Executive Summary
| Summary | |
|---|---|
| Title | libvirt security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2009:0382 | First vendor Publication | 2009-03-19 |
| Vendor | RedHat | Last vendor Modification | 2009-03-19 |
| Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated libvirt packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 3. Description: libvirt is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. libvirt also provides tools for remotely managing virtualized systems. The libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections. (CVE-2008-5086) libvirt_proxy, a setuid helper application allowing non-privileged users to communicate with the hypervisor, was discovered to not properly validate user requests. Local users could use this flaw to cause a stack-based buffer overflow in libvirt_proxy, possibly allowing them to run arbitrary code with root privileges. (CVE-2009-0036) All users are advised to upgrade to these updated packages, which contain backported patches which resolve these issues. After installing the update, libvirtd must be restarted manually (for example, by issuing a "service libvirtd restart" command) for this change to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 476560 - CVE-2008-5086 libvirt: missing checks for read-only connection 484947 - CVE-2009-0036 libvirt: libvirt_proxy buffer overflow |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2009-0382.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10127 | |||
| Oval ID: | oval:org.mitre.oval:def:10127 | ||
| Title: | Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check. | ||
| Description: | Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0036 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17251 | |||
| Oval ID: | oval:org.mitre.oval:def:17251 | ||
| Title: | USN-694-1 -- libvirt vulnerability | ||
| Description: | It was discovered that libvirt did not mark certain operations as read-only. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-694-1 CVE-2008-5086 | Version: | 7 |
| Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | libvirt |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22396 | |||
| Oval ID: | oval:org.mitre.oval:def:22396 | ||
| Title: | DEPRECATED: ELSA-2009:0382: libvirt security update (Moderate) | ||
| Description: | Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0382-02 CVE-2008-5086 CVE-2009-0036 | Version: | 14 |
| Platform(s): | Oracle Linux 5 | Product(s): | libvirt |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22582 | |||
| Oval ID: | oval:org.mitre.oval:def:22582 | ||
| Title: | ELSA-2009:0382: libvirt security update (Moderate) | ||
| Description: | Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0382-01 CVE-2008-5086 CVE-2009-0036 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | libvirt |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8765 | |||
| Oval ID: | oval:org.mitre.oval:def:8765 | ||
| Title: | Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions. | ||
| Description: | Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5086 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2009-04-27 | libvirt_proxy <= 0.5.1 Local Privilege Escalation Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-13 | Name : SLES10: Security update for libvirt File : nvt/sles10_libvirt.nasl |
| 2009-03-23 | Name : Ubuntu Update for libvirt vulnerability USN-694-1 File : nvt/gb_ubuntu_USN_694_1.nasl |
| 2009-03-20 | Name : RedHat Security Advisory RHSA-2009:0382 File : nvt/RHSA_2009_0382.nasl |
| 2009-02-18 | Name : SuSE Security Summary SUSE-SR:2009:004 File : nvt/suse_sr_2009_004.nasl |
| 2009-02-13 | Name : Fedora Update for libvirt FEDORA-2008-11433 File : nvt/gb_fedora_2008_11433_libvirt_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for libvirt FEDORA-2008-11443 File : nvt/gb_fedora_2008_11443_libvirt_fc10.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 51866 | libvirt proxy/libvirt_proxy.c proxyReadClientSocket() Function Overflow |
| 50919 | libvirt Multiple Method Read-only Connection Check Local Access Restriction B... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0382.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0382.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090319_libvirt_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libvirt-5869.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libvirt-081218.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libvirt-081218.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-11443.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-694-1.nasl - Type : ACT_GATHER_INFO |
| 2009-02-06 | Name : The remote openSUSE host is missing a security update. File : suse_libvirt-5874.nasl - Type : ACT_GATHER_INFO |
| 2008-12-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-11433.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:52:23 |
|
