CVE-2008-1945
QEMU 0.9.0 - Arbitrary File Read via Removable Media Disk-Image Header Manipulation
Title source: llmDescription
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
References (14)
Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44269
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-776-1
Third Party Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2008-0892.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020959
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35062
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32088
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32063
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34642
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30604
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1799
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35031
Scores
EPSS
0.0009
EPSS Percentile
25.2%
Details
Status
published
Products (14)
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
8.10
debian/debian_linux
4.0
debian/debian_linux
5.0
opensuse/opensuse
10.3
opensuse/opensuse
11.0
opensuse/opensuse
11.1
qemu/qemu
0.9.0
redhat/enterprise_linux_desktop
5.0
redhat/enterprise_linux_eus
5.2
... and 4 more
Published
Aug 08, 2008
Tracked Since
Feb 18, 2026