Libvirt Security Notice: LSN-2016-0002

Access to virDomainGetTime mistakenly allowed on read-only connection

Lifecycle

Reported on: 20160111
Published on: 20160111
Fixed on: 20160111

Credits

Reported by: Michal Privoznik
Patched by: Michal Privoznik

See also

Description

The virDomainGetTime API will talk to a guest agent on some hypervisors like QEMU, and so must be forbidden on read-only connections to libvirt

Impact

An unprivileged user on the virtualization host can invoke the virDomainGetTime API which talks to the QEMU guest agent. If this user also has administrative privileges in the guest, they can use a malicious guest agent to inflict a denial of service on libvirt potentially blocking further API calls on that guest for a period of time.

Workaround

Disable the QEMU agent in any VMs whose admin is not trustworthy. Alternative reconfigure the host access control to block use of the readonly libvirtd socket

Affected product: libvirt

Branch master
Broken in: v1.2.5
Broken in: v1.2.6
Broken in: v1.2.7
Broken in: v1.2.8
Broken in: v1.2.9
Broken in: v1.2.10
Broken in: v1.2.11
Broken in: v1.2.12
Broken in: v1.2.13
Broken in: v1.2.14
Broken in: v1.2.15
Broken in: v1.2.16
Broken in: v1.2.17
Broken in: v1.2.18
Broken in: v1.2.19
Broken in: v1.2.20
Broken in: v1.2.21
Broken in: v1.3.0
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Fixed by: 506e9d6c2d4baaf580d489fff0690c0ff2ff588f
Branch v1.2.5-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.6-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.7-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.8-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.9-maint
Broken in: v1.2.9.1
Broken in: v1.2.9.2
Broken in: v1.2.9.3
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.10-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.11-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.12-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.13-maint
Broken in: v1.2.13.1
Broken in: v1.2.13.2
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.14-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.15-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.16-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.17-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.18-maint
Broken in: v1.2.18.1
Broken in: v1.2.18.2
Broken in: v1.2.18.3
Broken in: v1.2.18.4
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.19-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.20-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.2.21-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287
Branch v1.3.0-maint
Broken by: 0abb36938027f3991f3ce5151b31cca9737a1287

Alternative formats: [xml] [text]