Lucene search

K

PRIOn knowledge basePRION:CVE-2011-2527

HistoryJun 21, 2012 - 3:55 p.m.

Design/Logic Flaw

2012-06-2115:55:00

PRIOn knowledge base

www.prio-n.com

5

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

26.2%

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

CPENameOperatorVersion
qemueq0.12.2
qemueq0.12.0 rc2
qemueq0.1.6
qemueq0.13.0 rc0
qemueq0.4.2
qemueq0.10.3
qemueq0.11.0-rc1
qemueq0.1.5
qemueq0.13.0
qemueq0.8.2

Rows per page:

1-10 of 571

References

lists.opensuse.org/opensuse-updates/2012-02/msg00009.html

rhn.redhat.com/errata/RHSA-2011-1531.html

secunia.com/advisories/45187

secunia.com/advisories/45188

secunia.com/advisories/45419

secunia.com/advisories/47157

secunia.com/advisories/47992

ubuntu.com/usn/usn-1177-1

www.openwall.com/lists/oss-security/2011/07/12/15

www.openwall.com/lists/oss-security/2011/07/12/5

www.osvdb.org/74752

www.securityfocus.com/bid/48659

bugs.launchpad.net/qemu/+bug/807893

exchange.xforce.ibmcloud.com/vulnerabilities/68539

lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html

www.debian.org/security/2011/dsa-2282

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

26.2%

Related for PRION:CVE-2011-2527

openvas10 veracode1 redhat1 ubuntu1 nessus8 ubuntucve1 cve1 osv1 debian1 securityvulns2 oraclelinux1 fedora1