Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 537956 (CVE-2015-0236) - <app-emulation/libvirt-1.2.10-r4: snapshots and save images leak VNC passwords (CVE-2015-0236)
Summary: <app-emulation/libvirt-1.2.10-r4: snapshots and save images leak VNC password...
Status: RESOLVED FIXED
Alias: CVE-2015-0236
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://security.libvirt.org/2015/0001...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-27 11:08 UTC by Matthias Maier
Modified: 2015-02-15 21:09 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Maier gentoo-dev 2015-01-27 11:08:29 UTC 
from ${URL}:

Description:

The two interfaces virDomainSnapshotGetXMLDesc and virDomainSaveImageGetXMLDesc would accept the VIR_DOMAIN_XML_SECURE flag in situations where virDomainGetXMLDesc did not, when fine-grained access control lists (ACL) are in use. As a result, a client can use a snapshot or save image to bypass restrictions and gain access to the secured information.

Impact:

A client using a read-write connection, and which has the 'domain:read' ACL privilege while lacking 'domain:secure_read', can trigger an information leak of data by using VIR_DOMAIN_XML_SECURE with the affected interfaces. Fortunately, the only data in this category is the value of an optional VNC password.



*libvirt-1.2.10-r4 (27 Jan 2015)

  27 Jan 2015; Matthias Maier <tamiko@gentoo.org> +libvirt-1.2.10-r4.ebuild:
  apply security fix for 1.2.10 (CVE-2015-0236)

*libvirt-1.2.12 (27 Jan 2015)
*libvirt-1.2.11-r3 (27 Jan 2015)

  27 Jan 2015; Matthias Maier <tamiko@gentoo.org> +libvirt-1.2.11-r3.ebuild,
  +libvirt-1.2.12.ebuild, -files/libvirt-1.2.10-cve-2014-7823.patch,
  -files/libvirt-1.2.10-cve-2014-8131-part2.patch,
  -files/libvirt-1.2.10-cve-2014-8131.patch, -libvirt-1.2.11-r2.ebuild,
  libvirt-1.2.10-r3.ebuild, libvirt-9999.ebuild:
  version bump; cleanup; apply security fix for 1.2.11 and drop vulnerable
  (CVE-2015-0236)



Fixed in: 1.2.10-r4, 1.2.11-r3
Unaffected: 1.2.12
Vulnerable version left in tree: 1.2.10-r3

Arches, please stabilize version 1.2.10-r4

Target keywords: amd64 x86
Comment 1 Agostino Sarubbo gentoo-dev 2015-01-28 13:34:05 UTC 
amd64 stable
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2015-02-11 18:12:36 UTC 
CVE-2015-0236 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0236):
  libvirt before 1.2.12 allow remote authenticated users to obtain the VNC
  password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot
  to the virDomainSnapshotGetXMLDesc interface or (2) image to the
  virDomainSaveImageGetXMLDesc interface.
Comment 3 Agostino Sarubbo gentoo-dev 2015-02-15 15:08:42 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 4 Matthias Maier gentoo-dev 2015-02-15 15:36:07 UTC 
  15 Feb 2015; Matthias Maier <tamiko@gentoo.org> -libvirt-1.2.10-r3.ebuild:
  drop vulnerable, wrt bug #537956
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-15 15:39:51 UTC 
GLSA Vote: No
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2015-02-15 21:09:21 UTC 
GLSA Vote: No

Maintainer(s), Thank you for cleanup!

Closing noglsa.