Format string

The driveinit function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted...

CVE-2008-2004

CVE-2008-2004 concerns QEMU up to 0.9.1 where drive_init determines the raw-disk image format from the header. By altering the header to identify a different format, a local guest user can cause the host to disclose arbitrary host files when the guest is restarted. The vulnerability is tied to QE...

CVE-2008-2004

The driveinit function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted...

qemu -- "drive_init()" Disk Format Security Bypass

Secunia reports: A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the "driveinit" function in vl.c determining the format of a disk from data contained in the disk's header. This...