Libvirt Security Notice: LSN-2010-0004

Improperly mapped virtual network source privileged ports

Lifecycle

Reported on: 20100609
Published on: 20100712
Fixed on: 20100610

Credits

Reported by: Jeremy Nickurak
Patched by:

See also

Description

When a virtual network is setup to use NAT based forwarding, outgoing connections will have their source port mapped to a NAT selected port. By default iptables will attempt to map privileged ports to privileged ports and libvirt does not make any attempt to override this default logic.

Impact

If an network service is configured to allow access by a virtualization host, by checking if the source port is less than 1024, then it is possible for a guest connected to a NAT based virtual network to gain access to network services only intended to be used by the host. For example, an NFS filesystem exported to the virtualization host relying on IP based security with the "secure" option will be inadvertantly accessible to guests.

Workaround

Configure network services to use a strong authentication mechanism instead of relying on source port number validation. Place the guest on a completely separate IP address subnet from the host network.

Affected product: libvirt

Branch master
Broken in: v0.2.0
Broken in: v0.2.1
Broken in: v0.2.2
Broken in: v0.2.3
Broken in: v0.3.0
Broken in: v0.3.1
Broken in: v0.3.2
Broken in: v0.3.3
Broken in: v0.4.1
Broken in: v0.4.2
Broken in: v0.4.4
Broken in: v0.4.6
Broken in: v0.5.0
Broken in: v0.5.1
Broken in: v0.6.0
Broken in: v0.6.1
Broken in: v0.6.2
Broken in: v0.6.3
Broken in: v0.6.4
Broken in: v0.6.5
Broken in: v0.7.0
Broken in: v0.7.1
Broken in: v0.7.2
Broken in: v0.7.3
Broken in: v0.7.4
Broken in: v0.7.5
Broken in: v0.7.6
Broken in: v0.7.7
Broken in: v0.8.0
Broken in: v0.8.1
Broken in: v0.8.2
Broken in: v0.8.3
Broken by: 3ea88b568d7f5550ac399f310d2a4488bc31618d
Fixed by: c567853089a2764c964002dd752e09e318524a38

Alternative formats: [xml] [text]