| Reported on: | 20100609 |
|---|---|
| Published on: | 20100712 |
| Fixed on: | 20100610 |
| Reported by: | Jeremy Nickurak |
|---|---|
| Patched by: |
When a virtual network is setup to use NAT based forwarding, outgoing connections will have their source port mapped to a NAT selected port. By default iptables will attempt to map privileged ports to privileged ports and libvirt does not make any attempt to override this default logic.
If an network service is configured to allow access by a virtualization host, by checking if the source port is less than 1024, then it is possible for a guest connected to a NAT based virtual network to gain access to network services only intended to be used by the host. For example, an NFS filesystem exported to the virtualization host relying on IP based security with the "secure" option will be inadvertently accessible to guests.
Configure network services to use a strong authentication mechanism instead of relying on source port number validation. Place the guest on a completely separate IP address subnet from the host network.
| Branch | master |
|---|---|
| Broken in: | v0.2.0 |
| Broken in: | v0.2.1 |
| Broken in: | v0.2.2 |
| Broken in: | v0.2.3 |
| Broken in: | v0.3.0 |
| Broken in: | v0.3.1 |
| Broken in: | v0.3.2 |
| Broken in: | v0.3.3 |
| Broken in: | v0.4.1 |
| Broken in: | v0.4.2 |
| Broken in: | v0.4.4 |
| Broken in: | v0.4.6 |
| Broken in: | v0.5.0 |
| Broken in: | v0.5.1 |
| Broken in: | v0.6.0 |
| Broken in: | v0.6.1 |
| Broken in: | v0.6.2 |
| Broken in: | v0.6.3 |
| Broken in: | v0.6.4 |
| Broken in: | v0.6.5 |
| Broken in: | v0.7.0 |
| Broken in: | v0.7.1 |
| Broken in: | v0.7.2 |
| Broken in: | v0.7.3 |
| Broken in: | v0.7.4 |
| Broken in: | v0.7.5 |
| Broken in: | v0.7.6 |
| Broken in: | v0.7.7 |
| Broken in: | v0.8.0 |
| Broken in: | v0.8.1 |
| Broken in: | v0.8.2 |
| Fixed in: | v0.8.3 |
| Broken by: | 3ea88b568d7f5550ac399f310d2a4488bc31618d |
| Fixed by: | c567853089a2764c964002dd752e09e318524a38 |