Vulnerability Name:

CVE-2010-3851 (CCN-62636)

Assigned:2010-10-14
Published:2010-10-14
Updated:2011-08-27
Summary:libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier.
CVSS v3 Severity:2.8 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.7 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N)
3.6 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N)
1.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
1.5 Low (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:N/A:N)
1.2 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2010-3851

Source: CCN
Type: libguestfs Web site
libguestfs

Source: FEDORA
Type: Patch
FEDORA-2010-16835

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-17202

Source: CCN
Type: oss-security
CVE request -- libguestfs: missing disk format specifier when adding a disk

Source: CCN
Type: RHSA-2011-0586
Low: libguestfs security, bug fix, and enhancement update

Source: CONFIRM
Type: UNKNOWN
http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions/

Source: CCN
Type: SA41797
libguestfs Qemu Disk Format Specifier Weakness

Source: SECUNIA
Type: Vendor Advisory
41797

Source: SECUNIA
Type: UNKNOWN
42235

Source: CCN
Type: OSVDB ID: 68774
libguestfs Image Format Qemu Propogation Weakness Arbitrary File Disclosure

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0586

Source: BID
Type: UNKNOWN
44166

Source: CCN
Type: BID-44166
libguestfs Disk Format Specifier Information Disclosure Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2010-2874

Source: VUPEN
Type: UNKNOWN
ADV-2010-2963

Source: CCN
Type: Red Hat Bugzilla Bug 643958
CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=643958

Source: XF
Type: UNKNOWN
libguestfs-disk-format-info-disclosure(62636)

Source: MLIST
Type: UNKNOWN
[Libguestfs] 20101019 CVE-2010-3851libguestfs:missing disk format specifier when adding a disk

Source: MLIST
Type: UNKNOWN
[Libguestfs] 20101021 [PATCH 0/2] First part of fix for CVE-2010-3851

Source: MLIST
Type: Patch
[Libguestfs] 20101022 [PATCH 0/8 v2] Complete fix for CVE-2010-3851.

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libguestfs:libguestfs:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.11:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.12:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.13:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.14:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.15:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.16:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.17:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.18:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.19:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.20:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.5.21:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:*:*:*:*:*:*:*:* (Version <= 1.5.22)
  • AND
  • cpe:/a:matthew_booth:virt-v2v:*:*:*:*:*:*:*:*
  • OR cpe:/a:richard_jones:virt-inspector:*:*:*:*:*:*:*:* (Version <= 1.5.3)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:libguestfs:libguestfs:1.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:23661
    P
    		ELSA-2011:0586: libguestfs security, bug fix, and enhancement update (Low)
    2014-05-26
    oval:org.mitre.oval:def:21875
    P
    		RHSA-2011:0586: libguestfs security, bug fix, and enhancement update (Low)
    2014-02-24
    oval:com.redhat.rhsa:def:20110586
    P
    		RHSA-2011:0586: libguestfs security, bug fix, and enhancement update (Low)
    2011-05-19
    BACK
    libguestfs libguestfs 1.5.0
    libguestfs libguestfs 1.5.1
    libguestfs libguestfs 1.5.2
    libguestfs libguestfs 1.5.3
    libguestfs libguestfs 1.5.4
    libguestfs libguestfs 1.5.5
    libguestfs libguestfs 1.5.6
    libguestfs libguestfs 1.5.7
    libguestfs libguestfs 1.5.8
    libguestfs libguestfs 1.5.9
    libguestfs libguestfs 1.5.10
    libguestfs libguestfs 1.5.11
    libguestfs libguestfs 1.5.12
    libguestfs libguestfs 1.5.13
    libguestfs libguestfs 1.5.14
    libguestfs libguestfs 1.5.15
    libguestfs libguestfs 1.5.16
    libguestfs libguestfs 1.5.17
    libguestfs libguestfs 1.5.18
    libguestfs libguestfs 1.5.19
    libguestfs libguestfs 1.5.20
    libguestfs libguestfs 1.5.21
    libguestfs libguestfs *
    matthew_booth virt-v2v *
    richard_jones virt-inspector *
    libguestfs libguestfs 1.0.0
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6