CVE-2016-5008 – libvirt: Setting empty VNC password allows access to unauthorized users
https://notcve.org/view.php?id=CVE-2016-5008
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. libvirt en versiones anteriores a 2.0.0 desactiva inadecuadamente la comprobación de contraseñas cuando la contraseña en un servidor VNC está establecida en una cadena vacía, lo que permite a atacantes remotos eludir la autenticación y establecer una sesióin VNC conectándose al servidor. It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00054.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00055.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00024.html http://rhn.redhat.com/errata/RHSA-2016-2577.html http://security.libvirt.org/2016/0001.html http://www.debian.org/security/2016/dsa-3613 http://www.securityfocus.com/bid/91562 https://bugzilla.redhat.com/show_bug.cgi?id=1180092 https://lists.fedoraproject.org/archives/list/package-announc • CWE-284: Improper Access Control •
CVE-2014-3672
https://notcve.org/view.php?id=CVE-2014-3672
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. La implementación de qemu en libvirt en versiones anteriores a 1.3.0 y Xen permite a usuarios locales del SO invitado provocar una denegación de servicio (consumo de disco anfitrión) escribiendo stdout o stderr. • http://www.openwall.com/lists/oss-security/2016/05/24/5 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securitytracker.com/id/1035945 http://xenbits.xen.org/xsa/advisory-180.html https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=0d968ad715475a1660779bcdd2c5b38ad63db4cf https://libvirt.org/news-2015.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2011-4600
https://notcve.org/view.php?id=CVE-2011-4600
The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. La función networkReloadIptablesRules en network/bridge_driver.c en libvirt en versiones anteriores a 0.9.9 no maneja correctamente las reglas del firewall en redes puente cuando se reinicia libvirtd, lo que podría permitir a atacantes remotos eludir las restricciones de acceso previstas a través de una consulta (1) DNS o (2) DHCP. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=ae1232b298323dd7bef909426e2ebafa6bca9157 http://libvirt.org/news-2012.html http://www.ubuntu.com/usn/USN-2867-1 https://bugzilla.redhat.com/show_bug.cgi?id=760442 • CWE-284: Improper Access Control •
CVE-2015-5247
https://notcve.org/view.php?id=CVE-2015-5247
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. La API virStorageVolCreateXML en libvirt 1.2.14 hasta la versión 1.2.19 permite a usuarios remotos autenticados con una conexión de lectura-escritura causar una denegación de servicio (caída de libvirtd) desencadenando una desvinculación fallida después de crear un volumen en un pool NFS root_squash. • http://security.libvirt.org/2015/0003.html http://www.ubuntu.com/usn/USN-2867-1 • CWE-284: Improper Access Control •
CVE-2015-0236 – libvirt: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save images and snapshots objects
https://notcve.org/view.php?id=CVE-2015-0236
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. libvirt anterior a 1.2.12 permite a usuarios remotos autenticados obtener la contraseña VNC mediante el uso del indicador VIR_DOMAIN_XML_SECURE con (1) una instantánea manipulada a la interfaz virDomainSnapshotGetXMLDesc o (2) una imagen manipulada a la interfaz virDomainSaveImageGetXMLDesc. It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file. • http://advisories.mageia.org/MGASA-2015-0046.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html http://rhn.redhat.com/errata/RHSA-2015-0323.html http://secunia.com/advisories/62766 http://security.libvirt.org/2015/0001.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:035 http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 http://www.ubuntu.com/usn/USN-2867-1 https://access.redhat.com/security/cve/CVE-2015-0236 https://bugz • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •