oss-sec mailing list archives
Re: CVE request: libvirt kvm-group writable storage
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 25 Feb 2013 14:24:25 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/25/2013 12:36 PM, Bastian Blank wrote:
Hi libvirtd in privileged (root) mode runs qemu/kvm guests with a different user. It set owner/group of storage used by this guests to this user and group. In Debian this is libvirt-qemu:kvm. | brw-rw---T 1 libvirt-qemu kvm 254, 11 Feb 25 17:08 /dev/dm-11 | brw-rw---T 1 libvirt-qemu kvm 254, 12 Feb 25 17:50 /dev/dm-12 The kvm group is used for generic access control on /dev/kvm, so a lot of users may have access to this group. | crw-rw---T 1 root kvm 10, 232 Feb 25 18:04 kvm This allows write access to unrelated users to this storage. Affected is at least Debian Squeeze (0.8.3-5+squeeze2) and Debian experimental (1.0.1-2). Reference is http://bugs.debian.org/701649 Please assign a CVE. Bastian
Please use CVE-2013-1766 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRK9aIAAoJEBYNRVNeJnmT8EMQAMa1H0ohO260tA037ynQsPZt xsgfjODQyH5DvC0u6/TaenkqdC91wgWuD5pRCgtTzIUOzuXGCYuyKqn9s+MTS1RW TN8vbuBnEZEZNssm1cCntTEuClJlD2ZoctwKVGN4WqGJpQhhN6wuLt0Kh2pgt+bm eJ8zhtvREpncjnt/GIOACIsshSysQONup4tWDOaag3RyBbkM1QDTV8CoA9STjBu4 8/1NZ4+C9qsI94dV+F3C0cijZgDn8Ev62reZKsSYSxBUxreDhwj3DwKAA37bSpf5 WKbjcfDlkuw2TNdwzPPm/NdJs+q8RiMOzCeIUD/vXzzXsfW8qjNDR2veG16+p1cw w+dLf7ggto00cSgTvNnwrEr14lCE73JVRvg6K+LUsHR5soNuyNGGYMIelvNcj6sh 0xLSSIqREvFW2sVX2LKmOtRMz9YXmQgs4uqGqxMMh8mMcRZeJuTv2X05WydejLKc mYxc2hwL3urP7JhB28BYhF6KGZRbtcE5X3835cRuwH0AZIL5GW6V63d8FiEPHYMV Zn0pxOylVGqc2Jr8fzfUlmePh3fVY/H7jRmK+Q8Hrg15SbMho1XAwSw15mfSuNXA VKvMdoWuN7bFry2FG1/rf033B0E84Nl6P3HD+qjTvBsyT4yFNV9zdZ2vaJkzOCAK D4mwa1UNIq0b7ncoXGFI =S4IS -----END PGP SIGNATURE-----
Current thread:
- CVE request: libvirt kvm-group writable storage Bastian Blank (Feb 25)
- Re: CVE request: libvirt kvm-group writable storage Kurt Seifried (Feb 25)