CVE-2013-6456

Name of the Vulnerable Software and Affected Versions libvirt versions 1.0.1 through 1.2.1

Description The issue allows local users to delete arbitrary host devices via the "virDomainDeviceDettach" API and a symlink attack on "/dev" in the container. It also enables users to create arbitrary nodes via the "virDomainDeviceAttach" API and a symlink attack on "/dev" in the container. Furthermore, it can cause a denial of service, such as shutting down or rebooting the host OS, via the "virDomainShutdown" or "virDomainReboot" API and a symlink attack on "/dev/initctl" in the container. This is related to paths under "/proc/$PID/root" and the virInitctlSetRunLevel function.

Recommendations For libvirt versions 1.0.1 through 1.2.1, consider disabling the virDomainDeviceDettach and virDomainDeviceAttach APIs as a temporary workaround to prevent arbitrary device deletion and node creation. Additionally, restrict access to the virDomainShutdown and virDomainReboot APIs to minimize the risk of denial of service attacks. Avoid using the virInitctlSetRunLevel function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.