Debian Bug report logs -
#617773
libvirt: several API calls do not honour read-only connection
Reported by: Luciano Bello <luciano@debian.org>
Date: Fri, 11 Mar 2011 09:51:01 UTC
Severity: normal
Tags: security
Fixed in versions libvirt/0.8.8-3, libvirt/0.8.3-5+squeeze1
Done: Guido Günther <agx@sigxcpu.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
:
Bug#617773
; Package libvirt
.
(Fri, 11 Mar 2011 09:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
.
(Fri, 11 Mar 2011 09:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libvirt
Tags: security
Hi,
"It has been found that several libvirt API calls (virNodeDeviceDettach,
virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did not
honour read-only connection. Remote attacker could use this flaw to crash the
host server (DoS)."
Please use CVE-2011-1146 as a reference to this problem. Can you confirm if this
affects to oldstable or stable?
More info at
https://bugzilla.redhat.com/show_bug.cgi?id=683650
Thanks, luciano
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
:
Bug#617773
; Package libvirt
.
(Sat, 12 Mar 2011 20:51:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Guido Günther <agx@sigxcpu.org>
:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
.
(Sat, 12 Mar 2011 20:51:07 GMT) (full text, mbox, link).
Message #10 received at 617773@bugs.debian.org (full text, mbox, reply):
On Fri, Mar 11, 2011 at 06:46:28AM -0300, Luciano Bello wrote:
> Package: libvirt
> Tags: security
>
> Hi,
> "It has been found that several libvirt API calls (virNodeDeviceDettach,
> virNodeDeviceReset, virDomainRevertToSnapshot, virDomainSnapshotDelete) did not
> honour read-only connection. Remote attacker could use this flaw to crash the
> host server (DoS)."
>
> Please use CVE-2011-1146 as a reference to this problem. Can you confirm if this
> affects to oldstable or stable?
>
> More info at
> https://bugzilla.redhat.com/show_bug.cgi?id=683650
Stable has:
virNodeDeviceDettach
virNodeDeviceReset
virDomainRevertToSnapshot
virDomainSnapshotDelete
lacking checks for RO connections.
Oldstable has none of these functions since the APIs were added later.
Cheers,
-- Guido
Reply sent
to Guido Günther <agx@sigxcpu.org>
:
You have taken responsibility.
(Mon, 14 Mar 2011 21:39:06 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>
:
Bug acknowledged by developer.
(Mon, 14 Mar 2011 21:39:06 GMT) (full text, mbox, link).
Message #15 received at 617773-close@bugs.debian.org (full text, mbox, reply):
Source: libvirt
Source-Version: 0.8.8-3
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:
libvirt-bin_0.8.8-3_i386.deb
to main/libv/libvirt/libvirt-bin_0.8.8-3_i386.deb
libvirt-dev_0.8.8-3_i386.deb
to main/libv/libvirt/libvirt-dev_0.8.8-3_i386.deb
libvirt-doc_0.8.8-3_all.deb
to main/libv/libvirt/libvirt-doc_0.8.8-3_all.deb
libvirt0-dbg_0.8.8-3_i386.deb
to main/libv/libvirt/libvirt0-dbg_0.8.8-3_i386.deb
libvirt0_0.8.8-3_i386.deb
to main/libv/libvirt/libvirt0_0.8.8-3_i386.deb
libvirt_0.8.8-3.debian.tar.gz
to main/libv/libvirt/libvirt_0.8.8-3.debian.tar.gz
libvirt_0.8.8-3.dsc
to main/libv/libvirt/libvirt_0.8.8-3.dsc
python-libvirt_0.8.8-3_i386.deb
to main/libv/libvirt/python-libvirt_0.8.8-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 617773@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 14 Mar 2011 20:06:57 +0100
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.8.8-3
Distribution: unstable
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description:
libvirt-bin - the programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 614210 617773
Changes:
libvirt (0.8.8-3) unstable; urgency=low
.
