ID CVE-2008-5086
Summary Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
References
Vulnerable Configurations
  • cpe:2.3:a:libvirt:libvirt:0.3.3
    cpe:2.3:a:libvirt:libvirt:0.3.3
  • cpe:2.3:a:libvirt:libvirt:0.3.2
    cpe:2.3:a:libvirt:libvirt:0.3.2
  • cpe:2.3:a:libvirt:libvirt:0.4.1
    cpe:2.3:a:libvirt:libvirt:0.4.1
  • cpe:2.3:a:libvirt:libvirt:0.4.2
    cpe:2.3:a:libvirt:libvirt:0.4.2
  • cpe:2.3:a:libvirt:libvirt:0.4.6
    cpe:2.3:a:libvirt:libvirt:0.4.6
  • cpe:2.3:a:libvirt:libvirt:0.5.0
    cpe:2.3:a:libvirt:libvirt:0.5.0
  • cpe:2.3:a:libvirt:libvirt:0.5.1
    cpe:2.3:a:libvirt:libvirt:0.5.1
CVSS
Base: 7.2 (as of 19-12-2008 - 17:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBVIRT-5874.NASL
    description libvirt misses some read-only connection checks for certain methods. This flaw enables local unprivileged users for example to migrate virtual machines without authentication (CVE-2008-5086).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 35607
    published 2009-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35607
    title openSUSE 10 Security Update : libvirt (libvirt-5874)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0382.NASL
    description From Red Hat Security Advisory 2009:0382 : Updated libvirt packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 5th May 2011] After installing this update and restarting the libvirtd service, the 'virsh attach-disk' command failed. Rebooting guest systems after installing the update resolved the issue. The erratum text has been updated to reflect that guest systems must be rebooted. Future updates will advise if a guest reboot is needed. No changes have been made to the packages. libvirt is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. libvirt also provides tools for remotely managing virtualized systems. The libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections. (CVE-2008-5086) libvirt_proxy, a setuid helper application allowing non-privileged users to communicate with the hypervisor, was discovered to not properly validate user requests. Local users could use this flaw to cause a stack-based buffer overflow in libvirt_proxy, possibly allowing them to run arbitrary code with root privileges. (CVE-2009-0036) All users are advised to upgrade to these updated packages, which contain backported patches which resolve these issues. After installing the update, libvirtd must be restarted manually (for example, by issuing a 'service libvirtd restart' command), and guest systems rebooted, for this change to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67832
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67832
    title Oracle Linux 5 : libvirt (ELSA-2009-0382)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-11433.NASL
    description fix missing read-only access checks, fixes CVE-2008-5086 - upstream release 0.5.1 - mostly bugfixes e.g #473071 - some driver improvements Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 35228
    published 2008-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35228
    title Fedora 9 : libvirt-0.5.1-2.fc9 (2008-11433)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-11443.NASL
    description fix missing read-only access checks, fixes CVE-2008-5086 - upstream release 0.5.1 - mostly bugfixes e.g #473071 - some driver improvements Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 36460
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36460
    title Fedora 10 : libvirt-0.5.1-2.fc10 (2008-11443)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBVIRT-081218.NASL
    description libvirt misses some read-only connection checks for certain methods. This flaw enables local unprivileged users for example to migrate virtual machines without authentication (CVE-2008-5086).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40051
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40051
    title openSUSE Security Update : libvirt (libvirt-373)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBVIRT-5869.NASL
    description libvirt misses some read-only connection checks for certain methods. This flaw enables local unprivileged users for example to migrate virtual machines without authentication. (CVE-2008-5086)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 41554
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41554
    title SuSE 10 Security Update : libvirt (ZYPP Patch Number 5869)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0382.NASL
    description Updated libvirt packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 5th May 2011] After installing this update and restarting the libvirtd service, the 'virsh attach-disk' command failed. Rebooting guest systems after installing the update resolved the issue. The erratum text has been updated to reflect that guest systems must be rebooted. Future updates will advise if a guest reboot is needed. No changes have been made to the packages. libvirt is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. libvirt also provides tools for remotely managing virtualized systems. The libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections. (CVE-2008-5086) libvirt_proxy, a setuid helper application allowing non-privileged users to communicate with the hypervisor, was discovered to not properly validate user requests. Local users could use this flaw to cause a stack-based buffer overflow in libvirt_proxy, possibly allowing them to run arbitrary code with root privileges. (CVE-2009-0036) All users are advised to upgrade to these updated packages, which contain backported patches which resolve these issues. After installing the update, libvirtd must be restarted manually (for example, by issuing a 'service libvirtd restart' command), and guest systems rebooted, for this change to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 63878
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63878
    title RHEL 5 : libvirt (RHSA-2009:0382)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBVIRT-081218.NASL
    description libvirt misses some read-only connection checks for certain methods. This flaw enables local unprivileged users for example to migrate virtual machines without authentication (CVE-2008-5086).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40272
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40272
    title openSUSE Security Update : libvirt (libvirt-373)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090319_LIBVIRT_ON_SL5_X.NASL
    description The libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections. (CVE-2008-5086) libvirt_proxy, a setuid helper application allowing non-privileged users to communicate with the hypervisor, was discovered to not properly validate user requests. Local users could use this flaw to cause a stack-based buffer overflow in libvirt_proxy, possibly allowing them to run arbitrary code with root privileges. (CVE-2009-0036) After installing the update, libvirtd must be restarted manually (for example, by issuing a 'service libvirtd restart' command) for this change to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60551
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60551
    title Scientific Linux Security Update : libvirt on SL5.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-694-1.NASL
    description It was discovered that libvirt did not mark certain operations as read-only. A local attacker may be able to perform privileged actions such as migrating virtual machines, adjusting autostart flags, or accessing privileged data in the virtual machine memory and disks. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 37984
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37984
    title Ubuntu 7.10 / 8.04 LTS / 8.10 : libvirt vulnerability (USN-694-1)
oval via4
accepted 2013-04-29T04:17:52.700-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
family unix
id oval:org.mitre.oval:def:8765
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
version 18
redhat via4
advisories
rhsa
id RHSA-2009:0382
rpms
  • libvirt-0:0.3.3-14.el5_3.1
  • libvirt-devel-0:0.3.3-14.el5_3.1
  • libvirt-python-0:0.3.3-14.el5_3.1
refmap via4
bid 32905
confirm https://bugzilla.redhat.com/show_bug.cgi?id=476560
fedora FEDORA-2008-11433
mlist [libvirt] 20081217 [SECURITY] PATCH: Fix missing read-only access checks (CVE-2008-5086)
osvdb 50919
secunia
  • 33198
  • 33217
  • 33292
  • 34397
suse SUSE-SR:2009:004
ubuntu USN-694-1
Last major update 08-09-2013 - 01:40
Published 19-12-2008 - 12:30
Last modified 28-09-2017 - 21:32
Back to Top