CVE-2008-2004

Published: 12 May 2008

The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

Priority

Medium

Status

Package Release Status
kvm
Launchpad, Ubuntu, Debian
Upstream
Released (0.72)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

qemu
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Vendor: http://patch-tracking.debian.net/patch/series/view/qemu/0.9.1-6/94_security.patch
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xen-3.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xen-3.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-block-no-auto-format-CVE-2008-2004.patch
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-block-no-auto-format-CVE-2008-2004.patch
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-block-no-auto-format-CVE-2008-2004.patch
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
kees
xen-utils-3.x is in universe
mdeslaur
xen-qemu-block-no-auto-format.patch in RHEL5

References