Twenty Year Anniversary
Showing 1 - 5 of 5 RSS Feed

CVE-2012-2652

Status Candidate

Overview

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

Related Files

Mandriva Linux Security Advisory 2013-121
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-121 - A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest's read-only image and the current state. In snapshot mode, bdrv_open() creates an empty temporary file without checking for any mkstemp() or close() failures; it also ignores the possibility of a buffer overrun given an exceptionally long /tmp. Because qemu re-opens that file after creation, it is possible to race qemu and insert a symbolic link with the same expected name as the temporary file, pointing to an attacker-chosen file. This can be used to either overwrite the destination file with the privileges of the user running qemu , or to point to an attacker-readable file that could expose data from the guest to the attacker. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-2652, CVE-2012-3515, CVE-2012-6075
MD5 | dc80e38113d5c83dac3106eadce20bbe
Gentoo Linux Security Advisory 201210-04
Posted Oct 18, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201210-4 - Multiple vulnerabilities were found in qemu-kvm, allowing attackers to execute arbitrary code. Versions less than 1.1.1-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-1750, CVE-2011-1751, CVE-2011-2212, CVE-2011-2512, CVE-2012-0029, CVE-2012-2652
MD5 | 8cf88c2abb7d5c9fae2da6011a9adc0e
Debian Security Advisory 2545-1
Posted Sep 10, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2545-1 - Multiple vulnerabilities have been discovered in qemu, a fast processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-2652, CVE-2012-3515
MD5 | fec7e5f0f651686d077e785bdcb90b60
Debian Security Advisory 2542-1
Posted Sep 10, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2542-1 - Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2012-2652, CVE-2012-3515
MD5 | 05386e48ba1eb26a9fa4e12677aa2763
Ubuntu Security Notice USN-1522-1
Posted Aug 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1522-1 - It was discovered that QEMU incorrectly handled temporary files when creating a snapshot. A local attacker could use this flaw to possibly overwrite files with root privilege, or obtain sensitive information from the guest.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2012-2652
MD5 | 086aa75ce2840b40bb4d1f0c3247c740
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    8 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close