PT-2019-2883 · Libvirt+5 · Libvirt+5

Published

2019-06-20

·

Updated

2024-06-15

·

CVE-2019-10161

CVSS v3.1

8.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libvirtd versions prior to 4.10.1 libvirtd versions prior to 5.4.1
Description The issue is related to the virDomainSaveImageGetXMLDesc() API, which has access control errors. This allows an attacker with access to the libvirtd socket to probe the existence of arbitrary files, cause denial of service, or execute arbitrary programs by specifying an arbitrary path that would be accessed with the permissions of the libvirtd process.
Recommendations For libvirtd versions prior to 4.10.1, update to version 4.10.1 or later. For libvirtd versions prior to 5.4.1, update to version 5.4.1 or later. As a temporary workaround, consider restricting access to the virDomainSaveImageGetXMLDesc() API until a patch is available.

Fix

DoS

Improper Access Control

Missing Authorization

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862CWE-22

Related Identifiers

ALT-PU-2019-2222
ALT-PU-2019-2225
BDU:2019-02852
CESA-2019_1578
CESA-2019_1579
CESA-2019_1580
CVE-2019-10161
DLA-1832-1
DSA-4469-1
MGASA-2019-0390
OPENSUSE-SU-2019:1672-1
OPENSUSE-SU-2019:1753-1
OPENSUSE-SU-2019_1672-1
OPENSUSE-SU-2019_1753-1
OPENSUSE-SU-2024:11008-1
RHSA-2019:1578
RHSA-2019:1579
RHSA-2019:1580
RHSA-2019:1699
RHSA-2019:1762
RHSA-2019_1578
RHSA-2019_1579
RHSA-2019_1580
SUSE-SU-2019:14097-1
SUSE-SU-2019:14100-1
SUSE-SU-2019:1599-1
SUSE-SU-2019:1637-1
SUSE-SU-2019:1643-1
SUSE-SU-2019:1686-1
SUSE-SU-2019:1690-1
SUSE-SU-2019:2105-1
SUSE-SU-2019:2227-1
SUSE-SU-2019:2227-2
SUSE-SU-2019_14097-1
SUSE-SU-2019_1599-1
SUSE-SU-2019_1637-1
SUSE-SU-2019_1643-1
SUSE-SU-2019_1686-1
SUSE-SU-2019_1690-1
SUSE-SU-2019_2105-1
SUSE-SU-2019_2227-1
SUSE-SU-2019_2227-2
USN-4047-1
USN-4047-2

Affected Products

Alt Linux
Centos
Red Hat
Suse
Ubuntu
Libvirt