Lucene search

K

PRIOn knowledge basePRION:CVE-2011-2527

HistoryJun 21, 2012 - 3:55 p.m.

Design/Logic Flaw

2012-06-2115:55:00

PRIOn knowledge base

www.prio-n.com

5

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.1%

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

CPENameOperatorVersion
qemueq0.12.2
qemueq0.12.0 rc2
qemueq0.1.6
qemueq0.13.0 rc0
qemueq0.4.2
qemueq0.10.3
qemueq0.11.0-rc1
qemueq0.1.5
qemueq0.13.0
qemueq0.8.2

Rows per page:

1-10 of 571

References

lists.opensuse.org/opensuse-updates/2012-02/msg00009.html

rhn.redhat.com/errata/RHSA-2011-1531.html

secunia.com/advisories/45187

secunia.com/advisories/45188

secunia.com/advisories/45419

secunia.com/advisories/47157

secunia.com/advisories/47992

ubuntu.com/usn/usn-1177-1

www.openwall.com/lists/oss-security/2011/07/12/15

www.openwall.com/lists/oss-security/2011/07/12/5

www.osvdb.org/74752

www.securityfocus.com/bid/48659

bugs.launchpad.net/qemu/+bug/807893

exchange.xforce.ibmcloud.com/vulnerabilities/68539

lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html

www.debian.org/security/2011/dsa-2282

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.1%

Related for PRION:CVE-2011-2527

nvd1 veracode1 openvas10 ubuntu1 redhat1 nessus8 cve1 ubuntucve1 cvelist1 debian1 oraclelinux1 securityvulns2 osv1 fedora1