Vigil@nce - Debian: file access via libvirtd
March 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker, who is member of the kvm group, can access to
LVM devices managed by libvirtd.
– Impacted products: Debian
– Severity: 1/4
– Creation date: 26/02/2013
DESCRIPTION OF THE VULNERABILITY
On Debian, the libvirtd daemon configures LVM devices with the
"libvirt-qemu" user and the "kvm" group.
However, the kvm group is used by other applications.
A local attacker, who is member of the kvm group, can therefore
access to LVM devices managed by libvirtd.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Debian-file-access-via-libvirtd-12464