Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-4037

Опубликовано: 13 мая 2015
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.- files before the program.

Отчет

This issue affects the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7, and the versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmAffected
Red Hat Enterprise Linux 6qemu-kvmAffected
Red Hat Enterprise Linux 7qemu-guest-agentAffected
Red Hat Enterprise Linux 7qemu-kvmAffected
Red Hat Enterprise Linux 7qemu-kvm-rhevAffected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevAffected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevAffected
Red Hat OpenStack Platform 4qemu-kvm-rhevAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-377
https://bugzilla.redhat.com/show_bug.cgi?id=1222892qemu: insecure temporary file use in /net/slirp.c

EPSS

Процентиль: 27%
0.00096
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-4037

ubuntu
больше 10 лет назад

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

nvd логотип

CVE-2015-4037

nvd
больше 10 лет назад

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

debian логотип

CVE-2015-4037

debian
больше 10 лет назад

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier create ...

github логотип

GHSA-4xwp-3m3p-vvgr

github
больше 3 лет назад

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

fstec логотип

BDU:2015-11298

fstec
больше 10 лет назад

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 27%
0.00096
Низкий

4.9 Medium

CVSS2