Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-2242 | First vendor Publication | 2010-08-19 |
Vendor | Cve | Last vendor Modification | 2010-10-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2242 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12561 | |||
Oval ID: | oval:org.mitre.oval:def:12561 | ||
Title: | USN-1008-2 -- virtinst update | ||
Description: | Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to "raw" when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not specify a format in the XML. This update adds the "format=" option when specifying a disk. For example, to import an existing VM which uses a qcow2 disk format, use somthing like the following: virt-install --connect=qemu:///session --name test-import --ram=256 \ --disk path=<path to qcow2 image>,format=qcow2 --import For more information, see man 1 virt-install. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1008-2 CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | virtinst |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13033 | |||
Oval ID: | oval:org.mitre.oval:def:13033 | ||
Title: | USN-1008-3 -- libvirt update | ||
Description: | USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04 LTS reverted a recent bug fix update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1008-3 CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | libvirt |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13109 | |||
Oval ID: | oval:org.mitre.oval:def:13109 | ||
Title: | USN-1008-1 -- libvirt vulnerabilities | ||
Description: | It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1008-1 CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.04 Ubuntu 9.10 | Product(s): | libvirt |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13143 | |||
Oval ID: | oval:org.mitre.oval:def:13143 | ||
Title: | USN-1008-4 -- libvirt regression | ||
Description: | USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify "host_device" as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old behavior on Ubuntu 10.04 LTS. We apologize for the inconvenience. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1008-4 CVE-2010-2238 CVE-2010-2237 CVE-2010-2239 CVE-2010-2242 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | libvirt |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22120 | |||
Oval ID: | oval:org.mitre.oval:def:22120 | ||
Title: | RHSA-2010:0615: libvirt security and bug fix update (Low) | ||
Description: | Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0615-01 CESA-2010:0615 CVE-2010-2239 CVE-2010-2242 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libvirt |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22785 | |||
Oval ID: | oval:org.mitre.oval:def:22785 | ||
Title: | ELSA-2010:0615: libvirt security and bug fix update (Low) | ||
Description: | Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0615-01 CVE-2010-2239 CVE-2010-2242 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | libvirt |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28238 | |||
Oval ID: | oval:org.mitre.oval:def:28238 | ||
Title: | DEPRECATED: ELSA-2010-0615 -- libvirt security and bug fix update (low) | ||
Description: | [0.6.3-33.0.1.el5_5.3] - Replaced docs/et.png in tarball [0.6.3-33.el5_5.3] - Explicitly set qcow2 backing store format (CVE-2010-2239) - Remap privileged source ports from guests behind NAT (CVE-2010-2242) - Eliminate memory leak in xenUnifiedDomainInfoListFree (rhbz 619711) [0.6.3-33.el5_5.2] - Fix discrepancy between xm list and virsh list (rhbz 618200) - Set a stable & high MAC addr for guest TAP devices on host (rhbz 617243) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0615 CVE-2010-2239 CVE-2010-2242 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | libvirt |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for libvirt CESA-2010:0615 centos5 i386 File : nvt/gb_CESA-2010_0615_libvirt_centos5_i386.nasl |
2010-11-16 | Name : Ubuntu Update for libvirt regression USN-1008-4 File : nvt/gb_ubuntu_USN_1008_4.nasl |
2010-10-26 | Name : Ubuntu Update for libvirt update USN-1008-3 File : nvt/gb_ubuntu_USN_1008_3.nasl |
2010-10-22 | Name : Ubuntu Update for libvirt vulnerabilities USN-1008-1 File : nvt/gb_ubuntu_USN_1008_1.nasl |
2010-10-22 | Name : Ubuntu Update for virtinst update USN-1008-2 File : nvt/gb_ubuntu_USN_1008_2.nasl |
2010-07-30 | Name : Fedora Update for libvirt FEDORA-2010-10960 File : nvt/gb_fedora_2010_10960_libvirt_fc13.nasl |
2010-07-30 | Name : Fedora Update for libvirt FEDORA-2010-11021 File : nvt/gb_fedora_2010_11021_libvirt_fc12.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67300 | libvirt on Red Hat iptables Rules Privileged Source Port Mapping Guest OS Acc... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libvirt-100810.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0615.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0615.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100810_libvirt_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libvirt-100819.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libvirt-100723.nasl - Type : ACT_GATHER_INFO |
2010-11-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1008-4.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1008-3.nasl - Type : ACT_GATHER_INFO |
2010-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1008-1.nasl - Type : ACT_GATHER_INFO |
2010-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1008-2.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libvirt-7150.nasl - Type : ACT_GATHER_INFO |
2010-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libvirt-100723.nasl - Type : ACT_GATHER_INFO |
2010-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libvirt-100730.nasl - Type : ACT_GATHER_INFO |
2010-08-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0615.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10960.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11021.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:11:41 |
|
2021-04-22 01:12:17 |
|
2020-05-23 00:25:58 |
|
2016-04-26 19:53:07 |
|
2014-06-14 13:28:52 |
|
2014-02-17 10:55:58 |
|
2013-05-10 23:27:01 |
|