Libvirt Security Notice: LSN-2012-0001 ====================================== Summary: DNS configured to answer DNS queries from non-virtual networks Reported on: 20120618 Published on: 20120709 Fixed on: 20121129 Reported by: David Woodhouse Patched by: Laine Stump See also: CVE-2012-3411 Description ----------- The DNS server run on the virtual networks did not restrict what source interfaces it was prepared to answer queries from. It was only supposed to answer queries from guest interfaces, however, it could answer queries from the public interfaces Impact ------ If the virtual network is configured with a public IP address range, then it would effectively operate as an open DNS server for the world, instead of just the virtual machines. Workaround ---------- Do not configure the virtual network with public IP address ranges, or use network router firewall rules to block access to the DNS ports on the virtualization host Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v0.4.2 Broken in: v0.4.4 Broken in: v0.4.6 Broken in: v0.5.0 Broken in: v0.5.1 Broken in: v0.6.0 Broken in: v0.6.1 Broken in: v0.6.2 Broken in: v0.6.3 Broken in: v0.6.4 Broken in: v0.6.5 Broken in: v0.7.0 Broken in: v0.7.1 Broken in: v0.7.2 Broken in: v0.7.3 Broken in: v0.7.4 Broken in: v0.7.5 Broken in: v0.7.6 Broken in: v0.7.7 Broken in: v0.8.0 Broken in: v0.8.1 Broken in: v0.8.2 Broken in: v0.8.3 Broken in: v0.8.4 Broken in: v0.8.5 Broken in: v0.8.6 Broken in: v0.8.7 Broken in: v0.8.8 Broken in: v0.9.0 Broken in: v0.9.1 Broken in: v0.9.2 Broken in: v0.9.3 Broken in: v0.9.4 Broken in: v0.9.5 Broken in: v0.9.6 Broken in: v0.9.7 Broken in: v0.9.8 Broken in: v0.9.9 Broken in: v0.9.10 Broken in: v0.9.11 Broken in: v0.9.12 Broken in: v0.9.13 Broken in: v0.10.0 Broken in: v0.10.1 Broken in: v0.10.2 Broken in: v1.0.0 Fixed in: v1.0.1 Broken by: 038b434f144fa9d24c6e4e9988707ee114973a8a Fixed by: 753ff83a50263d6975f88d6605d4b5ddfcc97560 Branch: v0.8.3-maint Broken by: 038b434f144fa9d24c6e4e9988707ee114973a8a Branch: v0.9.6-maint Broken in: v0.9.6.1 Broken in: v0.9.6.2 Broken in: v0.9.6.3 Broken in: v0.9.6.4 Broken by: 038b434f144fa9d24c6e4e9988707ee114973a8a Branch: v0.9.11-maint Broken in: v0.9.11.1 Broken in: v0.9.11.2 Broken in: v0.9.11.3 Broken in: v0.9.11.4 Broken in: v0.9.11.5 Broken in: v0.9.11.6 Broken in: v0.9.11.7 Fixed in: v0.9.11.8 Broken by: 038b434f144fa9d24c6e4e9988707ee114973a8a Fixed by: 2abde0ac0740e57c47ed684ce0d56195b977bdb3 Branch: v0.9.12-maint Broken in: v0.9.12.1 Broken in: v0.9.12.2 Broken in: v0.9.12.3 Broken by: 038b434f144fa9d24c6e4e9988707ee114973a8a Branch: v0.10.2-maint Broken in: v0.10.2.1 Fixed in: v0.10.2.2 Broken by: 038b434f144fa9d24c6e4e9988707ee114973a8a Fixed by: 3fbab08a52fd8cabbf5639c6badd34ceff3e53fe Branch: v1.0.0-maint Broken by: 038b434f144fa9d24c6e4e9988707ee114973a8a