CVE-2012-2652

EPSS 0.07%

qemu - multiple

發布日:2012/8/7修改日:2026/4/28

描述

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

受影響套件(3)

Debian/qemufrom 0, < 1.1.0+dfsg-1
Debian/qemufrom 0, < 0.12.5+dfsg-3squeeze2
Debian/qemu-kvmfrom 0, < 0.12.5+dfsg-5+squeeze9

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-2652