CVE-2011-2527

Qemu < 0.14.0 - Privilege Escalation via -runas Option

Title source: llm
STIX 2.1

Description

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

References (16)

Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68539
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/12/5
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48659
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/12/15
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2011/dsa-2282
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47992
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45419
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/qemu/+bug/807893
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/74752
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47157
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45188
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1177-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45187
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2011-1531.html

Scores

EPSS 0.0009
EPSS Percentile 24.9%

Details

CWE
CWE-264
Status published
Products (43)
qemu/qemu 0.1.0
qemu/qemu 0.1.1
qemu/qemu 0.1.2
qemu/qemu 0.1.3
qemu/qemu 0.1.4
qemu/qemu 0.1.5
qemu/qemu 0.1.6
qemu/qemu 0.2.0
qemu/qemu 0.3.0
qemu/qemu 0.4.0
... and 33 more
Published Jun 21, 2012
Tracked Since Feb 18, 2026