Vulnerabilities > CVE-2008-1945
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 3 | |
| OS | 2 | |
| OS | 2 | |
| OS | 2 | |
| OS | 4 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1799.NASL description Several vulnerabilities have been discovered in the QEMU processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0928 Ian Jackson discovered that range checks of file operations on emulated disk devices were insufficiently enforced. - CVE-2008-1945 It was discovered that an error in the format auto detection of removable media could lead to the disclosure of files in the host system. - CVE-2008-4539 A buffer overflow has been found in the emulation of the Cirrus graphics adaptor. last seen 2020-06-01 modified 2020-06-02 plugin id 38747 published 2009-05-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38747 title Debian DSA-1799-1 : qemu - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1799. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(38747); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2008-0928", "CVE-2008-1945", "CVE-2008-4539"); script_bugtraq_id(23731, 28001); script_xref(name:"DSA", value:"1799"); script_name(english:"Debian DSA-1799-1 : qemu - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the QEMU processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0928 Ian Jackson discovered that range checks of file operations on emulated disk devices were insufficiently enforced. - CVE-2008-1945 It was discovered that an error in the format auto detection of removable media could lead to the disclosure of files in the host system. - CVE-2008-4539 A buffer overflow has been found in the emulation of the Cirrus graphics adaptor." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-0928" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1945" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-4539" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1799" ); script_set_attribute( attribute:"solution", value: "Upgrade the qemu packages. For the old stable distribution (etch), these problems have been fixed in version 0.8.2-4etch3. For the stable distribution (lenny), these problems have been fixed in version 0.9.1-10lenny1." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"qemu", reference:"0.8.2-4etch3")) flag++; if (deb_check(release:"5.0", prefix:"qemu", reference:"0.9.1-10lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_0_QEMU-090325.NASL description qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling last seen 2020-06-01 modified 2020-06-02 plugin id 40118 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40118 title openSUSE Security Update : qemu (qemu-691) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update qemu-691. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40118); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2008-0928", "CVE-2008-1945", "CVE-2008-2382", "CVE-2008-4539", "CVE-2008-5714"); script_name(english:"openSUSE Security Update : qemu (qemu-691)"); script_summary(english:"Check for the qemu-691 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=362956" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=435135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=461565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=462502" ); script_set_attribute(attribute:"solution", value:"Update the affected qemu package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(119, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"qemu-0.10.1-0.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu"); }NASL family SuSE Local Security Checks NASL id SUSE_11_1_QEMU-090325.NASL description qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling last seen 2020-06-01 modified 2020-06-02 plugin id 40302 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40302 title openSUSE Security Update : qemu (qemu-691) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update qemu-691. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40302); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2008-0928", "CVE-2008-1945", "CVE-2008-2382", "CVE-2008-4539", "CVE-2008-5714"); script_name(english:"openSUSE Security Update : qemu (qemu-691)"); script_summary(english:"Check for the qemu-691 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=362956" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=435135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=461565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=462502" ); script_set_attribute(attribute:"solution", value:"Update the affected qemu package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(119, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"qemu-0.10.1-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-776-2.NASL description USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM last seen 2020-06-01 modified 2020-06-02 plugin id 38777 published 2009-05-14 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38777 title Ubuntu 8.04 LTS : kvm regression (USN-776-2) NASL family Scientific Linux Local Security Checks NASL id SL_20081001_XEN_ON_SL5_X.NASL description It was discovered that the hypervisor last seen 2020-06-01 modified 2020-06-02 plugin id 60480 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60480 title Scientific Linux Security Update : xen on SL5.