CVE-2008-1945
Published: 08 August 2008
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
kvm Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
qemu Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
Patches: Vendor: http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 |
||
|
qemu-kvm Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
xen-3.0 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
Patches: Vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-usbdisk-no-auto-format-CVE-2008-1945.patch |
||
|
xen-3.1 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
Patches: Vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-usbdisk-no-auto-format-CVE-2008-1945.patch |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
xen-3.2 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
Patches: Vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-usbdisk-no-auto-format-CVE-2008-1945.patch |
||
| Binaries built from this source package are in Universe and so are supported by the community. | ||
|
xen-3.3 Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
|