* [28df435] Don't create the rundir in the init script. The daemon does this
now.
* [7302aff] New patch Make-sure-the-rundir-is-accessible-by-the-user.patch.
Make sure the rundir is accessible by the user (Closes: #614210)
* [6dde59d] Recommend dmidecode used by the qemu driver
* [235f893] Add missing checks for read only connections.
As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
- virConnectDomainXMLToNative
- virNodeDeviceDettach
- virNodeDeviceReAttach
- virNodeDeviceReset
- virDomainRevertToSnapshot
- virDomainSnapshotDelete
src/libvirt.c: fix the above set of entry points to error on read-only
connections (Closes: #617773)
Checksums-Sha1:
9201b3c73ebee3ad07a0bd1d0276afafa1d8fb3d 1874 libvirt_0.8.8-3.dsc
7b7843181dd06ced8f6388b8e0fa378b0b79a8be 29942 libvirt_0.8.8-3.debian.tar.gz
a37727e7dece4a455ce4763b134a4393a71d6325 1366942 libvirt-doc_0.8.8-3_all.deb
913e3716e2e394ea3ca6d04de031207a24c419a7 1208742 libvirt-bin_0.8.8-3_i386.deb
21e4fdbde89a20be1e1388b4d12b5e0a56ad616b 1229932 libvirt0_0.8.8-3_i386.deb
1923bd44dc35f648440c3a43b1f06695e135a9c0 3792886 libvirt0-dbg_0.8.8-3_i386.deb
c5349715b8c2a98abb06d27011e73f21b53c8c2a 1500362 libvirt-dev_0.8.8-3_i386.deb
5090e9a411697219791340a50b70f4633841a0aa 584462 python-libvirt_0.8.8-3_i386.deb
Checksums-Sha256:
f9f31511926ea47ff876e03997d7eceb7b8a612ea1094a85b9ff5c6debb8aaa6 1874 libvirt_0.8.8-3.dsc
936a36ddce8321056c716f31a7e39563e348491103f73ade94d5ccf048a17189 29942 libvirt_0.8.8-3.debian.tar.gz
f8e7be8895351fbd597f7ed690e8dd73c6d576f334180a51a71e0e6dbcce1d6a 1366942 libvirt-doc_0.8.8-3_all.deb
b2d2ce9bcdb97d49c2bd4229f081c0a7379e2e8959b4f3cf6e6aa2db8e2234d5 1208742 libvirt-bin_0.8.8-3_i386.deb
4f7de634fcc5a32cf6c94770370a2eb4d40e5efb25d8c54476af8715fbbb14db 1229932 libvirt0_0.8.8-3_i386.deb
72b78297ea02ef63f4a2696d2c79d5f0afcbdf2caf7ec98c0c1c00df0850b879 3792886 libvirt0-dbg_0.8.8-3_i386.deb
9516907fa74614deaeefe3967078be650aef6f20c230d96e04f4f8a0e01271e8 1500362 libvirt-dev_0.8.8-3_i386.deb
cca96a6596ffb43ae918e882a27aecf3a38bfe4a0ea8740c0117e9d8668ccc21 584462 python-libvirt_0.8.8-3_i386.deb
Files:
516043318458e76e2a7ae7cc05ce3531 1874 libs optional libvirt_0.8.8-3.dsc
484f446bb6c3bd06da4f01df421a3929 29942 libs optional libvirt_0.8.8-3.debian.tar.gz
3e68a355791f47f9ff5750861136419b 1366942 doc optional libvirt-doc_0.8.8-3_all.deb
2399f3d0804da39a13ff2b9a2c8b3b67 1208742 admin optional libvirt-bin_0.8.8-3_i386.deb
e0799933bc5b2b5a2a5f982bd9a164af 1229932 libs optional libvirt0_0.8.8-3_i386.deb
6dbbf463ba693f97a069000845418c93 3792886 debug extra libvirt0-dbg_0.8.8-3_i386.deb
22aa1d69b35c73aa5f6824a7b4ddba58 1500362 libdevel optional libvirt-dev_0.8.8-3_i386.deb
69890cd625ae5ae38e6675b18d84e3d3 584462 python optional python-libvirt_0.8.8-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFNfnngn88szT8+ZCYRAjDJAJ9hUFI+36/E02EoTPUEEPgb5xyxDQCfQDdO
IVU8Z3U/iiBIqtIj6J9hB5w=
=1zJI
-----END PGP SIGNATURE-----
Reply sent
to Guido Günther <agx@sigxcpu.org>
:
You have taken responsibility.
