Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 334137 (CVE-2010-2237)

Summary: <app-emulation/libvirt-0.8.3: Multiple information leak vulnerabilities (CVE-2010-{2237,2238,2239,2242})
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: cardoe
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2010-08-23 19:11:43 UTC 
Two vulnerabilities in <app-emulation/libvirt-0.8.3.

CVE-2010-2237
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

CVE-2010-2238
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

Since 0.8.3 is already in the tree, and no stable versions exist, perhaps we could use this bug to remove prior, vulnerable versions.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-08-28 21:40:59 UTC 
Please remove the vulnerable versions <libvirt-0.8.3 from the tree. 

Thanks!
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:48:05 UTC 
CVE-2010-2237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2237):
  Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing
  stores without referring to the user-defined main disk format, which
  might allow guest OS users to read arbitrary files on the host OS,
  and possibly have unspecified other impact, via unknown vectors.

CVE-2010-2238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2238):
  Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into
  disk-image backing stores without extracting the defined disk
  backing-store format, which might allow guest OS users to read
  arbitrary files on the host OS, and possibly have unspecified other
  impact, via unknown vectors.

CVE-2010-2239 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2239):
  Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images
  without setting the user-defined backing-store format, which allows
  guest OS users to read arbitrary files on the host OS via unspecified
  vectors.

CVE-2010-2242 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2242):
  Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with
  improper mappings of privileged source ports, which allows guest OS
  users to bypass intended access restrictions by leveraging IP address
  and source-port values, as demonstrated by copying and deleting an
  NFS directory tree.
Comment 3 Doug Goldstein (RETIRED) gentoo-dev 2011-02-02 19:25:22 UTC 
These have all been removed from the tree.
Comment 4 Doug Goldstein (RETIRED) gentoo-dev 2011-02-02 19:25:45 UTC 
Marking as fixed since no version was marked stable.