CVE-2019-10167

Impact:
Important
Public Date:
2019-06-20
CWE:
(CWE-284|CWE-250)
Bugzilla:
1720117: CVE-2019-10167 libvirt: arbitrary command execution via virConnectGetDomainCapabilities API
The virConnectGetDomainCapabilities() libvirt API accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

Find out more about CVE-2019-10167 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

  • This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.
  • Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.

CVSS v3 metrics

CVSS3 Base Score 8.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Advanced Virtualization for RHEL 8.0.1 (virt:8.0.0) RHSA-2019:1762 2019-07-11
Red Hat Enterprise Linux 7 (libvirt) RHSA-2019:1579 2019-06-20
Red Hat Enterprise Linux 8 (virt:rhel) RHSA-2019:1580 2019-06-20
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (redhat-virtualization-host) RHSA-2019:1699 2019-07-08

Affected Packages State

Platform Package State
Red Hat Gluster Storage 3 libvirt Not affected
Red Hat Enterprise Linux 6 libvirt Not affected
Red Hat Enterprise Linux 5 libvirt Not affected

Acknowledgements

This issue was discovered by Jan Tomko (Red Hat).

Mitigation

The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.

External References

Last Modified