Re: CVE request: libvirt kvm-group writable storage

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/25/2013 12:36 PM, Bastian Blank wrote:
> Hi
>
> libvirtd in privileged (root) mode runs qemu/kvm guests with a
> different user. It set owner/group of storage used by this guests
> to this user and group. In Debian this is libvirt-qemu:kvm.
>
> | brw-rw---T 1 libvirt-qemu kvm  254, 11 Feb 25 17:08 /dev/dm-11 |
> brw-rw---T 1 libvirt-qemu kvm  254, 12 Feb 25 17:50 /dev/dm-12
>
> The kvm group is used for generic access control on /dev/kvm, so a
> lot of users may have access to this group.
>
> | crw-rw---T 1 root kvm 10, 232 Feb 25 18:04 kvm
>
> This allows write access to unrelated users to this storage.
>
> Affected is at least Debian Squeeze (0.8.3-5+squeeze2) and Debian 
> experimental (1.0.1-2). Reference is http://bugs.debian.org/701649
>
> Please assign a CVE.
>
> Bastian

Please use CVE-2013-1766 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRK9aIAAoJEBYNRVNeJnmT8EMQAMa1H0ohO260tA037ynQsPZt
xsgfjODQyH5DvC0u6/TaenkqdC91wgWuD5pRCgtTzIUOzuXGCYuyKqn9s+MTS1RW
TN8vbuBnEZEZNssm1cCntTEuClJlD2ZoctwKVGN4WqGJpQhhN6wuLt0Kh2pgt+bm
eJ8zhtvREpncjnt/GIOACIsshSysQONup4tWDOaag3RyBbkM1QDTV8CoA9STjBu4
8/1NZ4+C9qsI94dV+F3C0cijZgDn8Ev62reZKsSYSxBUxreDhwj3DwKAA37bSpf5
WKbjcfDlkuw2TNdwzPPm/NdJs+q8RiMOzCeIUD/vXzzXsfW8qjNDR2veG16+p1cw
w+dLf7ggto00cSgTvNnwrEr14lCE73JVRvg6K+LUsHR5soNuyNGGYMIelvNcj6sh
0xLSSIqREvFW2sVX2LKmOtRMz9YXmQgs4uqGqxMMh8mMcRZeJuTv2X05WydejLKc
mYxc2hwL3urP7JhB28BYhF6KGZRbtcE5X3835cRuwH0AZIL5GW6V63d8FiEPHYMV
Zn0pxOylVGqc2Jr8fzfUlmePh3fVY/H7jRmK+Q8Hrg15SbMho1XAwSw15mfSuNXA
VKvMdoWuN7bFry2FG1/rf033B0E84Nl6P3HD+qjTvBsyT4yFNV9zdZ2vaJkzOCAK
D4mwa1UNIq0b7ncoXGFI
=S4IS
-----END PGP SIGNATURE-----