Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6456

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2013-6456
Last Modified 02 Jan 2015 09:22:21
Published 15 Apr 2014 07:55:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2013-6456

Summary

The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.

Vulnerable Systems

Operating System

  • Fedoraproject Fedora 20

Application

  • Redhat Libvirt 1.0.1

  • Redhat Libvirt 1.0.2

  • Redhat Libvirt 1.0.3

  • Redhat Libvirt 1.0.4

  • Redhat Libvirt 1.0.5

  • Redhat Libvirt 1.0.5.1

  • Redhat Libvirt 1.0.5.2

  • Redhat Libvirt 1.0.5.3

  • Redhat Libvirt 1.0.5.4

  • Redhat Libvirt 1.0.5.5

  • Redhat Libvirt 1.0.5.6

  • Redhat Libvirt 1.0.6

  • Redhat Libvirt 1.1.0

  • Redhat Libvirt 1.1.1

  • Redhat Libvirt 1.1.2

  • Redhat Libvirt 1.1.3

  • Redhat Libvirt 1.1.4

  • Redhat Libvirt 1.2.0

  • Redhat Libvirt 1.2.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1045643

MISC - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

BID - 65743

CONFIRM - http://security.libvirt.org/2013/0018.html

SECUNIA - 56215

SECUNIA - 56187

FEDORA - FEDORA-2014-2864

CONFIRM - http://libvirt.org/news.html

CONFIRM - http://libvirt.org/git/?p=libvirt.git;a=commit;h=5fc590ad9f4

SUSE - openSUSE-SU-2014:0593

GENTOO - GLSA-201412-04

SECUNIA - 60895


Last Updated: 27 May 2016 11:04:57