Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2652

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-2652
Last Modified 05 Mar 2014 11:37:56
Published 07 Aug 2012 04:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2652

Summary

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

Vulnerable Systems

Application

  • Qemu 1.0


References

UBUNTU - USN-1522-1

BID - 53725

SECUNIA - 50132

CONFIRM - http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=eba25057b9a5e19d10ace2bc7716667a31297169

DEBIAN - DSA-2545

SUSE - SUSE-SU-2012:1202

SECUNIA - 50689

CONFIRM - http://git.qemu.org/?p=qemu-stable-0.15.git;a=log

Related Patches

Novell SUSE 2012:6455 kvm recommended update for SLE 11 SP2 i586

Novell SUSE 2012:6455 kvm recommended update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 10:55:02