SB2019072014 - OpenSUSE Linux update for libvirt 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019072014

SB2019072014 - OpenSUSE Linux update for libvirt

Published: July 20, 2019

Security Bulletin ID SB2019072014
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2019-10161)

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions in libvirtd that allow read-only clients to use the virDomainSaveImageGetXMLDesc() API. A local user with read-only access to the libvirtd socket can confirm presence of arbitrary files on the system, trigger denial of service condition or execute arbitrary applications on the affected system.


2) Improper access control (CVE-ID: CVE-2019-10166)

The vulnerability allows a local authenticated user to execute arbitrary code.

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.


3) Improper access control (CVE-ID: CVE-2019-10167)

The vulnerability allows a local authenticated user to execute arbitrary code.

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.


4) Improper access control (CVE-ID: CVE-2019-10168)

The vulnerability allows a local authenticated user to execute arbitrary code.

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.


Remediation

Install update from vendor's website.

References