Vulnerabilities > CVE-2011-2178 - Unspecified vulnerability in Redhat Libvirt 0.8.8/0.9.0/0.9.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN redhat
nessus
Summary
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2011-9091.NASL description Fix for CVE-2011-2178, regression introduced in disk probe logic, Fix for CVE-2011-2511, integer overflow in VirDomainGetVcpus Make commandtest more robust, Add ARM to NUMA excludes Add several build and runtime dependencies to specfile Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55561 published 2011-07-12 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55561 title Fedora 15 : libvirt-0.8.8-7.fc15 (2011-9091) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-9091. # include("compat.inc"); if (description) { script_id(55561); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:35"); script_cve_id("CVE-2011-2178", "CVE-2011-2511"); script_bugtraq_id(48321, 48478); script_xref(name:"FEDORA", value:"2011-9091"); script_name(english:"Fedora 15 : libvirt-0.8.8-7.fc15 (2011-9091)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for CVE-2011-2178, regression introduced in disk probe logic, Fix for CVE-2011-2511, integer overflow in VirDomainGetVcpus Make commandtest more robust, Add ARM to NUMA excludes Add several build and runtime dependencies to specfile Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=680270" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=709775" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=717204" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a0f11553" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:C/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libvirt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2011/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"libvirt-0.8.8-7.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_4_LIBVIRT-110614.NASL description A regression re-introduced automatic disk probing again which potentially allowed to uses to access arbitrary files (CVE-2011-2178). last seen 2020-06-01 modified 2020-06-02 plugin id 75929 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75929 title openSUSE Security Update : libvirt (openSUSE-SU-2011:0643-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libvirt-4712. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75929); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-2178"); script_name(english:"openSUSE Security Update : libvirt (openSUSE-SU-2011:0643-1)"); script_summary(english:"Check for the libvirt-4712 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A regression re-introduced automatic disk probing again which potentially allowed to uses to access arbitrary files (CVE-2011-2178)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=697904" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:C/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/06/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"libvirt-0.8.8-0.10.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvirt-client-0.8.8-0.10.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvirt-client-debuginfo-0.8.8-0.10.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvirt-debuginfo-0.8.8-0.10.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvirt-debugsource-0.8.8-0.10.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvirt-devel-0.8.8-0.10.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvirt-python-0.8.8-0.10.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libvirt-python-debuginfo-0.8.8-0.10.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-devel / libvirt-python / etc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201202-07.NASL description The remote host is affected by the vulnerability described in GLSA-201202-07 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : These vulnerabilities allow a remote attacker to cause a Denial of Service condition on the host server or libvirt daemon, or might allow guest OS users to read arbitrary files on the host OS. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 58139 published 2012-02-28 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58139 title GLSA-201202-07 : libvirt: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1152-1.NASL description It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. (CVE-2011-1486) Eric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix for CVE-2010-2238. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 11.04. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. (CVE-2011-2178). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55167 published 2011-06-17 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55167 title Ubuntu 10.04 LTS / 10.10 / 11.04 : libvirt vulnerabilities (USN-1152-1)
References
- http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html
- https://bugzilla.redhat.com/show_bug.cgi?id=709775
- http://www.ubuntu.com/usn/USN-1152-1
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html
- http://libvirt.org/news.html
- https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
- http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html
- https://bugzilla.redhat.com/show_bug.cgi?id=709769