Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 334137 (CVE-2010-2237) - <app-emulation/libvirt-0.8.3: Multiple information leak vulnerabilities (CVE-2010-{2237,2238,2239,2242})
Summary: <app-emulation/libvirt-0.8.3: Multiple information leak vulnerabilities (CVE-...
Status: RESOLVED FIXED
Alias: CVE-2010-2237
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-08-23 19:11 UTC by Tim Sammut (RETIRED)
Modified: 2011-02-02 19:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-08-23 19:11:43 UTC
Two vulnerabilities in <app-emulation/libvirt-0.8.3.

CVE-2010-2237
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

CVE-2010-2238
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.

Since 0.8.3 is already in the tree, and no stable versions exist, perhaps we could use this bug to remove prior, vulnerable versions.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-08-28 21:40:59 UTC
Please remove the vulnerable versions <libvirt-0.8.3 from the tree. 

Thanks!
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:48:05 UTC
CVE-2010-2237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2237):
  Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing
  stores without referring to the user-defined main disk format, which
  might allow guest OS users to read arbitrary files on the host OS,
  and possibly have unspecified other impact, via unknown vectors.

CVE-2010-2238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2238):
  Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into
  disk-image backing stores without extracting the defined disk
  backing-store format, which might allow guest OS users to read
  arbitrary files on the host OS, and possibly have unspecified other
  impact, via unknown vectors.

CVE-2010-2239 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2239):
  Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images
  without setting the user-defined backing-store format, which allows
  guest OS users to read arbitrary files on the host OS via unspecified
  vectors.

CVE-2010-2242 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2242):
  Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with
  improper mappings of privileged source ports, which allows guest OS
  users to bypass intended access restrictions by leveraging IP address
  and source-port values, as demonstrated by copying and deleting an
  NFS directory tree.

Comment 3 Doug Goldstein (RETIRED) gentoo-dev 2011-02-02 19:25:22 UTC
These have all been removed from the tree.
Comment 4 Doug Goldstein (RETIRED) gentoo-dev 2011-02-02 19:25:45 UTC
Marking as fixed since no version was marked stable.