname involves talking to the guest agent. The guest agent is untrusted and can block libvirt operations for a period of time, and so unprivileged users must not be allowed to run operations that talk to the guest agent.

Comment 3 Daniel Berrangé 2019-04-03 15:15:26 UTC
Patches posted upstream at:

  https://www.redhat.com/archives/libvir-list/2019-April/msg00339.html

NB part of the flaw was found to also affect the virDomainGetTime API, in addition to virDomainGetHostname.

Comment 4 Doran Moppert 2019-04-04 05:38:21 UTC
Thanks Daniel,

I've altered the doctext to hopefully more faithfully represent the nature of the flaw, and changed the CVSS vector to A:L representing potential Availability impact by blocking libvirt.

Comment 5 Doran Moppert 2019-04-04 05:38:43 UTC
Created libvirt tracking bugs for this issue:

Affects: fedora-rawhide [bug 1696055]


Created mingw-libvirt tracking bugs for this issue:

Affects: fedora-rawhide [bug 1696054]


Note You need to log in before you can comment on or make changes to this bug.