[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: libvirt kvm-group writable storage
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-02-25 21:24:25
Message-ID: 512BD689.8090908 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/25/2013 12:36 PM, Bastian Blank wrote:
> Hi
> 
> libvirtd in privileged (root) mode runs qemu/kvm guests with a
> different user. It set owner/group of storage used by this guests
> to this user and group. In Debian this is libvirt-qemu:kvm.
> 
> | brw-rw---T 1 libvirt-qemu kvm  254, 11 Feb 25 17:08 /dev/dm-11 |
> brw-rw---T 1 libvirt-qemu kvm  254, 12 Feb 25 17:50 /dev/dm-12
> 
> The kvm group is used for generic access control on /dev/kvm, so a
> lot of users may have access to this group.
> 
> | crw-rw---T 1 root kvm 10, 232 Feb 25 18:04 kvm
> 
> This allows write access to unrelated users to this storage.
> 
> Affected is at least Debian Squeeze (0.8.3-5+squeeze2) and Debian 
> experimental (1.0.1-2). Reference is http://bugs.debian.org/701649
> 
> Please assign a CVE.
> 
> Bastian
> 

Please use CVE-2013-1766 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRK9aIAAoJEBYNRVNeJnmT8EMQAMa1H0ohO260tA037ynQsPZt
xsgfjODQyH5DvC0u6/TaenkqdC91wgWuD5pRCgtTzIUOzuXGCYuyKqn9s+MTS1RW
TN8vbuBnEZEZNssm1cCntTEuClJlD2ZoctwKVGN4WqGJpQhhN6wuLt0Kh2pgt+bm
eJ8zhtvREpncjnt/GIOACIsshSysQONup4tWDOaag3RyBbkM1QDTV8CoA9STjBu4
8/1NZ4+C9qsI94dV+F3C0cijZgDn8Ev62reZKsSYSxBUxreDhwj3DwKAA37bSpf5
WKbjcfDlkuw2TNdwzPPm/NdJs+q8RiMOzCeIUD/vXzzXsfW8qjNDR2veG16+p1cw
w+dLf7ggto00cSgTvNnwrEr14lCE73JVRvg6K+LUsHR5soNuyNGGYMIelvNcj6sh
0xLSSIqREvFW2sVX2LKmOtRMz9YXmQgs4uqGqxMMh8mMcRZeJuTv2X05WydejLKc
mYxc2hwL3urP7JhB28BYhF6KGZRbtcE5X3835cRuwH0AZIL5GW6V63d8FiEPHYMV
Zn0pxOylVGqc2Jr8fzfUlmePh3fVY/H7jRmK+Q8Hrg15SbMho1XAwSw15mfSuNXA
VKvMdoWuN7bFry2FG1/rf033B0E84Nl6P3HD+qjTvBsyT4yFNV9zdZ2vaJkzOCAK
D4mwa1UNIq0b7ncoXGFI
=S4IS
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic