Libvirt Security Notice: LSN-2019-0006 ====================================== Summary: virConnectGetDomainCapabilities does not check for read-only connection Reported on: 20190604 Published on: 20190620 Fixed on: 20190620 Reported by: Ján Tomko Patched by: Ján Tomko See also: CVE-2019-10167 Description ----------- The virConnectGetDomainCapabilities API reports the domain capabilities XML without checking for a read-only connection. This allows unprivileged users to execute arbitrary binaries with elevated privileges. Impact ------ The default libvirt configuration allows all local user accounts read-only access to the libvirtd daemon. Any local user can provide an arbitrary emulator, executing arbitrary binaries as the configured QEMU user. Since v5.1.0, the emulator binary is run with CAP_DAC_OVERRIDE, essentially having root privileges. Workaround ---------- Edit the /etc/libvirt/libvirtd.conf configuration file, to set the 'unix_sock_ro_perms = "0700"' to prevent local users from connecting to libvirt. Alternatively setup a policy kit rule to prevent them access without first authenticating as root. Affected product ---------------- Name: libvirt Repository: https://gitlab.com/libvirt/libvirt Branch: master Broken in: v1.2.19 Broken in: v1.2.20 Broken in: v1.2.21 Broken in: v1.3.0 Broken in: v1.3.1 Broken in: v1.3.2 Broken in: v1.3.3 Broken in: v1.3.4 Broken in: v1.3.5 Broken in: v2.0.0 Broken in: v2.1.0 Broken in: v2.2.0 Broken in: v2.3.0 Broken in: v2.4.0 Broken in: v2.5.0 Broken in: v3.0.0 Broken in: v3.1.0 Broken in: v3.2.0 Broken in: v3.3.0 Broken in: v3.4.0 Broken in: v3.5.0 Broken in: v3.6.0 Broken in: v3.7.0 Broken in: v3.8.0 Broken in: v3.9.0 Broken in: v3.10.0 Broken in: v4.0.0 Broken in: v4.1.0 Broken in: v4.2.0 Broken in: v4.3.0 Broken in: v4.4.0 Broken in: v4.5.0 Broken in: v4.6.0 Broken in: v4.7.0 Broken in: v4.8.0 Broken in: v4.9.0 Broken in: v4.10.0 Broken in: v5.0.0 Broken in: v5.1.0 Broken in: v5.2.0 Broken in: v5.3.0 Broken in: v5.4.0 Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 8afa68bac0cf99d1f8aaa6566685c43c22622f26 Branch: v1.2.19-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 7d3b95b03880c8ade5f908dcb3d3c8b2d8e82a8f Branch: v1.2.20-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: c5cc88c32320d46f27521aac69027baa3d426ff2 Branch: v1.2.21-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: badcb3662a5b28d3ed01c8ceff496e6197d12e3c Branch: v1.3.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 6ba6bb236a7e293007eb21013d69f42dd1fb21c8 Branch: v1.3.1-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: be5d96d547ec54bc35e5eab6472ec900184ae837 Branch: v1.3.2-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: e433008df4867b43085961a0f8181ac9401e707b Branch: v1.3.3-maint Broken in: v1.3.3.1 Broken in: v1.3.3.2 Broken in: v1.3.3.3 Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: a663e28410aa853675b8b090a1ffafa7c8711ead Branch: v1.3.4-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: ab728b5658b307bcde90cf9e9d2e9c2cfb3e9de0 Branch: v1.3.5-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 5632ca00ef8b75ce600ebb7255d392339c07b967 Branch: v2.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 1e51b78a92fa2b381a5741599f4909c2516c0481 Branch: v2.1-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: e322b6f73dc2fb5eaab14406cc786361d17ffdc3 Branch: v2.2-maint Broken in: v2.2.1 Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: c97b296cf8b336ed1a3260af8c8bd79746cb2971 Branch: v3.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: bfea7de821a224782253061309e5005486b1b2f6 Branch: v3.2-maint Broken in: v3.2.1 Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 452fa3ae558bc842a88753fcdf0d1141a2fd212c Branch: v3.7-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: d47a396e995180fd54a0f84cf137f024159b7967 Branch: v4.1-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 585be8edbef5ce4ef30e6c20386358ca1ba8e344 Branch: v4.2-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 4ce590b007d80b41abd00aba95f73c04e71ff53b Branch: v4.3-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: f9b65fa812f6f121b7c5f5daa642f05310b4123c Branch: v4.4-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 15502d85dd21d7badeb230285898fa28f67cba9d Branch: v4.5-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: fd16bd525afeac6870ab3b747d9ee16002e2f1b2 Branch: v4.6-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 93edb0ea630556569320de83d45b100718f1391f Branch: v4.7-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 5441f05a42a90779b0df86518286bf527e94aafb Branch: v4.8-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 38a16f786794887cb2fd8e82d4b52e07a77d9f50 Branch: v4.9-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 6452b9fdff7988024a6157ca0a973ac3abf54468 Branch: v4.10-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: d238f132e6e0432a42d3cdff4571730dae3a85eb Branch: v5.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 58f237d696310f3ac62e98b3b5e9cb98e13064e9 Branch: v5.1-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: c5085b7a9031f899c7bef0d2630aa77c461b92a6 Branch: v5.1.0-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Branch: v5.2-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 4f50f36c0004af0faf0f535b46e2a1841c2443d8 Branch: v5.3-maint Broken by: e8d55172544c1fafe31a9e09346bdebca4f0d6f9 Fixed by: 97a737c58ff6080bd0e149830b860ef32b3d2acb