CVE-2008-2004 — Sensitive Information Exposure in Qemu

CWE-200 — Sensitive Information Exposure48 documents9 sources

Severity

4.9MEDIUMNVD

NVD3.3NVD2.1OSV2.1

EPSS

0.1%

top 74.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian XEN +9 more

Timeline

PublishedMay 12

Latest updateMay 17

Description

The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

CVSS vector

AV:L/AC:L/C:C/I:N/A:NExploitability: 3.9 | Impact: 6.9

Affected Packages10 packages

▶debiandebian/qemu< qemu 1.5.0+dfsg-1 (bookworm)+1

▶Debianqemu/qemu< 0.9.1-5+7

▶NVDqemu/qemu0.9.0, 0.9.1+1

▶debiandebian/xen< qemu 1.5.0+dfsg-1 (bookworm)

▶NVDxen/xen4.2.0, 4.2.1, 4.2.2+2

Also affects: Debian Linux 4.0, 5.0, Ubuntu Linux 8.04, 8.10, Enterprise Linux 5.2

🔴Vulnerability Details

GHSA

GHSA-v7fq-6h69-259m: qemu-nbd in QEMU, as used in Xen 4↗2022-05-17

▶

GHSA

GHSA-vvm6-gvx4-5r3v: QEMU 0↗2022-05-01

▶

GHSA

GHSA-rx7x-x8p7-jfcr: The drive_init function in QEMU 0↗2022-05-01

▶

OSV

CVE-2013-1922: qemu-nbd in QEMU, as used in Xen 4↗2013-05-13

▶

OSV

CVE-2008-1945: QEMU 0↗2008-08-08

▶

💥Exploits & PoCs

Exploit-DB

HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)↗2016-05-31

▶

Exploit-DB

HP Data Protector A.09.00 - Arbitrary Command Execution↗2016-05-26

▶

Exploit-DB

greeting card - Arbitrary File Upload↗2010-06-06

▶

Exploit-DB

GarageSales - Arbitrary File Upload↗2010-04-09

▶

Exploit-DB

Hammer Software MetaGauge 1.0.0.17 - Directory Traversal↗2008-10-06

▶

📋Vendor Advisories

Red Hat

kvm: qemu-nbd block format auto-detection vulnerability↗2013-04-15

▶

Debian

CVE-2013-1922: qemu - qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk imag...↗2013

▶

Ubuntu

KVM regression↗2009-05-13

▶

Ubuntu

KVM vulnerabilities↗2009-05-12

▶

Red Hat

perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1↗2008-11-19

▶

🕵️Threat Intelligence

Unit42

Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350↗2020-07-21

▶

💬Community

Bugzilla

CVE-2013-1922 qemu, qemu-kvm, kvm: qemu-nbd block format auto-detection vulnerability↗2013-03-19

▶

Bugzilla

CVE-2009-1887 net-snmp: DoS (division by zero) via SNMP GetBulk requests↗2009-06-19

▶

Bugzilla

CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1↗2008-11-28

▶

Bugzilla

CVE-2008-2827 perl: insecure use of chmod in rmtree↗2008-06-24

▶

Bugzilla

CVE-2008-1945 qemu/kvm/xen: add image format options for USB storage and removable media↗2008-05-09

▶