Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7471

Опубликовано: 18 апр. 2017
Источник: redhat
CVSS3: 7.6
CVSS2: 6.5
EPSS Низкий

Описание

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 8qemu-kvmNot affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1443401Qemu: 9p: virtfs allows guest to change filesystem attributes on host

EPSS

Процентиль: 78%
0.01153
Низкий

7.6 High

CVSS3

6.5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-7471

CVSS3: 9
ubuntu
почти 7 лет назад

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

nvd логотип

CVE-2017-7471

CVSS3: 9
nvd
почти 7 лет назад

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

debian логотип

CVE-2017-7471

CVSS3: 9
debian
почти 7 лет назад

Quick Emulator (Qemu) built with the VirtFS, host directory sharing vi ...

github логотип

GHSA-cjfg-wq59-q7v2

CVSS3: 9
github
около 3 лет назад

Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

oracle-oval логотип

ELSA-2018-4262

oracle-oval
больше 6 лет назад

ELSA-2018-4262: qemu security update (IMPORTANT)

EPSS

Процентиль: 78%
0.01153
Низкий

7.6 High

CVSS3

6.5 Medium

CVSS2