Vulnerabilities > CVE-2019-10167 - Missing Authorization vulnerability in Redhat products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1686-1.NASL description This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126237 published 2019-06-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126237 title SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:1686-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1686-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(126237); script_version("1.4"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-10161", "CVE-2019-10167"); script_name(english:"SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:1686-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138301" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138303" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10161/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10167/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191686-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ce05d41a" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-1686=1 SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-1686=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-xen-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-client-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-client-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-config-network-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-config-nwfilter-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-interface-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-interface-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-lxc-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-network-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-network-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-nodedev-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-nwfilter-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-qemu-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-secret-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-secret-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-storage-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-storage-debuginfo-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-lxc-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-qemu-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-debugsource-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-doc-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-lock-sanlock-1.2.18.4-22.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-lock-sanlock-debuginfo-1.2.18.4-22.13.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1672.NASL description This update for libvirt fixes the following issues : Security issues fixed : - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain last seen 2020-06-01 modified 2020-06-02 plugin id 126372 published 2019-07-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126372 title openSUSE Security Update : libvirt (openSUSE-2019-1672) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1672. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(126372); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167"); script_name(english:"openSUSE Security Update : libvirt (openSUSE-2019-1672)"); script_summary(english:"Check for the openSUSE-2019-1672 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for libvirt fixes the following issues : Security issues fixed : - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain's config used for managedsave or execute arbitrary emulator binaries (bsc#1138302). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Other issue addressed : - spec: add systemd-container dependency to qemu and lxc drivers (bsc#1136109). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136109" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138301" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138302" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138303" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-admin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-admin-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-core-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-disk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-iscsi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-logical-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-mpath-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-rbd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-scsi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-hooks"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-plugin-libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wireshark-plugin-libvirt-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-admin-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-admin-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-client-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-client-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-config-network-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-config-nwfilter-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-interface-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-interface-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-lxc-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-lxc-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-network-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-network-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-nodedev-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-nodedev-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-nwfilter-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-qemu-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-qemu-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-secret-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-secret-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-core-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-core-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-disk-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-iscsi-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-logical-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-mpath-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-scsi-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-uml-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-uml-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-vbox-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-driver-vbox-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-hooks-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