CVE-2012-2652

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-2652 at MITRE

Description

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.38
Vector AV:L/AC:M/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 764526 [CLOSED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Onsite Runner 1.2
  • kvm >= 0.12.5-1.24.1
Patchnames:
slestso12-kvm
SUSE Studio Extension for System z 1.2
  • kvm >= 0.12.5-1.24.1
studioonsite1.2.s390x
SAT Patch Nr: 6757
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
  • kvm >= 0.15.1-0.21.1
sles11-sp2.x86-64
sled11-sp2.x86
sles11-sp2.x86
sled11-sp2.x86-64
SAT Patch Nr: 6455
openSUSE 11.4
  • kvm >= 0.14.0.0-1.20.1
  • kvm-debuginfo >= 0.14.0.0-1.20.1
  • kvm-debugsource >= 0.14.0.0-1.20.1
Patchnames:
openSUSE-2012-364