Executive Summary

Informations
Name CVE-2010-2242 First vendor Publication 2010-08-19
Vendor Cve Last vendor Modification 2010-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2242

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12561
 
Oval ID: oval:org.mitre.oval:def:12561
Title: USN-1008-2 -- virtinst update
Description: Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to "raw" when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not specify a format in the XML. This update adds the "format=" option when specifying a disk. For example, to import an existing VM which uses a qcow2 disk format, use somthing like the following: virt-install --connect=qemu:///session --name test-import --ram=256 \ --disk path=<path to qcow2 image>,format=qcow2 --import For more information, see man 1 virt-install. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host
Family: unix Class: patch
Reference(s): USN-1008-2
CVE-2010-2237
CVE-2010-2238
CVE-2010-2239
CVE-2010-2242
Version: 5
Platform(s): Ubuntu 10.04
Product(s): virtinst
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13033
 
Oval ID: oval:org.mitre.oval:def:13033
Title: USN-1008-3 -- libvirt update
Description: USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04 LTS reverted a recent bug fix update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host
Family: unix Class: patch
Reference(s): USN-1008-3
CVE-2010-2237
CVE-2010-2238
CVE-2010-2239
CVE-2010-2242
Version: 5
Platform(s): Ubuntu 10.04
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13109
 
Oval ID: oval:org.mitre.oval:def:13109
Title: USN-1008-1 -- libvirt vulnerabilities
Description: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host
Family: unix Class: patch
Reference(s): USN-1008-1
CVE-2010-2237
CVE-2010-2238
CVE-2010-2239
CVE-2010-2242
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13143
 
Oval ID: oval:org.mitre.oval:def:13143
Title: USN-1008-4 -- libvirt regression
Description: USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify "host_device" as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old behavior on Ubuntu 10.04 LTS. We apologize for the inconvenience. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host
Family: unix Class: patch
Reference(s): USN-1008-4
CVE-2010-2238
CVE-2010-2237
CVE-2010-2239
CVE-2010-2242
Version: 5
Platform(s): Ubuntu 10.04
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22120
 
Oval ID: oval:org.mitre.oval:def:22120
Title: RHSA-2010:0615: libvirt security and bug fix update (Low)
Description: Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
Family: unix Class: patch
Reference(s): RHSA-2010:0615-01
CESA-2010:0615
CVE-2010-2239
CVE-2010-2242
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22785
 
Oval ID: oval:org.mitre.oval:def:22785
Title: ELSA-2010:0615: libvirt security and bug fix update (Low)
Description: Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
Family: unix Class: patch
Reference(s): ELSA-2010:0615-01
CVE-2010-2239
CVE-2010-2242
Version: 13
Platform(s): Oracle Linux 5
Product(s): libvirt
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28238
 
Oval ID: oval:org.mitre.oval:def:28238
Title: DEPRECATED: ELSA-2010-0615 -- libvirt security and bug fix update (low)
Description: [0.6.3-33.0.1.el5_5.3] - Replaced docs/et.png in tarball [0.6.3-33.el5_5.3] - Explicitly set qcow2 backing store format (CVE-2010-2239) - Remap privileged source ports from guests behind NAT (CVE-2010-2242) - Eliminate memory leak in xenUnifiedDomainInfoListFree (rhbz 619711) [0.6.3-33.el5_5.2] - Fix discrepancy between xm list and virsh list (rhbz 618200) - Set a stable & high MAC addr for guest TAP devices on host (rhbz 617243)
Family: unix Class: patch
Reference(s): ELSA-2010-0615
CVE-2010-2239
CVE-2010-2242
Version: 4
Platform(s): Oracle Linux 5
Product(s): libvirt
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 33

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for libvirt CESA-2010:0615 centos5 i386
File : nvt/gb_CESA-2010_0615_libvirt_centos5_i386.nasl
2010-11-16 Name : Ubuntu Update for libvirt regression USN-1008-4
File : nvt/gb_ubuntu_USN_1008_4.nasl
2010-10-26 Name : Ubuntu Update for libvirt update USN-1008-3
File : nvt/gb_ubuntu_USN_1008_3.nasl
2010-10-22 Name : Ubuntu Update for libvirt vulnerabilities USN-1008-1
File : nvt/gb_ubuntu_USN_1008_1.nasl
2010-10-22 Name : Ubuntu Update for virtinst update USN-1008-2
File : nvt/gb_ubuntu_USN_1008_2.nasl
2010-07-30 Name : Fedora Update for libvirt FEDORA-2010-10960
File : nvt/gb_fedora_2010_10960_libvirt_fc13.nasl
2010-07-30 Name : Fedora Update for libvirt FEDORA-2010-11021
File : nvt/gb_fedora_2010_11021_libvirt_fc12.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
67300 libvirt on Red Hat iptables Rules Privileged Source Port Mapping Guest OS Acc...

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libvirt-100810.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0615.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0615.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100810_libvirt_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libvirt-100819.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libvirt-100723.nasl - Type : ACT_GATHER_INFO
2010-11-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1008-4.nasl - Type : ACT_GATHER_INFO
2010-10-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1008-3.nasl - Type : ACT_GATHER_INFO
2010-10-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1008-1.nasl - Type : ACT_GATHER_INFO
2010-10-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1008-2.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libvirt-7150.nasl - Type : ACT_GATHER_INFO
2010-09-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libvirt-100723.nasl - Type : ACT_GATHER_INFO
2010-09-17 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libvirt-100730.nasl - Type : ACT_GATHER_INFO
2010-08-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0615.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10960.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-11021.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://libvirt.org/news.html
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/591943
https://bugzilla.redhat.com/show_bug.cgi?id=602455
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
REDHAT http://www.redhat.com/support/errata/RHSA-2010-0615.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
UBUNTU http://ubuntu.com/usn/usn-1008-1
http://ubuntu.com/usn/usn-1008-2
http://ubuntu.com/usn/usn-1008-3
VUPEN http://www.vupen.com/english/advisories/2010/2062
http://www.vupen.com/english/advisories/2010/2763

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2021-05-04 12:11:41
  • Multiple Updates
2021-04-22 01:12:17
  • Multiple Updates
2020-05-23 00:25:58
  • Multiple Updates
2016-04-26 19:53:07
  • Multiple Updates
2014-06-14 13:28:52
  • Multiple Updates
2014-02-17 10:55:58
  • Multiple Updates
2013-05-10 23:27:01
  • Multiple Updates