Description
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.
References (8)
Core 8
Core References
Patch x_refsource_confirm
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169
Patch x_refsource_confirm
http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50132
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50689
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1522-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53725
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2545
Scores
EPSS
0.0006
EPSS Percentile
20.1%
Details
Status
published
Products (1)
qemu/qemu
1.0
Published
Aug 07, 2012
Tracked Since
Feb 18, 2026