Lucene search
Ubuntu.comUB:CVE-2013-1922HistoryApr 15, 2013 - 12:00 a.m.
CVE-2013-1922
2013-04-1500:00:00
ubuntu.com
ubuntu.com
19
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
EPSS
0.001
Percentile
31.5%
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk
image based on the header, which allows local guest OS administrators to
read arbitrary files on the host by modifying the header to identify a
different format, which is used when the guest is restarted, a different
vulnerability than CVE-2008-2004.
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=923219>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705544>
Notes
| Author | Note |
|---|---|
| jdstrand | attack is: privileged attacker in the guest that uses a raw image writes data to beginning of device. Later, someone on the host uses qemu-nbd on the attacker-modified image. When the guest is rebooted, the attacker may have access to other files. On Ubuntu, the preferred virtualization management technology is libvirt. As of USN-1008-1, libvirt does not probe the disk format, which reduces this attack to a denial of server for the guest (ie, the attacker-modified image is not usable on reboot). TODO: review use in nova |
| mdeslaur | patch just introduced new --format option. Default behaviour is still to autodetect. Adding this new option doesn’t fix the issue by itself, so marking as “low” We will not be fixing this issue in Ubuntu 12.04 LTS. |
Related
nvd
nvd
cvelist
cvelist
debiancve
debiancve
prion
prion
Format string
2013-05-13 23:55:00
Format string
2008-05-12 22:20:00
Design/Logic Flaw
2008-08-08 19:41:00
cve
cve
fedora
fedora
[SECURITY] Fedora 19 Update: qemu-1.4.1-1.fc19
2013-04-25 14:18:03
[SECURITY] Fedora 18 Update: qemu-1.2.2-11.fc18
2013-04-26 00:54:36
[SECURITY] Fedora 18 Update: qemu-1.2.2-13.fc18
2013-07-01 01:42:44
nessus
nessus
Fedora 17 : qemu-1.0.1-6.fc17 (2013-6211)
2013-04-30 00:00:00
Fedora 18 : qemu-1.2.2-11.fc18 (2013-6221)
2013-04-26 00:00:00
Fedora 19 : qemu-1.4.1-1.fc19 (2013-6185)
2013-04-26 00:00:00
xen
xen
qemu-nbd format-guessing due to missing format specification
2013-04-15 15:00:00
openvas
openvas
Fedora Update for qemu FEDORA-2013-6221
2013-05-03 00:00:00
Fedora Update for qemu FEDORA-2013-6221
2013-05-03 00:00:00
FreeBSD Ports: qemu, qemu-devel
2008-09-04 00:00:00
ubuntucve
ubuntucve
CVE-2008-2004
2008-05-12 00:00:00
CVE-2008-1945
2008-08-08 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:26:31
freebsd
freebsd
qemu -- "drive_init()" Disk Format Security Bypass
2008-04-28 00:00:00
ubuntu
ubuntu
KVM vulnerabilities
2009-05-12 00:00:00
KVM regression
2009-05-13 00:00:00
oraclelinux
oraclelinux
xen security and bug fix update
2008-05-13 00:00:00
redhat
redhat
(RHSA-2008:0194) Important: xen security and bug fix update
2008-05-13 00:00:00
centos
centos
xen security update
2008-05-16 01:20:08
gentoo
gentoo
Xen: Multiple vulnerabilities
2013-09-27 00:00:00
osv
osv
xen-4.7.0_12-1.3 on GA media
2024-06-15 00:00:00
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
EPSS
0.001
Percentile
31.5%
Related for UB:CVE-2013-1922