Libvirt Security Notice: LSN-2008-0001 ====================================== Summary: Missing checks for read only connections on many APIs Reported on: 20081212 Published on: 20081217 Fixed on: 20081217 Reported by: Daniel P. Berrange Patched by: Daniel P. Berrange See also: CVE-2008-5086 Description ----------- The APIs virDomainMigrate, virDomainBlockPeek, virDomainMemoryPeek, virDomainSetAutostart, virNetworkSetAutostart, virConnectFindStoragePoolSources and virStoragePoolSetAutostart did not check the read-only flag of the connection. This allowed unprivileged users to invoke APIs that they should not have access to. Impact ------ The default libvirt configuration allows all local user accounts read-only access to the libvirtd daemon. Any local user can migrate a running virtual machine to a host of their choice. Any local user can change whether virtual machines, networks or storage pools started automatically on boot. Any local user can trigger discovery of storage pools. Any local user can peek into the disk image or memory of running guests. Workaround ---------- Edit the /etc/libvirt/libvirtd.conf configuration file, to set the 'unix_sock_ro_perms = "0700"' to prevent local users from connecting to libvirt. Alternatively setup a policy kit rule to prevent them access without first authenticating as root. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v0.2.1 Broken in: v0.2.2 Broken in: v0.2.3 Broken in: v0.3.0 Broken in: v0.3.1 Broken in: v0.3.2 Broken in: v0.3.3 Broken in: v0.4.1 Broken in: v0.4.2 Broken in: v0.4.4 Broken in: v0.4.6 Broken in: v0.5.0 Broken in: v0.5.1 Fixed in: v0.6.0 Broken by: 57a18198814f80b1397e1a14d33746034b9dbd5c Broken by: 81005437f4e860d6d65243473c593e4335193b13 Broken by: cb228a0e24266f43dbab208bd38965e511f714ee Broken by: 8354895e681e8aee9bfa0290cb98123858165b91 Broken by: 6bcf25017bc66ef866768c7a827dfe03c96638f0 Broken by: 39c9354c5ce87e1205f41af4737f970aa4f6e5dd Fixed by: 53611889ff93c442028828c70472151a7cf1bf4d