QEMU CVE-2018-16867 Directory Traversal Vulnerability
BID:106195
CVE-2018-16867 |Info
QEMU CVE-2018-16867 Directory Traversal Vulnerability
| Bugtraq ID: | 106195 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-16867 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 13 2018 12:00AM |
| Updated: | Jan 18 2019 11:00AM |
| Credit: | Michael Hanselmann |
| Vulnerable: |
QEMU QEMU 3.0 QEMU QEMU 2.12.50 QEMU QEMU 2.12.1 QEMU QEMU 2.12 QEMU QEMU 2.11.2 QEMU QEMU 2.11 QEMU QEMU 2.10 QEMU QEMU 2.9 QEMU QEMU 2.8.1 QEMU QEMU 2.8 QEMU QEMU 2.6 QEMU QEMU 2.5 QEMU QEMU 2.4 QEMU QEMU 2.3.1 QEMU QEMU 2.3 QEMU QEMU 2.2 QEMU QEMU 2.0 QEMU QEMU 1.7.1 QEMU QEMU 1.6 rc3 QEMU QEMU 1.6 RC2 QEMU QEMU 1.6 rc1 QEMU QEMU 0.15.2 QEMU QEMU 0.15.1 QEMU QEMU 0.14 QEMU QEMU 0.13 QEMU QEMU 0.12.4 QEMU QEMU 0.12.3 QEMU QEMU 0.12.2 QEMU QEMU 0.12.1 QEMU QEMU 0.12 QEMU QEMU 0.10.6 QEMU QEMU 0.10.4 QEMU QEMU 0.9.1 QEMU QEMU 0.9 QEMU QEMU 0.8.2 QEMU QEMU 0.6.1 QEMU QEMU 2.8.1.1 QEMU QEMU 2.2 QEMU QEMU 2.1.3 QEMU QEMU 2.1.2 QEMU QEMU 2.1.1 QEMU QEMU 2.1.0 QEMU QEMU 2.0.2 QEMU QEMU 2.0.0 - QEMU QEMU 1.7.12.4 QEMU QEMU 1.6.2 QEMU QEMU 1.6.1 QEMU QEMU 1.6.0 QEMU QEMU 1.5.3 QEMU QEMU 1.5.2 QEMU QEMU 1.5.1 QEMU QEMU 1.5.0 QEMU QEMU 1.4.2 QEMU QEMU 1.4.1 QEMU QEMU 1.4.0 QEMU QEMU 1.3 QEMU QEMU 1.2.0 QEMU QEMU 1.1 QEMU QEMU 1.0.1 QEMU QEMU 1.0 QEMU QEMU 0.8.1 QEMU QEMU 0.8.0 QEMU QEMU 0.7.2 QEMU QEMU 0.7.1 QEMU QEMU 0.7.0 QEMU QEMU 0.6.0 QEMU QEMU 0.5.5 QEMU QEMU 0.5.4 QEMU QEMU 0.5.3 QEMU QEMU 0.5.2 QEMU QEMU 0.5.1 QEMU QEMU 0.5.0 QEMU QEMU 0.4.3 QEMU QEMU 0.4.2 QEMU QEMU 0.4.1 QEMU QEMU 0.4 QEMU QEMU 0.3 QEMU QEMU 0.2 QEMU QEMU 0.14.1 QEMU QEMU 0.12.5 QEMU QEMU 0.11.1 QEMU QEMU 0.11.0 QEMU QEMU 0.10.5 QEMU QEMU 0.10.3 QEMU QEMU 0.10.2 QEMU QEMU 0.10.1 QEMU QEMU 0.10.0 QEMU QEMU 0.10 QEMU QEMU 0.1.6 QEMU QEMU 0.1.5 QEMU QEMU 0.1.4 QEMU QEMU 0.1.3 QEMU QEMU 0.1.2 QEMU QEMU 0.1.1 QEMU QEMU 0.1 Oracle Linux 7 |
| Not Vulnerable: |
QEMU QEMU 3.1 |
Discussion
QEMU CVE-2018-16867 Directory Traversal Vulnerability
QEMU is prone to a directory-traversal vulnerability.
An attacker can exploit this issue using directory-traversal characters ('../') to overwrite arbitrary files to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to QEMU 3.1.0 are vulnerable.
QEMU is prone to a directory-traversal vulnerability.
An attacker can exploit this issue using directory-traversal characters ('../') to overwrite arbitrary files to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to QEMU 3.1.0 are vulnerable.
Exploit / POC
QEMU CVE-2018-16867 Directory Traversal Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
QEMU CVE-2018-16867 Directory Traversal Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
QEMU CVE-2018-16867 Directory Traversal Vulnerability
References:
References:
- [Qemu-devel] [PULL 2/2] usb-mtp: outlaw slashes in filenames (QEMU)
- Bug 1654885 (CVE-2018-16867) - CVE-2018-16867 QEMU: dev-mtp: path traversal in u (Red Hat Bugzilla)
- CVE-2018-16867 (Red Hat Bugzilla)
- QEMU Homepage (QEMU)
- Oracle Linux Bulletin - (Oracle)