683650 – (CVE-2011-1146) CVE-2011-1146 libvirt: several API calls do not honour read-only connection

Bug 683650 (CVE-2011-1146) - CVE-2011-1146 libvirt: several API calls do not honour read-only connection

Summary: CVE-2011-1146 libvirt: several API calls do not honour read-only connection

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2011-1146
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	683651 683652 683653 683654 683655
Blocks:
TreeView+	depends on / blocked

Reported:	2011-03-09 23:03 UTC by Petr Matousek
Modified:	2019-09-29 12:43 UTC (History)
CC List:	22 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-04-15 21:48:32 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0391	0	normal	SHIPPED_LIVE	Important: libvirt security update	2011-03-28 16:47:30 UTC

Description Petr Matousek 2011-03-09 23:03:06 UTC

Description of problem:
It has been found that several libvirt API calls (virNodeDeviceDettach, virNodeDeviceReset, virNodeDeviceReAttach, virDomainRevertToSnapshot, virDomainSnapshotDelete and virConnectDomainXMLToNative) did not honour read-only connection. Local attacker could use this flaw to crash the server (DoS) or possibly escalate his privileges.

Comment 3 Petr Matousek 2011-03-09 23:11:31 UTC

Created libvirt tracking bugs for this issue

Affects: fedora-all [bug 683655]

Comment 4 Jim Fehlig 2011-03-10 17:42:20 UTC

Should virNodeDeviceReAttach also be added to the list?

Comment 5 Petr Matousek 2011-03-10 21:19:44 UTC

(In reply to comment #4)
> Should virNodeDeviceReAttach also be added to the list?

Yes, I omitted it by mistake. Thanks Jim.

Comment 6 Daniel Veillard 2011-03-14 06:53:38 UTC

Also added virConnectDomainXMLToNative() after a full review and commited
upstream:

http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=71753cb7f7a16ff800381c0b5ee4e99eea92fed3;hp=13c00dde3171b3a38d23cceb3f9151cb6cac3dad

Daniel

Comment 8 errata-xmlrpc 2011-03-28 16:47:40 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2011:0391 https://rhn.redhat.com/errata/RHSA-2011-0391.html

Note You need to log in before you can comment on or make changes to this bug.

aquini
berrange
clalance
crobinso
dallan
dyuan
eblake
gren
itamar
jfehlig
jforbes
jiachen
jlieskov
jyang
laine
llim
pmatouse
security-response-team
veillard
virt-maint
virt-maint
xen-maint