-lxc-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-qemu-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-uml-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-daemon-vbox-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-debugsource-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-devel-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-libs-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-libs-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-lock-sanlock-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-lock-sanlock-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-nss-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libvirt-nss-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"wireshark-plugin-libvirt-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"wireshark-plugin-libvirt-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libvirt-client-32bit-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libvirt-daemon-xen-4.0.0-lp150.7.18.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libvirt-devel-32bit-4.0.0-lp150.7.18.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-admin / libvirt-admin-debuginfo / libvirt-client / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4047-1.NASL description Matthias Gerstner and Jan Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126563 published 2019-07-09 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126563 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : libvirt vulnerabilities (USN-4047-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4047-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(126563); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2019-10161", "CVE-2019-10166", "CVE-2019-10167", "CVE-2019-10168"); script_xref(name:"USN", value:"4047-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : libvirt vulnerabilities (USN-4047-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Matthias Gerstner and Jan Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitrary files, or execute arbitrary binaries. In the default installation, attackers would be isolated by the libvirt AppArmor profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4047-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|18\.10|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"libvirt-bin", pkgver:"1.3.1-1ubuntu10.27")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libvirt0", pkgver:"1.3.1-1ubuntu10.27")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libvirt-clients", pkgver:"4.0.0-1ubuntu8.12")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libvirt-daemon", pkgver:"4.0.0-1ubuntu8.12")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libvirt0", pkgver:"4.0.0-1ubuntu8.12")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"libvirt-clients", pkgver:"4.6.0-2ubuntu3.8")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"libvirt-daemon", pkgver:"4.6.0-2ubuntu3.8")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"libvirt0", pkgver:"4.6.0-2ubuntu3.8")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"libvirt-clients", pkgver:"5.0.0-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"libvirt-daemon", pkgver:"5.0.0-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"libvirt0", pkgver:"5.0.0-1ubuntu2.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt-bin / libvirt-clients / libvirt-daemon / libvirt0"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1724.NASL description According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) - libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function(CVE-2019-3840) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-22 plugin id 126852 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126852 title EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-1724) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(126852); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2019-10161", "CVE-2019-10167", "CVE-2019-3840" ); script_name(english:"EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-1724)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) - libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function(CVE-2019-3840) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1724 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d1920901"); script_set_attribute(attribute:"solution", value: "Update the affected libvirt packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-kvm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libvirt-2.0.0-10.10.h3", "libvirt-client-2.0.0-10.10.h3", "libvirt-daemon-2.0.0-10.10.h3", "libvirt-daemon-config-network-2.0.0-10.10.h3", "libvirt-daemon-config-nwfilter-2.0.0-10.10.h3", "libvirt-daemon-driver-interface-2.0.0-10.10.h3", "libvirt-daemon-driver-lxc-2.0.0-10.10.h3", "libvirt-daemon-driver-network-2.0.0-10.10.h3", "libvirt-daemon-driver-nodedev-2.0.0-10.10.h3", "libvirt-daemon-driver-nwfilter-2.0.0-10.10.h3", "libvirt-daemon-driver-qemu-2.0.0-10.10.h3", "libvirt-daemon-driver-secret-2.0.0-10.10.h3", "libvirt-daemon-driver-storage-2.0.0-10.10.h3", "libvirt-daemon-kvm-2.0.0-10.10.h3"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-4714.NASL description Description of changes: [5.0.0-9.el7] - qemu: remove cpuhostmask and cpuguestmask from virCaps structure (Wim ten Have) [Orabug: 29956508] [5.0.0-8.el7] - api: disallow virDomainSaveImageGetXMLDesc on read-only connections (Já n Tomko) [Orabug: 29955742] {CVE-2019-10161} - domain: Define explicit flags for saved image xml (Eric Blake) [Orabug: 29955742] - api: disallow virDomainManagedSaveDefineXML on read-only connections (Já n Tomko) [Orabug: 29955742] {CVE-2019-10166} - api: disallow virConnectGetDomainCapabilities on read-only connections (Já n Tomko) [Orabug: 29955742] {CVE-2019-10167} - api: disallow virConnect*HypervisorCPU on read-only connections (Já n Tomko) [Orabug: 29955742] {CVE-2019-10168} [5.0.0-7.el7] - cpu_map: Define md-clear CPUID bit (Jiri Denemark) [Orabug: 29874181] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} [5.0.0-6.el7] - qemu: Driver change adding private lock to auto-tune hugepages (Wim ten Have) [Orabug: 29809943] [5.0.0-5.el7] - qemu: disable setmem change requests for vNUMA targets (Wim ten Have) [Orabug: 29797366] - domain: Disable memballoon memory configuration support for vNUMA guests (Wim ten Have) [Orabug: 29797366] - qemu: Driver change to target for vNUMA setmaxmem change request (Wim ten Have) [Orabug: 29749852] - domain: Add domain memory config support for vNUMA guests (Wim ten Have) [Orabug: 29749852] - logging: restrict sockets to mode 0600 (Daniel P. Berrangé ) [Orabug: 