Bug 915718 (CVE-2013-1766) - CVE-2013-1766 libvirt: kvm-group writable storage
Summary: CVE-2013-1766 libvirt: kvm-group writable storage
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-1766
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 915719
TreeView+ depends on / blocked
 
Reported: 2013-02-26 11:25 UTC by Petr Matousek
Modified: 2021-02-17 08:00 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-26 11:26:53 UTC
Embargoed:


Attachments (Terms of Use)

Description Petr Matousek 2013-02-26 11:25:12 UTC
libvirtd in privileged (root) mode runs qemu/kvm guests with a different
user. It set owner/group of storage used by this guests to this user and
group. In Debian this is libvirt-qemu:kvm.

| brw-rw---T 1 libvirt-qemu kvm  254, 11 Feb 25 17:08 /dev/dm-11
| brw-rw---T 1 libvirt-qemu kvm  254, 12 Feb 25 17:50 /dev/dm-12

The kvm group is used for generic access control on /dev/kvm, so a lot
of users may have access to this group.

| crw-rw---T 1 root kvm 10, 232 Feb 25 18:04 kvm

This allows write access to unrelated users to this storage.

Affected is at least Debian Squeeze (0.8.3-5+squeeze2) and Debian
experimental (1.0.1-2).

References:
http://bugs.debian.org/701649
http://seclists.org/oss-sec/2013/q1/440
http://seclists.org/oss-sec/2013/q1/447

Comment 1 Petr Matousek 2013-02-26 11:26:29 UTC
Statement:

Not vulnerable.

This issue did not affect the versions of the libvirt package as shipped with Red Hat Enterprise Linux 5 and 6.


Note You need to log in before you can comment on or make changes to this bug.