Back to search
CVE-2008-2004
Published: May 12, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
35062
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0194
vendor-advisory
x_refsource_REDHAT
29101
vdb-entry
x_refsource_BID
[Qemu-devel] 20080428 [4277] add format= to drive options (CVE-2008-2004)
mailing-list
x_refsource_MLIST
MDVSA-2008:162
vendor-advisory
x_refsource_MANDRIVA
oval:org.mitre.oval:def:11021
vdb-entry
signature
x_refsource_OVAL
USN-776-1
vendor-advisory
x_refsource_UBUNTU
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277
x_refsource_CONFIRM
29963
third-party-advisory
x_refsource_SECUNIA
29129
third-party-advisory
x_refsource_SECUNIA
30111
third-party-advisory
x_refsource_SECUNIA
qemu-driveinit-security-bypass(42268)
vdb-entry
x_refsource_XF
SUSE-SR:2008:013
vendor-advisory
x_refsource_SUSE
30717
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now