PT-2008-5783 · Qemu+1 · Qemu+1
Christian Hoffmann
·
Publicado
2008-10-15
·
Atualizado
2017-08-08
·
CVE-2008-4553
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
qemu version 0.9.1-5
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. This is related to the qemu-make-debian-root functionality in qemu on Debian GNU/Linux systems.
Recommendations
For qemu version 0.9.1-5, consider restricting access to the qemu-make-debian-root functionality until a patch is available to prevent local users from overwriting arbitrary files via a symlink attack.
Exploit
Correção
Link Following
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Debian
Qemu