util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
Weakness
The product does not properly verify that the source of data or communication is valid.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libvirt | Redhat | - (including) | - (including) |
| Red Hat Enterprise Linux 7 | RedHat | libvirt-0:4.5.0-10.el7 | * |
| Libvirt | Ubuntu | artful | * |
| Libvirt | Ubuntu | devel | * |
| Libvirt | Ubuntu | esm-infra/xenial | * |
| Libvirt | Ubuntu | xenial | * |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/111.html
- https://cwe.mitre.org/data/definitions/141.html
- https://cwe.mitre.org/data/definitions/142.html
- https://cwe.mitre.org/data/definitions/160.html
- https://cwe.mitre.org/data/definitions/21.html
- https://cwe.mitre.org/data/definitions/384.html
- https://cwe.mitre.org/data/definitions/385.html
- https://cwe.mitre.org/data/definitions/386.html
- https://cwe.mitre.org/data/definitions/387.html
- https://cwe.mitre.org/data/definitions/388.html
- https://cwe.mitre.org/data/definitions/510.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/60.html
- https://cwe.mitre.org/data/definitions/75.html
- https://cwe.mitre.org/data/definitions/76.html
- https://cwe.mitre.org/data/definitions/89.html
References
- http://www.ubuntu.com/usn/USN-3576-1
- https://access.redhat.com/errata/RHSA-2018:3113
- https://www.debian.org/security/2018/dsa-4137
- https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html
- http://www.ubuntu.com/usn/USN-3576-1
- https://access.redhat.com/errata/RHSA-2018:3113
- https://www.debian.org/security/2018/dsa-4137
- https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html