FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2004

This CVE name corresponds to:

Entered Topic
2008-05-08 qemu -- "drive_init()" Disk Format Security Bypass

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2004 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-2004
Phase Assigned(20080428)

Description

The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

References

Source Reference
MLIST [Qemu-devel] 20080428 [4277] add format= to drive options (CVE-2008-2004)
CONFIRM http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277
MANDRIVA MDVSA-2008:162
REDHAT RHSA-2008:0194
SUSE SUSE-SR:2008:013
UBUNTU USN-776-1
BID 29101
OVAL oval:org.mitre.oval:def:11021
SECUNIA 30111
SECUNIA 29963
SECUNIA 30717
SECUNIA 29129
SECUNIA 35062
XF qemu-driveinit-security-bypass(42268)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.