CVE-2008-1945
08.08.2008, 19:41
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| qemu | qemu | 0.9.0 |
| opensuse | opensuse | 10.3 |
| opensuse | opensuse | 11.0 |
| opensuse | opensuse | 11.1 |
| debian | debian_linux | 4.0 |
| debian | debian_linux | 5.0 |
| canonical | ubuntu_linux | 8.04 |
| canonical | ubuntu_linux | 8.10 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_eus | 5.2 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_workstation | 5.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| kvm |
| ||||||||||||||||||||||
| qemu |
| ||||||||||||||||||||||
| qemu-kvm |
| ||||||||||||||||||||||
| xen-3.0 |
| ||||||||||||||||||||||
| xen-3.1 |
| ||||||||||||||||||||||
| xen-3.2 |
| ||||||||||||||||||||||
| xen-3.3 |
|
openSUSE / SLES Releases
openSUSE Product | |||||
|---|---|---|---|---|---|
| qemu |
| ||||
| qemu-block-curl |
| ||||
| qemu-block-iscsi |
| ||||
| qemu-block-rbd |
| ||||
| qemu-block-ssh |
| ||||
| qemu-guest-agent |
| ||||
| qemu-ipxe |
| ||||
| qemu-kvm |
| ||||
| qemu-lang |
| ||||
| qemu-seabios |
| ||||
| qemu-sgabios-8 |
| ||||
| qemu-vgabios |
| ||||
| qemu-x86 |
|
References