CVE-2014-0028

First published: Mon Jan 06 2014(Updated: )

Eric Blake from Red Hat reports that ever since libvirt 1.1.1 added ACL domain:getattr filtering for commands like virConnectListAllDomains, we have had a latent problem that the use of virConnectDomainEventRegister() and virConnectDomainEventRegisterAny() can be used to learn about virDomainPtr objects that should have been inaccessible to the user. It is not a problem if you are not using ACLs; also, it is partially mitigated by the fact that any domain that does not trigger an event in the timeframe where the attacker maintains their event callback will not be leaked. Once an attacker has learned about a domain by bypassing domain:getattr, they could perform other actions on the domain if there were not ACLs to filter those actions too, such as starting and stopping the domain.

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• agent/softwarecombine
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• agent/weakness
• agent/author
• agent/severity
• agent/last-modified-date
• agent/references
• agent/tags
• agent/event
• agent/description
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2014-0028
• vendor/redhat
• canonical/redhat libvirt
• version/redhat libvirt/1.1.1
• version/redhat libvirt/1.1.2
• version/redhat libvirt/1.1.3
• version/redhat libvirt/1.1.4
• version/redhat libvirt/1.2.0