CVE-2019-10161

Published: Jul 30, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Affected (7)

Products: Redhat: Libvirt, Enterprise Linux, Virtualization, Virtualization Host · Canonical: Ubuntu Linux

4 products

Enterprise Linux

Virtualization Host

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Libvirt	Before 4.10.1
Redhat Libvirt	From 5.0.0 to 5.4.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 8.0

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Virtualization	Version 4.0
Redhat Virtualization Host	Version 4.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 7.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (10)

https://access.redhat.com/libvirt-privesc-vulnerabilities

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580

Source: secalert@redhat.com

https://security.gentoo.org/glsa/202003-18

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4047-2/

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/libvirt-privesc-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202003-18

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4047-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.