Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-16867

Опубликовано: 03 дек. 2018
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

A flaw was found in QEMU's Media Transfer Protocol (MTP) where a path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper file name sanitization. Reading and writing of arbitrary files is allowed when a guest device is mounted which may lead to a denial of service scenario or possibly lead to code execution on the host.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 7qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 8qemu-kvmNot affected
Red Hat OpenStack Platform 10 (Newton)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 12 (Pike)qemu-kvm-rhevNot affected
Red Hat OpenStack Platform 13 (Queens)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1654885QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)

EPSS

Процентиль: 27%
0.0009
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-16867

CVSS3: 7.8
ubuntu
больше 6 лет назад

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

nvd логотип

CVE-2018-16867

CVSS3: 7.8
nvd
больше 6 лет назад

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

debian логотип

CVE-2018-16867

CVSS3: 7.8
debian
больше 6 лет назад

A flaw was found in qemu Media Transfer Protocol (MTP) before version ...

github логотип

GHSA-6ch3-xhrw-w89m

CVSS3: 7.8
github
около 3 лет назад

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

oracle-oval логотип

ELSA-2018-4313

oracle-oval
больше 6 лет назад

ELSA-2018-4313: qemu security update (IMPORTANT)

EPSS

Процентиль: 27%
0.0009
Низкий

7 High

CVSS3