exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2011-2527

Status Candidate

Overview

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

Related Files

Red Hat Security Advisory 2011-1531-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1531-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line with the "-runas" option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2011-2527
SHA-256 | 16923c194b532ddc6c8d7a2dcc4465a1625af19775eb04b43ffaf4553809d229
Ubuntu Security Notice USN-1177-1
Posted Jul 27, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1177-1 - Andrew Griffiths discovered that QEMU did not correctly drop privileges when using the 'runas' argument. Under certain circumstances a local attacker could exploit this to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2011-2527
SHA-256 | 2db2352dca97c03e93a4de8cf6727155b5bccf0dc86d6436fc53e270444efcdd
Debian Security Advisory 2282-1
Posted Jul 25, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2282-1 - Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2011-2212, CVE-2011-2527
SHA-256 | 4fa44e9efca1c5b557bed9d0c7b29b0c56e7c7e66d15cbe2066edfaf181e51e0
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close