CVE-2013-6456

Priority
Medium
Description
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows
local users to (1) delete arbitrary host devices via the
virDomainDeviceDettach API and a symlink attack on /dev in the container;
(2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a
symlink attack on /dev in the container; and cause a denial of service
(shutdown or reboot host OS) via the (3) virDomainShutdown or (4)
virDomainReboot API and a symlink attack on /dev/initctl in the container,
related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel
function.
References
Bugs
Notes
mdeslaur> 1.0.1 and higher
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.10 (Saucy Salamander):released (1.1.1-0ubuntu8.11)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.2.2-0ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1.2.2-0ubuntu1)
Patches:
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=a15d9aa37e0baa4677c605c7563ebd92d3de468c (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=268ef38d12b6bf4fdcbbe6f8c7dd6c2e4cc446f1 (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=5daffc54b0815c49146cb6174c28954252542247 (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=aaba652d2ba2a3a258c6b36d109ada59824cedce (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=4428224e0d60ce32cb81be45b79323912ce5b8dc (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=d0ddd54a6706b7bfbc2ff1c2d3352331a8857660 (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=869961c1a2dc718d6272b3218e0263d58d4a6648 (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=045ab83be86ab960ab8358d96de110e98930740c (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=06a0f6b81cb982d8b7789862ef2e197d68d9e6ab (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=40c8a8e92686fb5bf55fa1482b59309d3e5b96e3 (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=599be6a6f93618ac5094e0283538ed827b5c7e5b (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=05b36162178f8bf43c5ca57568f154493701b209 (bp)
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=6ecb7bc3aed7f60edad5289c9b0cfcf99eee6611
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=72a4c29ca72789b13de1ed9cb96df9fb2b0fdde4
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=83f83508e128275bd1b74988162dc6b9f86e00ee
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=398c88edfaef50b9b59eb2d9a61b07c9c940a661
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=dd055960df60c536957664f0ae3c591feecf7b09
Upstream:http://libvirt.org/git/?p=libvirt.git;a=commit;h=14d69bd00e4455a1d174d14c5af73975cf9e904a
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-07 19:14:29 UTC (commit 8038)