Libvirt Security Notice: LSN-2013-0015 ====================================== Summary: Incorrect permissions on XML conversion APIs Reported on: 20131002 Published on: 20131021 Fixed on: 20131021 Reported by: Daniel P. Berrange Patched by: Daniel P. Berrange See also: CVE-2013-4401 Description ----------- The virConnectDomainXMLToNative API was mistakenly given the 'read' permission instead of the 'write' permission. The latter is required since the conversion process will trigger execution of user provided binaries whose path is listed in the XML. Impact ------ An unprivileged user with the 'connect:read' permission could cause the libvirtd daemon to execute arbitrary binaries as root Workaround ---------- Remove the 'connect:read' permission from untrusted users Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v1.1.0 Broken in: v1.1.1 Broken in: v1.1.2 Broken in: v1.1.3 Fixed in: v1.1.4 Broken by: e341435e5090677c67a0d3d4ca0393102054841f Fixed by: 57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c Branch: v1.1.0-maint Broken by: e341435e5090677c67a0d3d4ca0393102054841f Fixed by: a0e5e40501a6ab608f85af878f6af9d52e5db0c7 Branch: v1.1.1-maint Broken by: e341435e5090677c67a0d3d4ca0393102054841f Fixed by: a02673d503326ff713460f5f407151f32a2aea8c Branch: v1.1.2-maint Broken by: e341435e5090677c67a0d3d4ca0393102054841f Fixed by: 90171893ce0d78dd5b93137c6a395b06756f9a08 Branch: v1.1.3-maint Fixed in: v1.1.3.1 Broken by: e341435e5090677c67a0d3d4ca0393102054841f Fixed by: 1adbe4faa952d8aaba58faa7d9b8bd7164aafbe6