ID CVE-2014-7823
Summary The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
References
Vulnerable Configurations
  • Red Hat libvirt 1.2.0
    cpe:2.3:a:redhat:libvirt:1.2.0
  • Red Hat libvirt 1.2.1
    cpe:2.3:a:redhat:libvirt:1.2.1
  • Red Hat libvirt 1.2.2
    cpe:2.3:a:redhat:libvirt:1.2.2
  • Red Hat libvirt 1.2.3
    cpe:2.3:a:redhat:libvirt:1.2.3
  • Red Hat libvirt 1.2.4
    cpe:2.3:a:redhat:libvirt:1.2.4
  • Red Hat libvirt 1.2.5
    cpe:2.3:a:redhat:libvirt:1.2.5
  • Red Hat libvirt 1.2.6
    cpe:2.3:a:redhat:libvirt:1.2.6
  • Red Hat libvirt 1.2.7
    cpe:2.3:a:redhat:libvirt:1.2.7
  • cpe:2.3:a:redhat:libvirt:1.2.8
    cpe:2.3:a:redhat:libvirt:1.2.8
  • cpe:2.3:a:redhat:libvirt:1.2.9
    cpe:2.3:a:redhat:libvirt:1.2.9
  • cpe:2.3:a:redhat:libvirt:1.2.10
    cpe:2.3:a:redhat:libvirt:1.2.10
CVSS
Base: 5.0 (as of 30-12-2014 - 13:49)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
redhat via4
advisories
  • bugzilla
    id 1160817
    title CVE-2014-7823 libvirt: dumpxml: information leak with migratable flag
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libvirt is earlier than 0:0.10.2-46.el6_6.2
          oval oval:com.redhat.rhsa:tst:20141873005
        • comment libvirt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110391006
      • AND
        • comment libvirt-client is earlier than 0:0.10.2-46.el6_6.2
          oval oval:com.redhat.rhsa:tst:20141873007
        • comment libvirt-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110391010
      • AND
        • comment libvirt-devel is earlier than 0:0.10.2-46.el6_6.2
          oval oval:com.redhat.rhsa:tst:20141873009
        • comment libvirt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110391008
      • AND
        • comment libvirt-lock-sanlock is earlier than 0:0.10.2-46.el6_6.2
          oval oval:com.redhat.rhsa:tst:20141873013
        • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120748014
      • AND
        • comment libvirt-python is earlier than 0:0.10.2-46.el6_6.2
          oval oval:com.redhat.rhsa:tst:20141873011
        • comment libvirt-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110391012
    rhsa
    id RHSA-2014:1873
    released 2014-11-18
    severity Moderate
    title RHSA-2014:1873: libvirt security and bug fix update (Moderate)
  • bugzilla
    id 1171124
    title libvirtd occasionally crashes at the end of migration
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libvirt is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008005
        • comment libvirt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110391006
      • AND
        • comment libvirt-client is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008037
        • comment libvirt-client is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110391010
      • AND
        • comment libvirt-daemon is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008035
        • comment libvirt-daemon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914016
      • AND
        • comment libvirt-daemon-config-network is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008011
        • comment libvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914008
      • AND
        • comment libvirt-daemon-config-nwfilter is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008013
        • comment libvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914022
      • AND
        • comment libvirt-daemon-driver-interface is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008021
        • comment libvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914028
      • AND
        • comment libvirt-daemon-driver-lxc is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008033
        • comment libvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914026
      • AND
        • comment libvirt-daemon-driver-network is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008029
        • comment libvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914010
      • AND
        • comment libvirt-daemon-driver-nodedev is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008019
        • comment libvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914020
      • AND
        • comment libvirt-daemon-driver-nwfilter is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008015
        • comment libvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914038
      • AND
        • comment libvirt-daemon-driver-qemu is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008039
        • comment libvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914040
      • AND
        • comment libvirt-daemon-driver-secret is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008023
        • comment libvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914012
      • AND
        • comment libvirt-daemon-driver-storage is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008031
        • comment libvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914018
      • AND
        • comment libvirt-daemon-kvm is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008041
        • comment libvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914044
      • AND
        • comment libvirt-daemon-lxc is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008007
        • comment libvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914030
      • AND
        • comment libvirt-devel is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008009
        • comment libvirt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110391008
      • AND
        • comment libvirt-docs is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008025
        • comment libvirt-docs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914032
      • AND
        • comment libvirt-lock-sanlock is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008043
        • comment libvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120748014
      • AND
        • comment libvirt-login-shell is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008017
        • comment libvirt-login-shell is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140914014
      • AND
        • comment libvirt-python is earlier than 0:1.1.1-29.el7_0.4
          oval oval:com.redhat.rhsa:tst:20150008027
        • comment libvirt-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110391012
    rhsa
    id RHSA-2015:0008
    released 2015-01-05
    severity Low
    title RHSA-2015:0008: libvirt security and bug fix update (Low)
rpms
  • libvirt-0:0.10.2-46.el6_6.2
  • libvirt-client-0:0.10.2-46.el6_6.2
  • libvirt-devel-0:0.10.2-46.el6_6.2
  • libvirt-lock-sanlock-0:0.10.2-46.el6_6.2
  • libvirt-python-0:0.10.2-46.el6_6.2
  • libvirt-0:1.1.1-29.el7_0.4
  • libvirt-client-0:1.1.1-29.el7_0.4
  • libvirt-daemon-0:1.1.1-29.el7_0.4
  • libvirt-daemon-config-network-0:1.1.1-29.el7_0.4
  • libvirt-daemon-config-nwfilter-0:1.1.1-29.el7_0.4
  • libvirt-daemon-driver-interface-0:1.1.1-29.el7_0.4
  • libvirt-daemon-driver-lxc-0:1.1.1-29.el7_0.4
  • libvirt-daemon-driver-network-0:1.1.1-29.el7_0.4
  • libvirt-daemon-driver-nodedev-0:1.1.1-29.el7_0.4
  • libvirt-daemon-driver-nwfilter-0:1.1.1-29.el7_0.4
  • libvirt-daemon-driver-qemu-0:1.1.1-29.el7_0.4
  • libvirt-daemon-driver-secret-0:1.1.1-29.el7_0.4
  • libvirt-daemon-driver-storage-0:1.1.1-29.el7_0.4
  • libvirt-daemon-kvm-0:1.1.1-29.el7_0.4
  • libvirt-daemon-lxc-0:1.1.1-29.el7_0.4
  • libvirt-devel-0:1.1.1-29.el7_0.4
  • libvirt-docs-0:1.1.1-29.el7_0.4
  • libvirt-lock-sanlock-0:1.1.1-29.el7_0.4
  • libvirt-login-shell-0:1.1.1-29.el7_0.4
  • libvirt-python-0:1.1.1-29.el7_0.4
refmap via4
confirm http://security.libvirt.org/2014/0007.html
gentoo GLSA-201412-04
secunia
  • 60010
  • 60895
  • 62058
  • 62303
suse openSUSE-SU-2014:1471
ubuntu USN-2404-1
Last major update 02-01-2017 - 21:59
Published 13-11-2014 - 16:32
Back to Top