解决了

Nutanix的某人可以对Libvirt发表评论吗?

  • 2014年5月19日
  • 1回复
  • 2976意见
k
徽章 +4
我知道这是曼德里瓦的通知,但我认为CentOS也受到影响。_______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:097 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libvirt Date : May 16, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered并在libvirt中进行纠正:LXC驱动程序(LXC /LXC_DRIVER.C)libvirt 1.0.1至1.2.1允许本地用户(1)通过VirdomainDevicedettach API删除任意主机设备,并在容器中对 /DEV进行Symlink攻击;(2)通过VirdomainDeviceAttach API创建任意节点(MKNOD),并在容器中对 /dev进行符号攻击;并通过(3)VirdomainShutdown或(4)VirdomainReboot API和容器中的/dev/Initctl否定服务(3)virdomainshutdown或(4)virdomainshutdown或(4)在容器中/dev/initctl的symlink攻击,与/proc/proc/root和virInitCtlSetRunlevel有关功能(CVE-2013-6456)。libvirt被修补以防止解析XML文件时的扩展。此漏洞使恶意用户能够阅读任意文件或导致拒绝服务(CVE-2014-0179)。更新的软件包已升级到1.1.3.5版本,并修补以纠正这些问题。_______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0179 http://security.libvirt.org/2014/0003.html http://lists.opensuse.org/opensuse.org/opensuse-updates/2014-05/mmsg00048.html
图标

最好的答案Shuguet2014年5月19日,11:43

\nBut what I can tell you is that the version of libvirt deployed on the CVM does not seems to be impacted.
\nThe CVEs you mention and the Libvirt advisories both refers to versions 1.0.1 or later of libvirt.
\n
\nBut the CVMs (as of the latest publicly available release, 3.5.3.1) uses the version 0.10.2:
\nnutanix@cvm$ ls -la \/usr\/lib64\/libvirt.so.0lrwxrwxrwx. 1 root root 17 Apr 3 15:14 \/usr\/lib64\/libvirt.so.0 -> libvirt.so.0.10.2<\/b>
\nnutanix@cvm$ virsh --version=longVirsh command line tool of libvirt 0.10.2<\/b>See web site at http:\/\/libvirt.org\/
\nCompiled with support for:Hypervisors: QEMU\/KVM LXC ESX TestNetworking: Remote Network Bridging Interface netcf Nwfilter VirtualPortStorage: Dir Disk Filesystem SCSI Multipath iSCSI LVMMiscellaneous: Daemon Nodedev SELinux Secrets Debug DTrace Readline
\n
\nEdit: There is a dormant flaw starting at version 0.0.5, and activated after 0.7.5, that may allow denial of service. But the major threat is the privileged information disclosure, and that is only after version 1.0.0.
\nIn any case, both flaws can only be activated via local access to the Nutanix configuration.
\n
\nSylvain.","className":"post__content__best_answer"}">
查看原件

    1回复

    Shuguet
    UserLevel 4
    徽章 +20
    我不是Nutanix,所以您可能仍然要等待一个答案(尽管您真的需要一个,我会提出一个支持案件以官方声明)。
    但是我能告诉您的是,在CVM上部署的Libvirt版本似乎没有受到影响。
    您提到的CVE和Libvirt Advision都指Libvirt的版本1.0.1或更高版本。

    但是CVM(截至最新的公开发行版,3.5.3.1)使用0.10.2:
    nutanix@cvm $ ls -la/usr/lib64/libvirt.so.0lrwxrwxrwx。1根根17 APR 3 15:14/usr/lib64/libvirt.so.0-> libvirt.so。0.10.2
    nutanix@cvm $ virsh-version = longvirsh命令行工具libvirt0.10.2请参阅网站http://libvirt.org/
    Compiled with support for:Hypervisors: QEMU/KVM LXC ESX TestNetworking: Remote Network Bridging Interface netcf Nwfilter VirtualPortStorage: Dir Disk Filesystem SCSI Multipath iSCSI LVMMiscellaneous: Daemon Nodedev SELinux Secrets Debug DTrace Readline

    编辑:从0.0.5版本开始,有一个休眠的缺陷,并在0.7.5之后激活,这可能允许拒绝服务。但是主要威胁是特权信息披露,仅在版本1.0.0之后。
    无论如何,这两个缺陷只能通过局部访问Nutanix配置激活。

    西尔万。
    Sylvain Huguet -2X Nutanix技术冠军2015-2016,法国Nutanix Connect Chapter Champion,法国VMUG首领,6倍VMware Vexpert 2011至2016
    \nBut what I can tell you is that the version of libvirt deployed on the CVM does not seems to be impacted.
    \nThe CVEs you mention and the Libvirt advisories both refers to versions 1.0.1 or later of libvirt.
    \n
    \nBut the CVMs (as of the latest publicly available release, 3.5.3.1) uses the version 0.10.2:
    \nnutanix@cvm$ ls -la \/usr\/lib64\/libvirt.so.0lrwxrwxrwx. 1 root root 17 Apr 3 15:14 \/usr\/lib64\/libvirt.so.0 -> libvirt.so.0.10.2<\/b>
    \nnutanix@cvm$ virsh --version=longVirsh command line tool of libvirt 0.10.2<\/b>See web site at http:\/\/libvirt.org\/
    \nCompiled with support for:Hypervisors: QEMU\/KVM LXC ESX TestNetworking: Remote Network Bridging Interface netcf Nwfilter VirtualPortStorage: Dir Disk Filesystem SCSI Multipath iSCSI LVMMiscellaneous: Daemon Nodedev SELinux Secrets Debug DTrace Readline
    \n
    \nEdit: There is a dormant flaw starting at version 0.0.5, and activated after 0.7.5, that may allow denial of service. But the major threat is the privileged information disclosure, and that is only after version 1.0.0.
    \nIn any case, both flaws can only be activated via local access to the Nutanix configuration.
    \n
    \nSylvain.","quoteUsername":"shuguet","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

    回复


    Baidu