Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130225193555.GA5127@waldi.eu.org>
Date: Mon, 25 Feb 2013 20:36:19 +0100
From: Bastian Blank <waldi@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: libvirt kvm-group writable storage

Hi

libvirtd in privileged (root) mode runs qemu/kvm guests with a different
user. It set owner/group of storage used by this guests to this user and
group. In Debian this is libvirt-qemu:kvm.

| brw-rw---T 1 libvirt-qemu kvm  254, 11 Feb 25 17:08 /dev/dm-11
| brw-rw---T 1 libvirt-qemu kvm  254, 12 Feb 25 17:50 /dev/dm-12

The kvm group is used for generic access control on /dev/kvm, so a lot
of users may have access to this group.

| crw-rw---T 1 root kvm 10, 232 Feb 25 18:04 kvm

This allows write access to unrelated users to this storage.

Affected is at least Debian Squeeze (0.8.3-5+squeeze2) and Debian
experimental (1.0.1-2). Reference is http://bugs.debian.org/701649

Please assign a CVE.

Bastian

-- 
Oh, that sound of male ego.  You travel halfway across the galaxy and
it's still the same song.
		-- Eve McHuron, "Mudd's Women", stardate 1330.1

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.