CVE-2019-10166

Impact:
Important
Public Date:
2019-06-20
CWE:
CWE-284
Bugzilla:
1720114: CVE-2019-10166 libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.

Find out more about CVE-2019-10166 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

  • This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.
  • Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.

CVSS v3 metrics

CVSS3 Base Score 7.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Advanced Virtualization for RHEL 8.0.1 (virt:8.0.0) RHSA-2019:1762 2019-07-11
Red Hat Enterprise Linux 7 (libvirt) RHSA-2019:1579 2019-06-20
Red Hat Enterprise Linux 8 (virt:rhel) RHSA-2019:1580 2019-06-20
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (redhat-virtualization-host) RHSA-2019:1699 2019-07-08

Affected Packages State

Platform Package State
Red Hat Gluster Storage 3 libvirt Not affected
Red Hat Enterprise Linux 6 libvirt Not affected
Red Hat Enterprise Linux 5 libvirt Not affected

Acknowledgements

Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue.

Mitigation

The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.

External References

Last Modified