29861433] {CVE-2019-10132} - locking: restrict sockets to mode 0600 (Daniel P. Berrangé ) [Orabug: 29861433] {CVE-2019-10132} - admin: reject clients unless their UID matches the current UID (Daniel P. Berrangé ) [Orabug: 29861433] {CVE-2019-10132} last seen 2020-06-01 modified 2020-06-02 plugin id 126674 published 2019-07-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126674 title Oracle Linux 7 : libvirt (ELSA-2019-4714) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1274.NASL description Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the last seen 2020-06-01 modified 2020-06-02 plugin id 128288 published 2019-08-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128288 title Amazon Linux 2 : libvirt (ALAS-2019-1274) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1637-1.NASL description This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain last seen 2020-06-01 modified 2020-06-02 plugin id 126165 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126165 title SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2019:1637-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1643-1.NASL description This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain last seen 2020-06-01 modified 2020-06-02 plugin id 126166 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126166 title SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2019:1643-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1832.NASL description Two vulnerabilities were discovered in libvirt, an abstraction API for different underlying virtualisation mechanisms provided by the kernel, etc. - CVE-2019-10161: Prevent an vulnerability where readonly clients could use the API to specify an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause a denial of service or otherwise cause libvirtd to execute arbitrary programs. - CVE-2019-10167: Prevent an arbitrary code execution vulnerability via the API where a user-specified binary used to probe the domain last seen 2020-06-01 modified 2020-06-02 plugin id 126220 published 2019-06-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126220 title Debian DLA-1832-1 : libvirt security update NASL family Fedora Local Security Checks NASL id FEDORA_2019-9210998AAA.NASL description - CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (bz #1722463, bz #1720115) - CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients (bz #1722462, bz #1720114) - CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API (bz #1722464, bz #1720117) - CVE-2019-10168: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz #1722466, bz #1720118) - CVE-2019-3886: virsh domhostname command discloses guest hostname in readonly mode [fedora-rawhide - Failed to attache NEW rbd device to guest (bz #1672620) - PCI hostdev interface segfault (bz #1692053) ---- Fix systemd socket permissions (CVE-2019-10132) The virtlockd-admin.socket, virtlogd-admin.sock, virtlockd.socket & virtlogd.socket units must be restarted, if currently running. This can be done with a host reboot or systemctl commands. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126531 published 2019-07-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126531 title Fedora 29 : libvirt (2019-9210998aaa) NASL family Scientific Linux Local Security Checks NASL id SL_20190620_LIBVIRT_ON_SL6_X.NASL description Security Fix(es) : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) - libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) last seen 2020-03-18 modified 2019-06-21 plugin id 126090 published 2019-06-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126090 title Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20190620) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2105-1.NASL description This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issue fixed: qemu: Add support for overriding max threads per process limit (bsc#1133719) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127789 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127789 title SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2105-1) NASL family Scientific Linux Local Security Checks NASL id SL_20190620_LIBVIRT_ON_SL7_X.NASL description Security Fix(es) : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) - libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) Bug Fix(es) : - Live migration fail with unsafe error when GPFS is used as shared filesystem last seen 2020-03-18 modified 2019-06-21 plugin id 126091 published 2019-06-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126091 title Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190620) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2227-2.NASL description This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issues fixed: Fixed an issue with short bitmaps when setting vcpu affinity using the vcpupin (bsc#1138734). Added support for overriding max threads per process limit (bsc#1133719) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128752 published 2019-09-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128752 title SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2227-2) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1762.NASL description An update for the virt:8.0.0 module is now available for Red Hat Enterprise Linux 8 Advanced Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es) : * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-23 modified 2019-07-15 plugin id 126679 published 2019-07-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126679 title RHEL 8 : Virtualization Manager (RHSA-2019:1762) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1599-1.NASL description This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain last seen 2020-06-01 modified 2020-06-02 plugin id 126154 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126154 title SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1599-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-1579.NASL description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Live migration fail with unsafe error when GPFS is used as shared filesystem (BZ#1715867) last seen 2020-06-01 modified 2020-06-02 plugin id 126076 published 2019-06-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126076 title CentOS 7 : libvirt (CESA-2019:1579) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-1579.NASL description From Red Hat Security Advisory 2019:1579 : An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Live migration fail with unsafe error when GPFS is used as shared filesystem (BZ#1715867) last seen 2020-06-01 modified 2020-06-02 plugin id 126141 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126141 