(Wed, 23 Mar 2011 09:45:10 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>
:
Bug acknowledged by developer.
(Wed, 23 Mar 2011 09:45:10 GMT) (full text, mbox, link).
Message #20 received at 617773-close@bugs.debian.org (full text, mbox, reply):
Source: libvirt
Source-Version: 0.8.3-5+squeeze1
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:
libvirt-bin_0.8.3-5+squeeze1_i386.deb
to main/libv/libvirt/libvirt-bin_0.8.3-5+squeeze1_i386.deb
libvirt-dev_0.8.3-5+squeeze1_i386.deb
to main/libv/libvirt/libvirt-dev_0.8.3-5+squeeze1_i386.deb
libvirt-doc_0.8.3-5+squeeze1_all.deb
to main/libv/libvirt/libvirt-doc_0.8.3-5+squeeze1_all.deb
libvirt0-dbg_0.8.3-5+squeeze1_i386.deb
to main/libv/libvirt/libvirt0-dbg_0.8.3-5+squeeze1_i386.deb
libvirt0_0.8.3-5+squeeze1_i386.deb
to main/libv/libvirt/libvirt0_0.8.3-5+squeeze1_i386.deb
libvirt_0.8.3-5+squeeze1.debian.tar.gz
to main/libv/libvirt/libvirt_0.8.3-5+squeeze1.debian.tar.gz
libvirt_0.8.3-5+squeeze1.dsc
to main/libv/libvirt/libvirt_0.8.3-5+squeeze1.dsc
python-libvirt_0.8.3-5+squeeze1_i386.deb
to main/libv/libvirt/python-libvirt_0.8.3-5+squeeze1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 617773@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 14 Mar 2011 21:33:33 +0100
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.8.3-5+squeeze1
Distribution: stable-security
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description:
libvirt-bin - the programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 617773
Changes:
libvirt (0.8.3-5+squeeze1) stable-security; urgency=low
.
* [0ee351f] [CVE-2011-1146] Add missing checks for read only connections.
Some API forgot to check the read-only status of the connection for
entry point which modify the state of the system or may lead to a remote
execution using user data.
