National Cyber Awareness System

Vulnerability Summary for CVE-2011-2527

Overview

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugs.launchpad.net/qemu/+bug/807893

Hyperlink:https://bugs.launchpad.net/qemu/+bug/807893

External Source: XF

Name: qemu-runas-priv-escalation(68539)

Hyperlink:http://xforce.iss.net/xforce/xfdb/68539

External Source: BID

Name: 48659

Hyperlink:http://www.securityfocus.com/bid/48659

External Source: OSVDB

Name: 74752

Hyperlink:http://www.osvdb.org/74752

External Source: MLIST

Name: [oss-security] 20110712 CVE Request: qemu -runas does not clear supplementary groups

Hyperlink:http://www.openwall.com/lists/oss-security/2011/07/12/5

External Source: MLIST

Name: [oss-security] 20110712 Re: CVE Request: qemu -runas does not clear supplementary groups

Hyperlink:http://www.openwall.com/lists/oss-security/2011/07/12/15

External Source: UBUNTU

Name: USN-1177-1

Hyperlink:http://ubuntu.com/usn/usn-1177-1

External Source: SECUNIA

Name: 47992

Type: Advisory

Hyperlink:http://secunia.com/advisories/47992

External Source: SECUNIA

Name: 47157

Type: Advisory

Hyperlink:http://secunia.com/advisories/47157

External Source: SECUNIA

Name: 45419

Type: Advisory

Hyperlink:http://secunia.com/advisories/45419

External Source: SECUNIA

Name: 45188

Type: Advisory

Hyperlink:http://secunia.com/advisories/45188

External Source: SECUNIA

Name: 45187

Type: Advisory

Hyperlink:http://secunia.com/advisories/45187

External Source: REDHAT

Name: RHSA-2011:1531

Hyperlink:http://rhn.redhat.com/errata/RHSA-2011-1531.html

External Source: SUSE

Name: openSUSE-SU-2012:0207

Hyperlink:http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html

External Source: FEDORA

Name: FEDORA-2012-8604

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html

External Source: DEBIAN

Name: DSA-2282

Hyperlink:http://lists.debian.org/debian-security-announce/2011/msg00156.html