RHEL 6 : libvirt (RHSA-2014:1873)

critical Nessus Plugin ID 79329

Synopsis

The remote Red Hat host is missing one or more security updates for libvirt.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1873 advisory.

The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
In addition, libvirt provides tools for remote management of virtualized systems.

An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633)

A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains.
A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657)

It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data.
(CVE-2014-7823)

The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat.

This update also fixes the following bug:

When dumping migratable XML configuration of a domain, libvirt removes some automatically added devices for compatibility with older libvirt releases.
If such XML is passed to libvirt as a domain XML that should be used during migration, libvirt checks this XML for compatibility with the internally stored configuration of the domain. However, prior to this update, these checks failed because of devices that were missing (the same devices libvirt removed). As a consequence, migration with user-supplied migratable XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM domains with OpenStack always failed. With this update, before checking domain configurations for compatibility, libvirt transforms both user-supplied and internal configuration into a migratable form (automatically added devices are removed) and checks those instead. Thus, no matter whether the user-supplied configuration was generated as migratable or not, libvirt does not err about missing devices, and migration succeeds as expected. (BZ#1155564)

All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL libvirt package based on the guidance in RHSA-2014:1873.

See Also

http://www.nessus.org/u?d8a0d7d9

https://access.redhat.com/errata/RHSA-2014:1873

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1141131

https://bugzilla.redhat.com/show_bug.cgi?id=1145667

https://bugzilla.redhat.com/show_bug.cgi?id=1160817

Plugin Details

Severity: Critical

ID: 79329

File Name: redhat-RHSA-2014-1873.nasl

Version: 1.10

Type: local

Agent: unix

Published: 11/19/2014

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2014-3633

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2014-7823

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:libvirt-python, p-cpe:/a:redhat:enterprise_linux:libvirt-devel, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:libvirt-client, p-cpe:/a:redhat:enterprise_linux:libvirt, p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/18/2014

Vulnerability Publication Date: 10/6/2014

Reference Information

CVE: CVE-2014-3633, CVE-2014-3657, CVE-2014-7823

BID: 70186, 70210, 71095

CWE: 125, 20

RHSA: 2014:1873