libvirt ACL storage_backend_fs.c virStorageBackendFileSystemVolCreate path traversal
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 2.4 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, was found in libvirt. The impacted element is the function virStorageBackendFileSystemVolCreate of the file storage/storage_backend_fs.c of the component ACL. The manipulation results in path traversal.
This vulnerability is identified as CVE-2015-5313. The attack is only possible with local access. There is not any exploit available.
You should upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in libvirt (Virtualization Software) (affected version not known). Affected is the function virStorageBackendFileSystemVolCreate of the file storage/storage_backend_fs.c of the component ACL. The manipulation with an unknown input leads to a path traversal vulnerability. CWE is classifying the issue as CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. This is going to have an impact on confidentiality, and integrity. CVE summarizes:
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
The weakness was released 04/11/2016 (Website). The advisory is shared for download at redhat.com. This vulnerability is traded as CVE-2015-5313 since 07/01/2015. The attack needs to be approached locally. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1006.
The vulnerability scanner Nessus provides a plugin with the ID 89191 (Fedora 22 : libvirt-1.2.13.2-1.fc22 (2015-2c9678da8c)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 157323 (Oracle Enterprise Linux Security Update for libvirt (ELSA-2016-2577)).
Upgrading eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (89191) and SecurityFocus (BID 90913†). Entry connected to this vulnerability is available at VDB-123043. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 2.5VulDB Meta Temp Score: 2.4
VulDB Base Score: 2.5
VulDB Temp Score: 2.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 2.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 89191
Nessus Name: Fedora 22 : libvirt-1.2.13.2-1.fc22 (2015-2c9678da8c)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 867773
OpenVAS Name: Fedora Update for libvirt FEDORA-2015-2
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: 034e47c338b13a95cf02106a3af912c1c5f818d7
Timeline
07/01/2015 🔍01/06/2016 🔍
03/03/2016 🔍
04/11/2016 🔍
04/11/2016 🔍
04/11/2016 🔍
04/12/2016 🔍
07/13/2022 🔍
Sources
Advisory: FEDORA-2015-2c9678da8cStatus: Not defined
Confirmation: 🔍
CVE: CVE-2015-5313 (🔍)
GCVE (CVE): GCVE-0-2015-5313
GCVE (VulDB): GCVE-100-82056
SecurityFocus: 90913 - libvirt CVE-2015-5313 Local Directory Traversal Vulnerability
See also: 🔍
Entry
Created: 04/12/2016 11:01Updated: 07/13/2022 13:56
Changes: 04/12/2016 11:01 (55), 10/03/2018 10:39 (22), 07/13/2022 13:51 (4), 07/13/2022 13:56 (1)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.