Vulnerability CVE-2014-5177

Vulnerability Name:

CVE-2014-5177 (CCN-95277)

Assigned:

2014-05-06

Published:

2014-05-06

Updated:

2019-04-22

Summary:

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue.
Note: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
0.9 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

3.3 Low (REDHAT CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P)
2.4 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-20
CWE-611

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2014-5177

Source: CONFIRM
Type: UNKNOWN
http://libvirt.org/news.html

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:0650

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:0674

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0560

Source: CCN
Type: RHSA-2014-0914
Moderate: libvirt security and bug fix update

Source: SECUNIA
Type: UNKNOWN
60895

Source: GENTOO
Type: UNKNOWN
GLSA-201412-04

Source: CCN
Type: Libvirt Security Notice: LSN-2014-0003
Unsafe parsing of XML documents allows arbitrary file read

Source: CONFIRM
Type: Patch, Vendor Advisory
http://security.libvirt.org/2014/0003.html

Source: CCN
Type: BID-69033
libvirt XML External Entity CVE-2014-5177 Multiple Information Disclosure Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-2366-1

Source: XF
Type: UNKNOWN
libvirt-cve20145177-info-disc(95277)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-5177

Vulnerable Configuration:

Configuration 1:

cpe:/a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:redhat:libvirt:1.0.0:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.1:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.2:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.3:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.4:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.5:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.0.6:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.1.0:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.1.1:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.1.2:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.1.3:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.1.4:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.2.0:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.2.1:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.2.2:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.2.3:-:*:*:*:*:*:*

OR cpe:/a:redhat:libvirt:1.2.4:-:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:libvirt:libvirt:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:libvirt:libvirt:1.2.4:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:26939	P	USN-2366-1 -- libvirt vulnerabilities	2014-12-01
oval:com.ubuntu.precise:def:20145177000	V	CVE-2014-5177 on Ubuntu 12.04 LTS (precise) - low.	2014-08-03
oval:com.ubuntu.trusty:def:20145177000	V	CVE-2014-5177 on Ubuntu 14.04 LTS (trusty) - low.	2014-08-03
oval:com.redhat.rhsa:def:20140914	P	RHSA-2014:0914: libvirt security and bug fix update (Moderate)	2014-07-22

BACK