Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: libvirt kvm-group writable storage
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 25 Feb 2013 14:24:25 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/25/2013 12:36 PM, Bastian Blank wrote:
Hi

libvirtd in privileged (root) mode runs qemu/kvm guests with a
different user. It set owner/group of storage used by this guests
to this user and group. In Debian this is libvirt-qemu:kvm.

| brw-rw---T 1 libvirt-qemu kvm  254, 11 Feb 25 17:08 /dev/dm-11 |
brw-rw---T 1 libvirt-qemu kvm  254, 12 Feb 25 17:50 /dev/dm-12

The kvm group is used for generic access control on /dev/kvm, so a
lot of users may have access to this group.

| crw-rw---T 1 root kvm 10, 232 Feb 25 18:04 kvm

This allows write access to unrelated users to this storage.

Affected is at least Debian Squeeze (0.8.3-5+squeeze2) and Debian 
experimental (1.0.1-2). Reference is http://bugs.debian.org/701649

Please assign a CVE.

Bastian


Please use CVE-2013-1766 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRK9aIAAoJEBYNRVNeJnmT8EMQAMa1H0ohO260tA037ynQsPZt
xsgfjODQyH5DvC0u6/TaenkqdC91wgWuD5pRCgtTzIUOzuXGCYuyKqn9s+MTS1RW
TN8vbuBnEZEZNssm1cCntTEuClJlD2ZoctwKVGN4WqGJpQhhN6wuLt0Kh2pgt+bm
eJ8zhtvREpncjnt/GIOACIsshSysQONup4tWDOaag3RyBbkM1QDTV8CoA9STjBu4
8/1NZ4+C9qsI94dV+F3C0cijZgDn8Ev62reZKsSYSxBUxreDhwj3DwKAA37bSpf5
WKbjcfDlkuw2TNdwzPPm/NdJs+q8RiMOzCeIUD/vXzzXsfW8qjNDR2veG16+p1cw
w+dLf7ggto00cSgTvNnwrEr14lCE73JVRvg6K+LUsHR5soNuyNGGYMIelvNcj6sh
0xLSSIqREvFW2sVX2LKmOtRMz9YXmQgs4uqGqxMMh8mMcRZeJuTv2X05WydejLKc
mYxc2hwL3urP7JhB28BYhF6KGZRbtcE5X3835cRuwH0AZIL5GW6V63d8FiEPHYMV
Zn0pxOylVGqc2Jr8fzfUlmePh3fVY/H7jRmK+Q8Hrg15SbMho1XAwSw15mfSuNXA
VKvMdoWuN7bFry2FG1/rf033B0E84Nl6P3HD+qjTvBsyT4yFNV9zdZ2vaJkzOCAK
D4mwa1UNIq0b7ncoXGFI
=S4IS
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]