Libvirt Security Notice: LSN-2013-0014 ====================================== Summary: virt-login-shell fails to secure setuid environment Reported on: 20131002 Published on: 20131021 Fixed on: 20131021 Reported by: Sebastian Krahmer Patched by: Daniel Berrange See also: CVE-2013-4400 Description ----------- The virt-login-shell binary is a setuid program to connect to LXC containers. It fails to sanitize its environment in a number of places allowing it to be used to elevate privileges of the invoking user by overwriting files Impact ------ An unprivileged user can overwrite arbitrary files on the host leading to an elevation of privileges. Workaround ---------- Remove the setuid bit from the virt-login-shell binary Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v1.1.2 Broken in: v1.1.3 Fixed in: v1.1.4 Broken by: 54d69f540c9928da98f10202b3f21b7abb00bac1 Fixed by: 8c3586ea755c40d5e01b22cb7b5c1e668cdec994 Fixed by: b7fcc799ad5d8f3e55b89b94e599903e3c092467 Fixed by: 3e2f27e13b94f7302ad948bcacb5e02c859a25fc Branch: v1.1.2-maint Broken by: 54d69f540c9928da98f10202b3f21b7abb00bac1 Fixed by: bd047ba666122fd57f6cb39ac5795449d5ff26d2 Fixed by: 9ab478edaddd00708adc9ff99d5a48e3accecfe5 Fixed by: 31a3086d735b6291795941972b5d6da335cc6aab Branch: v1.1.3-maint Fixed in: v1.1.3.1 Broken by: 54d69f540c9928da98f10202b3f21b7abb00bac1 Fixed by: d8accf54e310b90bd8794edd2d6d1f7d74bb421d Fixed by: 6fc87e07a22587b9f38845ce1a0d6db1c7483fe9 Fixed by: 062ad8b2beac2316a3b1e304668ea852e70ea506