Reported on: | 20190604 |
---|---|
Published on: | 20190620 |
Fixed on: | 20190620 |
Reported by: | Ján Tomko |
---|---|
Patched by: | Ján Tomko |
The virConnectGetDomainCapabilities API reports the domain capabilities XML without checking for a read-only connection. This allows unprivileged users to execute arbitrary binaries with elevated privileges.
The default libvirt configuration allows all local user accounts read-only access to the libvirtd daemon. Any local user can provide an arbitrary emulator, executing arbitrary binaries as the configured QEMU user. Since v5.1.0, the emulator binary is run with CAP_DAC_OVERRIDE, essentially having root privileges.
Edit the /etc/libvirt/libvirtd.conf configuration file, to set the 'unix_sock_ro_perms = "0700"' to prevent local users from connecting to libvirt. Alternatively setup a policy kit rule to prevent them access without first authenticating as root.
Branch | master |
---|---|
Broken in: | v1.2.19 |
Broken in: | v1.2.20 |
Broken in: | v1.2.21 |
Broken in: | v1.3.0 |
Broken in: | v1.3.1 |
Broken in: | v1.3.2 |
Broken in: | v1.3.3 |
Broken in: | v1.3.4 |
Broken in: | v1.3.5 |
Broken in: | v2.0.0 |
Broken in: | v2.1.0 |
Broken in: | v2.2.0 |
Broken in: | v2.3.0 |
Broken in: | v2.4.0 |
Broken in: | v2.5.0 |
Broken in: | v3.0.0 |
Broken in: | v3.1.0 |
Broken in: | v3.2.0 |
Broken in: | v3.3.0 |
Broken in: | v3.4.0 |
Broken in: | v3.5.0 |
Broken in: | v3.6.0 |
Broken in: | v3.7.0 |
Broken in: | v3.8.0 |
Broken in: | v3.9.0 |
Broken in: | v3.10.0 |
Broken in: | v4.0.0 |
Broken in: | v4.1.0 |
Broken in: | v4.2.0 |
Broken in: | v4.3.0 |
Broken in: | v4.4.0 |
Broken in: | v4.5.0 |
Broken in: | v4.6.0 |
Broken in: | v4.7.0 |
Broken in: | v4.8.0 |
Broken in: | v4.9.0 |
Broken in: | v4.10.0 |
Broken in: | v5.0.0 |
Broken in: | v5.1.0 |
Broken in: | v5.2.0 |
Broken in: | v5.3.0 |
Broken in: | v5.4.0 |
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 8afa68bac0cf99d1f8aaa6566685c43c22622f26 |
Branch | v1.2.19-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 7d3b95b03880c8ade5f908dcb3d3c8b2d8e82a8f |
Branch | v1.2.20-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | c5cc88c32320d46f27521aac69027baa3d426ff2 |
Branch | v1.2.21-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | badcb3662a5b28d3ed01c8ceff496e6197d12e3c |
Branch | v1.3.0-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 6ba6bb236a7e293007eb21013d69f42dd1fb21c8 |
Branch | v1.3.1-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | be5d96d547ec54bc35e5eab6472ec900184ae837 |
Branch | v1.3.2-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | e433008df4867b43085961a0f8181ac9401e707b |
Branch | v1.3.3-maint |
---|---|
Broken in: | v1.3.3.1 |
Broken in: | v1.3.3.2 |
Broken in: | v1.3.3.3 |
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | a663e28410aa853675b8b090a1ffafa7c8711ead |
Branch | v1.3.4-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | ab728b5658b307bcde90cf9e9d2e9c2cfb3e9de0 |
Branch | v1.3.5-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 5632ca00ef8b75ce600ebb7255d392339c07b967 |
Branch | v2.0-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 1e51b78a92fa2b381a5741599f4909c2516c0481 |
Branch | v2.1-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | e322b6f73dc2fb5eaab14406cc786361d17ffdc3 |
Branch | v2.2-maint |
---|---|
Broken in: | v2.2.1 |
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | c97b296cf8b336ed1a3260af8c8bd79746cb2971 |
Branch | v3.0-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | bfea7de821a224782253061309e5005486b1b2f6 |
Branch | v3.2-maint |
---|---|
Broken in: | v3.2.1 |
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 452fa3ae558bc842a88753fcdf0d1141a2fd212c |
Branch | v3.7-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | d47a396e995180fd54a0f84cf137f024159b7967 |
Branch | v4.1-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 585be8edbef5ce4ef30e6c20386358ca1ba8e344 |
Branch | v4.2-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 4ce590b007d80b41abd00aba95f73c04e71ff53b |
Branch | v4.3-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | f9b65fa812f6f121b7c5f5daa642f05310b4123c |
Branch | v4.4-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 15502d85dd21d7badeb230285898fa28f67cba9d |
Branch | v4.5-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | fd16bd525afeac6870ab3b747d9ee16002e2f1b2 |
Branch | v4.6-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 93edb0ea630556569320de83d45b100718f1391f |
Branch | v4.7-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 5441f05a42a90779b0df86518286bf527e94aafb |
Branch | v4.8-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 38a16f786794887cb2fd8e82d4b52e07a77d9f50 |
Branch | v4.9-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 6452b9fdff7988024a6157ca0a973ac3abf54468 |
Branch | v4.10-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | d238f132e6e0432a42d3cdff4571730dae3a85eb |
Branch | v5.0-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 58f237d696310f3ac62e98b3b5e9cb98e13064e9 |
Branch | v5.1-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | c5085b7a9031f899c7bef0d2630aa77c461b92a6 |
Branch | v5.1.0-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Branch | v5.2-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 4f50f36c0004af0faf0f535b46e2a1841c2443d8 |
Branch | v5.3-maint |
---|---|
Broken by: | e8d55172544c1fafe31a9e09346bdebca4f0d6f9 |
Fixed by: | 97a737c58ff6080bd0e149830b860ef32b3d2acb |