|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
QEMU: file corruption via 9pfs
Synthesis of the vulnerability
A local attacker can create a symbolic link, in order to access files with the privileges of QEMU on the host system.
Impacted products: Debian, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Creation date: 17/01/2017.
Revision date: 17/02/2017.
Identifiers: 1035, CVE-2016-9602, DLA-1035-1, DLA-965-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:2946-1, SUSE-SU-2017:2963-1, SUSE-SU-2017:2969-1, USN-3261-1, USN-3268-1, VIGILANCE-VUL-21595.
Description of the vulnerability
The QEMU product implements the filesystem from Plan 9 named "9pfs".
It may be used to share files between the host and process in the guest system in QEMU. However, when QEMU follows a symbolic link, it does not distinguish between filenames and directory names. This allows a guest process to open a non shared file on the host.
A local attacker can therefore create a symbolic link, in order to access files with the privileges of QEMU on the host system.
Complete Vigil@nce bulletin.... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computer vulnerability alert. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.