Rapid7 Vulnerability & Exploit Database

RHSA-2010:0615: libvirt security and bug fix update

Back to Search

RHSA-2010:0615: libvirt security and bug fix update

Severity
4
CVSS
(AV:L/AC:M/Au:S/C:C/I:N/A:N)
Published
08/19/2010
Created
07/25/2018
Added
08/19/2010
Modified
07/04/2017

Description

The libvirt library is a C API for managing and interacting with thevirtualization capabilities of Linux and other operating systems. Inaddition, libvirt provides tools for remotely managing virtualized systems.It was found that libvirt did not set the user-defined backing store formatwhen creating a new image, possibly resulting in applications having toprobe the backing store to discover the format. A privileged guest usercould use this flaw to read arbitrary files on the host. (CVE-2010-2239)It was found that libvirt created insecure iptables rules on the host whena guest system was configured for IP masquerading, allowing the guest touse privileged ports on the host when accessing network resources. Aprivileged guest user could use this flaw to access network resources thatwould otherwise not be accessible to the guest. (CVE-2010-2242)Red Hat would like to thank Jeremy Nickurak for reporting the CVE-2010-2242issue.This update also fixes the following bugs:The Linux kernel assigns network TAP devices a random MAC address.Occasionally, this random MAC address is lower than that of the physicalinterface which is enslaved (for example, eth0 or eth1), which causes thebridge to change its MAC address, thereby disrupting network communicationsfor a period of time.With this update, libvirt now sets an explicit MAC address for all TAPdevices created using the configured MAC address from the XML, but with thehigh bit set to 0xFE. The result is that TAP device MAC addresses are nownumerically greater than those for physical interfaces, and bridges shouldno longer attempt to switch their MAC address to that of the TAP device,thus avoiding potential spurious network disruptions. (BZ#617243)All users of libvirt are advised to upgrade to these updated packages,which contain backported patches to correct these issues. After installingthe updated packages, the system must be rebooted for the update to takeeffect.

Solution(s)

  • redhat-upgrade-libvirt
  • redhat-upgrade-libvirt-devel
  • redhat-upgrade-libvirt-python

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;