The entry points concerned are:
- virConnectDomainXMLToNative
- virNodeDeviceDettach
- virNodeDeviceReAttach
- virNodeDeviceReset
- virDomainRevertToSnapshot
- virDomainSnapshotDelete
src/libvirt.c: fix the above set of entry points to error on read-only
(Closes: #617773)
Checksums-Sha1:
5e9cdf77c59492365589e8f9fcaca5398e850acb 1910 libvirt_0.8.3-5+squeeze1.dsc
4dc92139031f2af3141c2b1d0813b57ecd735c5d 12430752 libvirt_0.8.3.orig.tar.gz
06055fe552e57c43515a03fc4a44a07deb0a57f1 30169 libvirt_0.8.3-5+squeeze1.debian.tar.gz
1c19211ced39c177468c4870f86e89f98375188b 1120026 libvirt-doc_0.8.3-5+squeeze1_all.deb
917f5e27ed1c39b6d72003dac8d5d60a87a1f9a4 1022162 libvirt-bin_0.8.3-5+squeeze1_i386.deb
26a3fd1605f5cc158ebfa1018ddaf1b70bf453f7 954860 libvirt0_0.8.3-5+squeeze1_i386.deb
241a8434e6858dcb2096a32d2e84cf1f06d100f4 3045724 libvirt0-dbg_0.8.3-5+squeeze1_i386.deb
a5f262d2066dcddbce28b56b0d160f8f5a671bf8 1176458 libvirt-dev_0.8.3-5+squeeze1_i386.deb
82a41aee83feb2a5fca89abe1120a5e646b19f9b 440134 python-libvirt_0.8.3-5+squeeze1_i386.deb
Checksums-Sha256:
27c3781098f5c6f45582a08321e94c7e5ba273a671b46aadaf58cfb319c4ba53 1910 libvirt_0.8.3-5+squeeze1.dsc
35e1836c3947ac3edd7b4a1948cf13f5f13dd3e5bb31933d627d771b1e997a1f 12430752 libvirt_0.8.3.orig.tar.gz
f9fca6e0bf3f3434acb59562a1405953b93f1686f53893d9584dd182d31c4be2 30169 libvirt_0.8.3-5+squeeze1.debian.tar.gz
3058008b7735dc546750a7380dcc1ba7d9f96e244bc33fd194a2fd34d8fe417f 1120026 libvirt-doc_0.8.3-5+squeeze1_all.deb
478a98af610d2b3b12dccd49cfd73732836450eec14507b093faa67dee8452d0 1022162 libvirt-bin_0.8.3-5+squeeze1_i386.deb
1d05e07c8596ae9d0ad77412986468cd2bcf233b11c20086905c84011c938d5d 954860 libvirt0_0.8.3-5+squeeze1_i386.deb
6614a747c10050dc51baa093a3fd552afbd7521c9c7850b62dd99f9318c4cd2c 3045724 libvirt0-dbg_0.8.3-5+squeeze1_i386.deb
079b35103864c6b472be3c49a391ad74f50b622a263a354b3a965db47274b6de 1176458 libvirt-dev_0.8.3-5+squeeze1_i386.deb
efb3e8d596ce7c9f97d7ab4c4248c5050be4261389ef3d64ebfe11a5f14ca19d 440134 python-libvirt_0.8.3-5+squeeze1_i386.deb
Files:
91055f0638e8b59c0b6b064be034e26e 1910 libs optional libvirt_0.8.3-5+squeeze1.dsc
ae8535ce119d32a2e9fb1f46e2c8f325 12430752 libs optional libvirt_0.8.3.orig.tar.gz
6ecc8db35e8634de348ed3f695553ce5 30169 libs optional libvirt_0.8.3-5+squeeze1.debian.tar.gz
9500e700dfb4cb17f0ac28956d841415 1120026 doc optional libvirt-doc_0.8.3-5+squeeze1_all.deb
620959491e8f6186a9998b547a4b9e71 1022162 admin optional libvirt-bin_0.8.3-5+squeeze1_i386.deb
3ae9e78cf2a8a8fa6a6f6ca8fd9b8d80 954860 libs optional libvirt0_0.8.3-5+squeeze1_i386.deb
0a5557c1c008f9c48b9b8b404ed0aaae 3045724 debug extra libvirt0-dbg_0.8.3-5+squeeze1_i386.deb
e69d0b433cb79bc9cd0d18cb91afd60c 1176458 libdevel optional libvirt-dev_0.8.3-5+squeeze1_i386.deb
c158c81c5074972f29992c6d5e9f1d5e 440134 python optional python-libvirt_0.8.3-5+squeeze1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFNgboXn88szT8+ZCYRAm0xAJ9Y8qS30/PePM3HmQyY9ktSJ4VEWgCffm+H
ZM8FgUoXmzNFt8gioCgFl1s=
=g0Gz
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 25 May 2011 07:38:53 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:45:26 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.