Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2004

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2008-2004
Last Modified 21 Aug 2010 01:19:53
Published 12 May 2008 06:20:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2004

Summary

The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

Vulnerable Systems

Application

  • Qemu 0.9.1


References

XF - qemu-driveinit-security-bypass(42268)

UBUNTU - USN-776-1

BID - 29101

SUSE - SUSE-SR:2008:013

MANDRIVA - MDVSA-2008:162

CONFIRM - http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277

SECUNIA - 35062

SECUNIA - 30717

SECUNIA - 30111

SECUNIA - 29129

MLIST - [Qemu-devel] 20080428 [4277] add format= to drive options (CVE-2008-2004)

REDHAT - RHSA-2008:0194

SECUNIA - 29963


Last Updated: 27 May 2016 10:47:44