Computer Security
[EN] securityvulns.ru no-pyccku


QEMU sumbolic links vulnerability
Published:06.08.2012
Source:
SecurityVulns ID:12498
Type:local
Threat Level:
5/10
Description:Symbolic links vulnerability on snapshot creation.
Affected:QEMU : qemu 0.14
CVE:CVE-2012-2652 (The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.)
Original documentdocumentUBUNTU, [USN-1522-1] QEMU vulnerability (06.08.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod