Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2008-2004HistoryMay 12, 2008 - 10:20 p.m.
CVE-2008-2004
2008-05-1222:20:00
Debian Security Bug Tracker
security-tracker.debian.org
17
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
28.8%
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | qemu | < 0.9.1-5 | qemu_0.9.1-5_all.deb |
| Debian | 11 | all | qemu | < 0.9.1-5 | qemu_0.9.1-5_all.deb |
| Debian | 10 | all | qemu | < 0.9.1-5 | qemu_0.9.1-5_all.deb |
| Debian | 999 | all | qemu | < 0.9.1-5 | qemu_0.9.1-5_all.deb |
| Debian | 13 | all | qemu | < 0.9.1-5 | qemu_0.9.1-5_all.deb |
Related
prion
prion
Format string
2008-05-12 22:20:00
Design/Logic Flaw
2008-08-08 19:41:00
Format string
2013-05-13 23:55:00
nessus
nessus
openSUSE 10 Security Update : qemu (qemu-5270)
2008-06-12 00:00:00
FreeBSD : qemu -- 'drive_init()' Disk Format Security Bypass (8950ac62-1d30-11dd-9388-0211060005df)
2008-05-09 00:00:00
OracleVM 2.1 : xen (OVMSA-2008-2003)
2014-11-26 00:00:00
freebsd
freebsd
qemu -- "drive_init()" Disk Format Security Bypass
2008-04-28 00:00:00
openvas
openvas
FreeBSD Ports: qemu, qemu-devel
2008-09-04 00:00:00
FreeBSD Ports: qemu, qemu-devel
2008-09-04 00:00:00
Ubuntu USN-776-1 (kvm)
2009-05-20 00:00:00
ubuntucve
ubuntucve
cve
cve
veracode
veracode
Information Disclosure
2020-04-10 00:26:31
cvelist
cvelist
CVE-2008-1945
2008-08-08 19:00:00
debiancve
debiancve
CVE-2008-1945
2008-08-08 19:41:00
CVE-2013-1922
2013-05-13 23:55:00
ubuntu
ubuntu
KVM regression
2009-05-13 00:00:00
KVM vulnerabilities
2009-05-12 00:00:00
redhat
redhat
(RHSA-2008:0194) Important: xen security and bug fix update
2008-05-13 00:00:00
centos
centos
xen security update
2008-05-16 01:20:08
oraclelinux
oraclelinux
xen security and bug fix update
2008-05-13 00:00:00
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
28.8%
Related for DEBIANCVE:CVE-2008-2004