Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 489374 (CVE-2013-4400) - <app-emulation/libvirt-1.1.3-r1 : Privilege Escalation and Security Bypass Vulnerabilities (CVE-2013-4400)
Summary: <app-emulation/libvirt-1.1.3-r1 : Privilege Escalation and Security Bypass Vu...
Status: RESOLVED FIXED
Alias: CVE-2013-4400
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/55210/
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-25 13:16 UTC by Agostino Sarubbo
Modified: 2014-12-08 23:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-10-25 13:16:01 UTC
From ${URL} :

Description

Some vulnerabilities have been reported in libvirt, which can be exploited by malicious, local 
users to gain escalated privileges and by malicious users to bypass certain security restrictions.

1) Some errors related to the virt-login-shell binary can be exploited to e.g. overwrite arbitrary 
files with root privileges.

2) An error within the "virConnectDomainXMLToNative()" API can be exploited to gain access to 
otherwise restricted functionality via specially crafted XML data.


Solution:
Fixed in the git repository.

Provided and/or discovered by:
1) The vendor credits Sebastian Krahmer, SUSE Security Team.
2) Reported by the vendor.

Original Advisory:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=8c3586ea755c40d5e01b22cb7b5c1e668cdec994
http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7fcc799ad5d8f3e55b89b94e599903e3c092467
http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e2f27e13b94f7302ad948bcacb5e02c859a25fc
http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c


@maintainer(s): since the fixed package is already in the tree, please say explicitly if it is ready for the stabilization or not.
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2013-10-25 14:31:59 UTC
CVE-2013-4400 and CVE-2013-4401 are fixed with libvirt-1.1.3-r1.

*libvirt-1.1.3-r1 (22 Oct 2013)

  22 Oct 2013; Doug Goldstein <cardoe@gentoo.org> +libvirt-1.1.3-r1.ebuild:
  Fix for CVE-2013-4400 and CVE-2013-4401.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2013-10-25 15:43:43 UTC
Arches, please test and mark stable:

=app-emulation/libvirt-1.1.3-r1;

Target keywords : "amd64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2013-10-25 16:08:26 UTC
@Yuri, thanks for the help, but please do the job in a complete manner.
Comment 4 Agostino Sarubbo gentoo-dev 2013-10-25 16:24:57 UTC
amd64/x86 stable


@maintainer: please cleanup.
Comment 5 Doug Goldstein (RETIRED) gentoo-dev 2013-10-25 18:07:44 UTC
(In reply to Agostino Sarubbo from comment #4)
> amd64/x86 stable
> 
> 
> @maintainer: please cleanup.

Done.
Comment 6 Sergey Popov gentoo-dev 2013-10-28 11:01:10 UTC
Added to existing GLSA draft
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2013-12-12 17:27:03 UTC
CVE-2013-4400 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4400):
  virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to
  overwrite arbitrary files and possibly gain privileges via unspecified
  environment variables or command-line arguments.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2014-12-08 23:48:00 UTC
This issue was resolved and addressed in
 GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).