CVE-2019-10167

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:virtualization:4.3:*:*:*:*:*:*:*

History

21 Nov 2024, 04:18

Type Values Removed Values Added
References () https://access.redhat.com/libvirt-privesc-vulnerabilities - Vendor Advisory () https://access.redhat.com/libvirt-privesc-vulnerabilities - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167 - Issue Tracking, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167 - Issue Tracking, Vendor Advisory
References () https://security.gentoo.org/glsa/202003-18 - Third Party Advisory () https://security.gentoo.org/glsa/202003-18 - Third Party Advisory

Information

Published : 2019-08-02 13:15

Updated : 2024-11-21 04:18


NVD link : CVE-2019-10167

Mitre link : CVE-2019-10167

CVE.ORG link : CVE-2019-10167


JSON object : View

Products Affected

redhat

  • enterprise_linux_server
  • enterprise_linux_server_eus
  • enterprise_linux
  • virtualization
  • enterprise_linux_desktop
  • libvirt
  • enterprise_linux_server_aus
  • enterprise_linux_server_tus
  • enterprise_linux_workstation
CWE
CWE-250

Execution with Unnecessary Privileges

CWE-284

Improper Access Control

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-862

Missing Authorization