Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8556

Опубликовано: 14 дек. 2015
Источник: redhat
CVSS2: 6.2

Описание

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

A Time of Creation To Time of Usage (TOCTTOU) flaw was discovered in the QEMU emulator built with VirtFS(file system pass-through) support to share folders between host and guest. The flaw occurs if the 'virtfs-proxy-helper' program is installed with SUID permissions or has 'CAP_CHOWN' capability. An unprivileged, local attacker could exploit this flaw to potentially escalate their privileges and gain root access to the system.

Отчет

This issue does not affect the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, and the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 7. This issue does not affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-250
https://bugzilla.redhat.com/show_bug.cgi?id=1292211Qemu: virtfs: local privilege escalation via virtfs-proxy-helper

6.2 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8556

CVSS3: 10
ubuntu
почти 9 лет назад

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

nvd логотип

CVE-2015-8556

CVSS3: 10
nvd
почти 9 лет назад

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

debian логотип

CVE-2015-8556

CVSS3: 10
debian
почти 9 лет назад

Local privilege escalation vulnerability in the Gentoo QEMU package be ...

github логотип

GHSA-ggvf-46pm-9ccw

CVSS3: 10
github
больше 3 лет назад

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

fstec логотип

BDU:2017-00757

fstec
почти 9 лет назад

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии в гостевой операционной системе

6.2 Medium

CVSS2