Bug 945645 - (CVE-2015-5247) VUL-0: CVE-2015-5247: libvirt: nfs root squash problems
(CVE-2015-5247)
VUL-0: CVE-2015-5247: libvirt: nfs root squash problems
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/156554/
CVSSv2:RedHat:CVE-2015-5247:1.7:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-14 09:17 UTC by Marcus Meissner
Modified: 2017-08-10 14:36 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-09-14 09:17:22 UTC
CVE-2015-5247

http://libvirt.org/git/?p=libvirt.git;a=tag;h=6c03786285a507be7d93fa6b2786fad161066954
http://libvirt.org/git/?p=libvirt.git;a=tag;h=f99b6ddb92b19ba122d112b358199cab144e0d86
http://libvirt.org/git/?p=libvirt.git;a=tag;h=40c5e56f9de6be8c11ffeeecb007f93ed3a137de
https://bugzilla.redhat.com/show_bug.cgi?id=1259350


 Commit id '155ca616' added the 'refreshVol' API. In an NFS root-squash
environment it was possible that if the just created volume from XML wasn't
properly created with the right uid/gid and/or mode, then the followup
refreshVol will fail to open the volume in order to get the allocation/
capacity values. This would leave the volume still on the server and
cause a libvirtd crash because 'voldef' would be in the pool list, but
the cleanup code would free it.

 virfile: Introduce virFileUnlink

In an NFS root-squashed environment the 'vol-delete' command will fail to
'unlink' the target volume since it was created under a different uid:gid.

This code continues the concepts introduced in virFileOpenForked and
virDirCreate[NoFork] with respect to running the unlink command under
the uid/gid of the child. Unlike the other two, don't retry on EACCES
(that's why we're here doing this now).
Comment 1 Cédric Bosdonnat 2015-09-14 09:27:55 UTC
Working on it
Comment 5 Bernhard Wiedemann 2015-09-14 10:00:18 UTC
This is an autogenerated message for OBS integration:
This bug (945645) was mentioned in
https://build.opensuse.org/request/show/330866 Factory / libvirt
Comment 6 James Fehlig 2015-09-15 00:51:00 UTC
Affects libvirt 1.2.14 through 1.2.19.  For SUSE products that means Factory, SLE12 SP1, and Leap. Cedric has already taken care of the first two.
Comment 7 Bernhard Wiedemann 2015-09-15 09:00:10 UTC
This is an autogenerated message for OBS integration:
This bug (945645) was mentioned in
https://build.opensuse.org/request/show/331002 Leap:42.1 / libvirt
Comment 8 Bernhard Wiedemann 2015-09-15 18:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (945645) was mentioned in
https://build.opensuse.org/request/show/331092 Leap:42.1 / libvirt
https://build.opensuse.org/request/show/331093 Factory / libvirt
Comment 9 Bernhard Wiedemann 2015-09-17 21:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (945645) was mentioned in
https://build.opensuse.org/request/show/331842 Leap:42.1 / libvirt
Comment 10 Cédric Bosdonnat 2015-10-05 18:26:27 UTC
Changes have now landed in all impacted distros
Comment 11 Marcus Meissner 2015-10-07 06:32:23 UTC
reopen and reassign to security-team for tracking
Comment 12 Swamp Workflow Management 2015-10-07 21:59:56 UTC
bugbot adjusting priority
Comment 13 Johannes Segitz 2017-08-10 14:36:59 UTC
fixed