Libvirt Security Notice: LSN-2010-0004 ====================================== Summary: Improperly mapped virtual network source privileged ports Reported on: 20100609 Published on: 20100712 Fixed on: 20100610 Reported by: Jeremy Nickurak Patched by: <> See also: CVE-2010-2242, ubuntu bug #591943 Description ----------- When a virtual network is setup to use NAT based forwarding, outgoing connections will have their source port mapped to a NAT selected port. By default iptables will attempt to map privileged ports to privileged ports and libvirt does not make any attempt to override this default logic. Impact ------ If an network service is configured to allow access by a virtualization host, by checking if the source port is less than 1024, then it is possible for a guest connected to a NAT based virtual network to gain access to network services only intended to be used by the host. For example, an NFS filesystem exported to the virtualization host relying on IP based security with the "secure" option will be inadvertently accessible to guests. Workaround ---------- Configure network services to use a strong authentication mechanism instead of relying on source port number validation. Place the guest on a completely separate IP address subnet from the host network. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v0.2.0 Broken in: v0.2.1 Broken in: v0.2.2 Broken in: v0.2.3 Broken in: v0.3.0 Broken in: v0.3.1 Broken in: v0.3.2 Broken in: v0.3.3 Broken in: v0.4.1 Broken in: v0.4.2 Broken in: v0.4.4 Broken in: v0.4.6 Broken in: v0.5.0 Broken in: v0.5.1 Broken in: v0.6.0 Broken in: v0.6.1 Broken in: v0.6.2 Broken in: v0.6.3 Broken in: v0.6.4 Broken in: v0.6.5 Broken in: v0.7.0 Broken in: v0.7.1 Broken in: v0.7.2 Broken in: v0.7.3 Broken in: v0.7.4 Broken in: v0.7.5 Broken in: v0.7.6 Broken in: v0.7.7 Broken in: v0.8.0 Broken in: v0.8.1 Broken in: v0.8.2 Fixed in: v0.8.3 Broken by: 3ea88b568d7f5550ac399f310d2a4488bc31618d Fixed by: c567853089a2764c964002dd752e09e318524a38