CVE-2011-2527

Severity

21%

Complexity

39%

Confidentiality

48%

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 12 years ago

2012-06-21 15:55:00

Last updated 7 years ago

2017-08-29 01:29:00

Affected Software

QEMU 0.1

0.1

QEMU 0.1.1

0.1.1

QEMU 0.1.2

0.1.2

QEMU 0.1.3

0.1.3

QEMU 0.1.4

0.1.4

QEMU 0.1.5

0.1.5

QEMU 0.1.6

0.1.6

QEMU 0.2

0.2

QEMU 0.3

0.3

QEMU 0.4

0.4

QEMU 0.4.1

0.4.1

QEMU 0.4.2

0.4.2

QEMU 0.4.3

0.4.3

QEMU 0.6.0

0.6.0

QEMU 0.6.1

0.6.1

QEMU 0.7.0

0.7.0

QEMU 0.7.1

0.7.1

QEMU 0.7.2

0.7.2

QEMU 0.8.0

0.8.0

QEMU 0.8.1

0.8.1

QEMU 0.8.2

0.8.2

QEMU 0.9.0

0.9.0

QEMU 0.9.1

0.9.1

QEMU 0.9.1-5

0.9.1-5

QEMU 0.10.0

0.10.0

QEMU 0.10.1

0.10.1

QEMU 0.10.2

0.10.2

QEMU 0.10.3

0.10.3

QEMU 0.10.4

0.10.4

QEMU 0.10.5

0.10.5

QEMU 0.10.6

0.10.6

QEMU 0.11.0

0.11.0

QEMU 0.11.0-rc0

0.11.0

QEMU 0.11.0 release candidate 1

0.11.0

QEMU 0.11.0 release candidate 2

0.11.0

QEMU 0.11.0-rc0

0.11.0-rc0

QEMU 0.11.0-rc1

0.11.0-rc1

QEMU 0.11.0-rc2

0.11.0-rc2

QEMU 0.11.1

0.11.1

QEMU 0.12.0

0.12.0

QEMU 0.12.0 release candidate 1

0.12.0

QEMU 0.12.0 release candidate 2

0.12.0

QEMU 0.12.1

0.12.1

QEMU 0.12.2

0.12.2

QEMU 0.12.3

0.12.3

QEMU 0.12.4

0.12.4

QEMU 0.12.5

0.12.5

QEMU 0.13.0

0.13.0

QEMU 0.13.0 release candidate 0

0.13.0

QEMU 0.13.0 release candidate 1

0.13.0

QEMU

QEMU 0.14.0 release candidate 0

0.14.0

QEMU 0.14.0 release candidate 1

0.14.0

QEMU 0.14.0 release candidate 2

0.14.0

QEMU 0.14.1

0.14.1

QEMU 0.15.0 release candidate 1

0.15.0

QEMU 0.15.0 release candidate 2

0.15.0

References

FEDORA-2012-8604

openSUSE-SU-2012:0207

RHSA-2011:1531

45187

Vendor Advisory

45188

Vendor Advisory

45419

Vendor Advisory

47157

Vendor Advisory

47992

Vendor Advisory

USN-1177-1

[oss-security] 20110712 Re: CVE Request: qemu -runas does not clear supplementary groups

[oss-security] 20110712 CVE Request: qemu -runas does not clear supplementary groups

74752

48659

https://bugs.launchpad.net/qemu/+bug/807893

qemu-runas-priv-escalation(68539)

DSA-2282

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.