Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD8950AC62-1D30-11DD-9388-0211060005DF
HistoryApr 28, 2008 - 12:00 a.m.

qemu -- "drive_init()" Disk Format Security Bypass

2008-04-2800:00:00
vuxml.freebsd.org
12

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

28.3%

JSON

Secunia reports:

A vulnerability has been reported in QEMU, which can be exploited
by malicious, local users to bypass certain security
restrictions.
The vulnerability is caused due to the “drive_init()” function
in vl.c determining the format of a disk from data contained in
the disk’s header. This can be exploited by a malicious user in
a guest system to e.g. read arbitrary files on the host by
writing a fake header to a raw formatted disk image.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchqemu< 0.9.1_6UNKNOWN
FreeBSDanynoarchqemu-devel< 0.9.1_6UNKNOWN

Related

prion 3
nessus 10
openvas 11
veracode 1
ubuntucve 3
cve 3
debiancve 3
ubuntu 2
redhat 1
centos 1
oraclelinux 1
prion
prion
Format string
2008-05-12 22:20:00
Design/Logic Flaw
2008-08-08 19:41:00
Format string
2013-05-13 23:55:00
nessus
nessus
openSUSE 10 Security Update : qemu (qemu-5270)
2008-06-12 00:00:00
FreeBSD : qemu -- 'drive_init()' Disk Format Security Bypass (8950ac62-1d30-11dd-9388-0211060005df)
2008-05-09 00:00:00
OracleVM 2.1 : xen (OVMSA-2008-2003)
2014-11-26 00:00:00
openvas
openvas
FreeBSD Ports: qemu, qemu-devel
2008-09-04 00:00:00
FreeBSD Ports: qemu, qemu-devel
2008-09-04 00:00:00
Ubuntu USN-776-1 (kvm)
2009-05-20 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:26:31
ubuntucve
ubuntucve
CVE-2008-2004
2008-05-12 00:00:00
CVE-2013-1922
2013-04-15 00:00:00
CVE-2008-1945
2008-08-08 00:00:00
cve
cve
CVE-2008-2004
2008-05-12 22:20:00
CVE-2008-1945
2008-08-08 19:41:00
CVE-2013-1922
2013-05-13 23:55:00
debiancve
debiancve
CVE-2008-2004
2008-05-12 22:20:00
CVE-2008-1945
2008-08-08 19:41:00
CVE-2013-1922
2013-05-13 23:55:00
ubuntu
ubuntu
KVM vulnerabilities
2009-05-12 00:00:00
KVM regression
2009-05-13 00:00:00
redhat
redhat
(RHSA-2008:0194) Important: xen security and bug fix update
2008-05-13 00:00:00
centos
centos
xen security update
2008-05-16 01:20:08
oraclelinux
oraclelinux
xen security and bug fix update
2008-05-13 00:00:00

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

28.3%

JSON
Related for 8950AC62-1D30-11DD-9388-0211060005DF
prion3nessus10openvas11veracode1ubuntucve3cve3debiancve3ubuntu2redhat1centos1oraclelinux1