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0892.NASL description Updated xen packages that resolve a couple of security issues and fix a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The xen packages contain tools for managing the virtual machine monitor in Red Hat Virtualization. It was discovered that the hypervisor last seen 2020-06-01 modified 2020-06-02 plugin id 34329 published 2008-10-02 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34329 title RHEL 5 : xen (RHSA-2008:0892) NASL family SuSE Local Security Checks NASL id SUSE_QEMU-6123.NASL description qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling last seen 2020-06-01 modified 2020-06-02 plugin id 36082 published 2009-04-03 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36082 title openSUSE 10 Security Update : qemu (qemu-6123) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-162.NASL description Multiple vulnerabilities have been found in Qemu. Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to attempting to mark non-existent regions as dirty, aka the bitblt heap overflow. (CVE-2007-1320) Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 receive integer signedness error. (CVE-2007-1321) QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. (CVE-2007-1322) QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by aam 0x0, which triggers a divide-by-zero error. (CVE-2007-1366) The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 mtu heap overflow. (CVE-2007-5729) Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the net socket listen option, aka QEMU net socket heap overflow. (CVE-2007-5730) QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an overflow, via certain Windows executable programs, as demonstrated by qemu-dos.com. (CVE-2007-6227) Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. (CVE-2008-0928) Changing removable media in QEMU could trigger a bug similar to CVE-2008-2004, which would allow local guest users to read arbitrary files on the host by modifying the header of the image to identify a different format. (CVE-2008-1945) See the diskformat: parameter to the -usbdevice option. The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. (CVE-2008-2004) See the -format option. The updated packages have been patched to fix these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37509 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37509 title Mandriva Linux Security Advisory : qemu (MDVSA-2008:162) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2008-2007.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2008-1945: add image format options for USB storage and removable media - CVE-2008-1952: included in fix for CVE-2008-1943 (3.1.4-0.1.3.el5) last seen 2020-06-01 modified 2020-06-02 plugin id 79449 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79449 title OracleVM 2.1 : xen (OVMSA-2008-2007) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-776-1.NASL description Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM last seen 2020-06-01 modified 2020-06-02 plugin id 38759 published 2009-05-13 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38759 title Ubuntu 8.04 LTS / 8.10 : kvm vulnerabilities (USN-776-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0892.NASL description From Red Hat Security Advisory 2008:0892 : Updated xen packages that resolve a couple of security issues and fix a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The xen packages contain tools for managing the virtual machine monitor in Red Hat Virtualization. It was discovered that the hypervisor last seen 2020-06-01 modified 2020-06-02 plugin id 67749 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67749 title Oracle Linux 5 : xen (ELSA-2008-0892) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0892.NASL description Updated xen packages that resolve a couple of security issues and fix a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The xen packages contain tools for managing the virtual machine monitor in Red Hat Virtualization. It was discovered that the hypervisor last seen 2020-06-01 modified 2020-06-02 plugin id 43711 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43711 title CentOS 5 : xen (CESA-2008:0892)
Oval
| accepted | 2013-04-29T04:23:13.821-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:9905 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 30604 CVE ID:CVE-2008-1945 CNCVE ID:CNCVE-20081945 QEMU是一款面向完整PC系统的开源仿真器。 QEMU不正确限制对部分功能的访问,本地攻击者可以利用漏洞绕过安全限制,执行未授权攻击。 QEMU没有正确处理针对可移动媒介的更改,允许客户操作系统用户通过使用diskformat读取宿主OS上的任意文件。通过在-usbdevice选项的参数可修改磁盘映像头字段数据而识别为不同的格式来读取文件。 MandrakeSoft Linux Mandrake 2008.1 x86_64 MandrakeSoft Linux Mandrake 2008.1 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 Mandriva Linux可参考如下安全公告获得补丁信息: <a href=http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 target=_blank>http://www.mandriva.com/security/advisories?name=MDVSA-2008:162</a> |
| id | SSV:3817 |
| last seen | 2017-11-19 |
| modified | 2008-08-11 |
| published | 2008-08-11 |
| reporter | Root |
| title | QEMU安全绕过漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://secunia.com/advisories/32063
- http://secunia.com/advisories/32088
- http://secunia.com/advisories/34642
- http://secunia.com/advisories/35031
- http://secunia.com/advisories/35062
- http://www.debian.org/security/2009/dsa-1799
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
- http://www.securityfocus.com/bid/30604
- http://www.securitytracker.com/id?1020959
- http://www.ubuntu.com/usn/usn-776-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44269
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905
- https://rhn.redhat.com/errata/RHSA-2008-0892.html