CVE-2019-10132 - OpenCVE

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Libvirt
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2019:1264
https://access.redhat.com/errata/RHSA-2019:1268
https://access.redhat.com/errata/RHSA-2019:1455
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132	Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
https://security.libvirt.org/2019/0003.html	Vendor Advisory
https://usn.ubuntu.com/4021-1/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2019-05-22T17:21:19

Updated: 2019-07-09T03:06:02

Reserved: 2019-03-27T00:00:00

Link: CVE-2019-10132

JSON object: View

NVD Information

Status : Modified

Published: 2019-05-22T18:29:00.427

Modified: 2023-02-12T23:32:39.007

Link: CVE-2019-10132

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "libvirt", "vendor": "libvirt", "versions": [{"status": "affected", "version": "affects >= 4.1.0"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-09T03:06:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.libvirt.org/2019/0003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132"}, {"name": "RHSA-2019:1264", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1264"}, {"name": "RHSA-2019:1268", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1268"}, {"name": "FEDORA-2019-5f105dd2b6", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"}, {"name": "RHSA-2019:1455", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"name": "USN-4021-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4021-1/"}, {"name": "FEDORA-2019-9210998aaa", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10132", "datePublished": "2019-05-22T17:21:19", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2019-07-09T03:06:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF48B60B-606F-47E7-9469-464B3A10EFFE", "versionEndIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en libvirt > = 4.1.0 en las unidades virtlockd-admin. Socket y virtlogd-admin. Socket systemd. Un par\u00e1metro de configuraci\u00f3n de SocketMode que falta permite a cualquier usuario del servidor conectarse mediante virtlockd-admin-sock o virtlogd-admin-Sock y realizar tareas administrativas contra los demonios virtlockd y virtlogd."}], "id": "CVE-2019-10132", "lastModified": "2023-02-12T23:32:39.007", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2019-05-22T18:29:00.427", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:1264"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:1268"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:1455"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10132"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RANC4LWZQRVJGJHVWCU6R4CCXQMDD4L/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://security.libvirt.org/2019/0003.html"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/4021-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Secondary"}]}