CVE-2019-10167

CWE-250CWE-284Improper Access ControlCWE-22Path TraversalCWE-862Missing AuthorizationCWE-82910 documents8 sources
Severity
7.8HIGH
EPSS
0.2%
top 61.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Redhat LibvirtLibvirt LibvirtRedhat Enterprise Linux+7 more
Timeline
PublishedAug 2
Latest updateMay 24

Description

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDredhat/libvirt4.0.04.10.1+1
Debianlibvirt< 5.0.0-4+3
CVEListV5libvirt/libvirt4.x.x before 4.10.1, 5.x.x before 5.4.1+1

Also affects: Enterprise Linux 7.0, 8.0, 7.6

🔴Vulnerability Details

3
GHSA
GHSA-5p5j-3wqp-w634: The virConnectGetDomainCapabilities() libvirt API, versions 42022-05-24
OSV
CVE-2019-10167: The virConnectGetDomainCapabilities() libvirt API, versions 42019-08-02
CVEList
CVE-2019-10167: The virConnectGetDomainCapabilities() libvirt API, versions 42019-08-02

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities2019-07-08
Red Hat
libvirt: arbitrary command execution via virConnectGetDomainCapabilities API2019-06-20
Debian
CVE-2019-10167: libvirt - The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 ...2019

💬Community

3
Bugzilla
CVE-2019-10167 libvirt: arbitrary command execution via virConnectGetDomainCapabilities API [fedora-all]2019-06-20
Bugzilla
CVE-2019-10167 mingw-libvirt: libvirt: arbitrary command execution via virConnectGetDomainCapabilities API [fedora-all]2019-06-20
Bugzilla
CVE-2019-10167 libvirt: arbitrary command execution via virConnectGetDomainCapabilities API2019-06-13