LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

libguestfs: possible host corruption

Package(s):libguestfs CVE #(s):CVE-2010-3851
Created:November 3, 2010 Updated:July 7, 2011
Description: From the Red Hat bugzilla:

libguestfs doesn't currently allow the format of a disk to be specified explicitly, and therefore always uses automatic format detection. It takes disk images as arguments, and can therefore only be run by the virtualisation administrator. However, if a malicious guest administrator knows that libguestfs will run against their image, they could still use this technique to corrupt the host.

Alerts:
Scientific Linux SL-libg-20110519 2011-05-19
Red Hat RHSA-2011:0586-01 2011-05-19
Fedora FEDORA-2010-17202 2010-11-03
Fedora FEDORA-2010-16835 2010-10-28
(Log in to post comments)

libguestfs: possible host corruption

Posted Nov 4, 2010 14:56 UTC (Thu) by rwmj (subscriber, #5474) [Link]

This is hopefully a more technically informative description of the problem:

https://www.redhat.com/archives/libguestfs/2010-October/m...

This has been fixed in all versions of Fedora, and the fix is going to be backported to EPEL 5.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds