[Libguestfs] CVE-2010-3851 libguestfs: missing disk format specifier when adding a disk

(This bug was found by Matthew Booth during routine code review) We found a security issue which affects libguestfs programs in some circumstances. Since we don't pass the disk format through to qemu, a malicious guest backed by raw-format storage might craft a qcow2 header into its own disk. QEmu would interpret this, and qcow2 offers a wide range of features such as accessing arbitrary backing files from the host, allowing the guest to read a host file (under rather narrow conditions, see below). All versions of virt-v2v are vulnerable. virt-inspector is vulnerable for versions <= 1.5.3. Other programs that use libguestfs may be vulnerable. You should review the bug below carefully to find out if you could be affected, particularly the Description and Comment 1: https://bugzilla.redhat.com/show_bug.cgi?id=643958 A CVE has been allocated to this bug: http://cve.mitre.org/cgi-bin/cvename.cgi?name=+CVE-2010-3851 No fix is available at present, but we are working on one. In the meantime, avoid using libguestfs / tools on: - untrusted, malicious guests that use raw-format storage - where you are running commands from these guests (http://libguestfs.org/guestfs.3.html#running_commands) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#) http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora