6

CVE-2016-7116

Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.6.2
QemuQemu Version2.7.0 Updaterc0
QemuQemu Version2.7.0 Updaterc1
QemuQemu Version2.7.0 Updaterc2
QemuQemu Version2.7.0 Updaterc3
QemuQemu Version2.7.0 Updaterc4
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.6% 0.442
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 1.5 4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201609-01
Third Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=56f101ecce0eafd09e2daf1c4eeb1377d6959261
http://www.openwall.com/lists/oss-security/2016/08/30/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/08/30/3
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/92680
Third Party Advisory
VDB Entry
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03917.html
Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04231.html
Third Party Advisory