CVE-2008-4553Link Following in Qemu

CWE-59Link Following4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 90.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
QemuDebian Qemu
Timeline
PublishedOct 15
Latest updateMay 2

Description

qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

debiandebian/qemu< qemu 0.9.1-6 (bookworm)
Debianqemu/qemu< 0.9.1-6+3
NVDqemu/qemu0.9.1-5

🔴Vulnerability Details

2
GHSA
GHSA-5642-4rj6-w59m: qemu-make-debian-root in qemu 02022-05-02
OSV
CVE-2008-4553: qemu-make-debian-root in qemu 02008-10-15

📋Vendor Advisories

1
Debian
CVE-2008-4553: qemu - qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to ...2008