CVE-2012-2652 - OpenCVE

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*

References

Link	Resource
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169
http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html
http://secunia.com/advisories/50132	Vendor Advisory
http://secunia.com/advisories/50689
http://www.debian.org/security/2012/dsa-2545
http://www.securityfocus.com/bid/53725
http://www.ubuntu.com/usn/USN-1522-1

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-07T20:00:00

Updated: 2014-02-26T14:57:02

Reserved: 2012-05-14T00:00:00

Link: CVE-2012-2652

JSON object: View

NVD Information

Status : Modified

Published: 2012-08-07T20:55:03.360

Modified: 2023-02-13T00:25:07.177

Link: CVE-2012-2652

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E66599D-9EC4-409C-BD26-62EC3B001984", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file."}, {"lang": "es", "value": "La funci\u00f3n bdrv_open en Qemu v1.0 no gestiona de forma adecuada el fallo en la funci\u00f3n mkstemp en un nodo snapshot, lo que permite a usuario locales sobrescribir o leer ficheros a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero temporal no especificado."}], "id": "CVE-2012-2652", "lastModified": "2023-02-13T00:25:07.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-07T20:55:03.360", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169"}, {"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50132"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50689"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2545"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/53725"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1522-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}