title Oracle Linux 7 : libvirt (ELSA-2019-1579) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2227-1.NASL description This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issues fixed: Fixed an issue with short bitmaps when setting vcpu affinity using the vcpupin (bsc#1138734). Added support for overriding max threads per process limit (bsc#1133719) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128312 published 2019-08-29 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128312 title SUSE SLES12 Security Update : libvirt (SUSE-SU-2019:2227-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4469.NASL description Two vulnerabilities were discovered in Libvirt, a virtualisation abstraction library, allowing an API client with read-only permissions to execute arbitrary commands via the virConnectGetDomainCapabilities API, or read or execute arbitrary files via the virDomainSaveImageGetXMLDesc API. Additionally the libvirt last seen 2020-06-01 modified 2020-06-02 plugin id 126128 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126128 title Debian DSA-4469-1 : libvirt - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1580.NASL description An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-05-23 modified 2019-06-21 plugin id 126088 published 2019-06-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126088 title RHEL 8 : virt:rhel (RHSA-2019:1580) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1699.NASL description An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host last seen 2020-06-01 modified 2020-06-02 plugin id 126559 published 2019-07-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126559 title RHEL 7 : Virtualization Manager (RHSA-2019:1699) (SACK Panic) (SACK Slowness) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1774.NASL description According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) - libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-07-25 plugin id 127011 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127011 title EulerOS 2.0 SP8 : libvirt (EulerOS-SA-2019-1774) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0032_LIBVIRT.NASL description An update of the libvirt package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 130112 published 2019-10-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130112 title Photon OS 3.0: Libvirt PHSA-2019-3.0-0032 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1957.NASL description According to the versions of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. (CVE-2019-10161) - The virConnectGetDomainCapabilities() libvirt API accepts an last seen 2020-06-01 modified 2020-06-02 plugin id 128960 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128960 title EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2019-1957) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1753.NASL description This update for libvirt fixes the following issues : Security issues fixed: 	 - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10166: Fixed an issue with virDomainManagedSaveDefineXML which could have been used to alter the domain last seen 2020-06-01 modified 2020-06-02 plugin id 126894 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126894 title openSUSE Security Update : libvirt (openSUSE-2019-1753) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1579.NASL description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Live migration fail with unsafe error when GPFS is used as shared filesystem (BZ#1715867) last seen 2020-06-01 modified 2020-06-02 plugin id 126087 published 2019-06-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126087 title RHEL 7 : libvirt (RHSA-2019:1579) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2020.NASL description According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) - libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function(CVE-2019-3840) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129213 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129213 title EulerOS 2.0 SP3 : libvirt (EulerOS-SA-2019-2020) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-18.NASL description The remote host is affected by the vulnerability described in GLSA-202003-18 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A local privileged attacker could execute arbitrary commands, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-16 plugin id 134595 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134595 title GLSA-202003-18 : libvirt: Multiple vulnerabilities NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0276_LIBVIRT.NASL description An update of the libvirt package has been released. last seen 2020-03-17 modified 2020-02-13 plugin id 133683 published 2020-02-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133683 title Photon OS 1.0: Libvirt PHSA-2020-1.0-0276 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0214_LIBVIRT.NASL description An update of the libvirt package has been released. last seen 2020-03-17 modified 2020-03-11 plugin id 134427 published 2020-03-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134427 title Photon OS 2.0: Libvirt PHSA-2020-2.0-0214 NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1796.NASL description According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-08-23 plugin id 128088 published 2019-08-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128088 title EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1796) NASL family Fedora Local Security Checks NASL id FEDORA_2019-B2DFB13DAF.NASL description - CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (bz #1722463, bz #1720115) - CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients (bz #1722462, bz #1720114) - CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API (bz #1722464, bz #1720117) - CVE-2019-10168: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz #1722466, bz #1720118) - CVE-2019-3886: virsh domhostname command discloses guest hostname in readonly mode [fedora-rawhide - Cannot start VM with a CBR 2.0 TPM device (bz #1712556) - libvirtd does not update VM .xml configurations after virsh snapshot/blockcommit (bz #1722348) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126532 published 2019-07-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126532 title Fedora 30 : libvirt (2019-b2dfb13daf)
Redhat
rpms |
|
References
- https://access.redhat.com/libvirt-privesc-vulnerabilities
- https://access.redhat.com/libvirt-privesc-vulnerabilities
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167
- https://security.gentoo.org/glsa/202003-18
- https://security.gentoo.org/glsa/202003-18