CVE
- Id
- 50439
- CVE No.
- CVE-2011-2527
- Status
- Candidate
- Description
- The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
- Phase
- Assigned (20110615)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 545387 | 50439 | CVE-2011-2527 | MLIST:[oss-security] 20110712 CVE Request: qemu -runas does not clear supplementary groups | View |
| 545388 | 50439 | CVE-2011-2527 | URL:http://www.openwall.com/lists/oss-security/2011/07/12/5 | View |
| 545389 | 50439 | CVE-2011-2527 | MLIST:[oss-security] 20110712 Re: CVE Request: qemu -runas does not clear supplementary groups | View |
| 545390 | 50439 | CVE-2011-2527 | URL:http://www.openwall.com/lists/oss-security/2011/07/12/15 | View |
| 545391 | 50439 | CVE-2011-2527 | CONFIRM:https://bugs.launchpad.net/qemu/+bug/807893 | View |
| 545392 | 50439 | CVE-2011-2527 | DEBIAN:DSA-2282 | View |
| 545393 | 50439 | CVE-2011-2527 | URL:https://www.debian.org/security/2011/dsa-2282 | View |
| 545394 | 50439 | CVE-2011-2527 | FEDORA:FEDORA-2012-8604 | View |
| 545395 | 50439 | CVE-2011-2527 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html | View |
| 545396 | 50439 | CVE-2011-2527 | REDHAT:RHSA-2011:1531 | View |
| 545397 | 50439 | CVE-2011-2527 | URL:http://rhn.redhat.com/errata/RHSA-2011-1531.html | View |
| 545398 | 50439 | CVE-2011-2527 | SUSE:openSUSE-SU-2012:0207 | View |
| 545399 | 50439 | CVE-2011-2527 | URL:http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html | View |
| 545400 | 50439 | CVE-2011-2527 | UBUNTU:USN-1177-1 | View |
| 545401 | 50439 | CVE-2011-2527 | URL:http://ubuntu.com/usn/usn-1177-1 | View |
| 545402 | 50439 | CVE-2011-2527 | BID:48659 | View |
| 545403 | 50439 | CVE-2011-2527 | URL:http://www.securityfocus.com/bid/48659 | View |
| 545404 | 50439 | CVE-2011-2527 | OSVDB:74752 | View |
| 545405 | 50439 | CVE-2011-2527 | URL:http://www.osvdb.org/74752 | View |
| 545406 | 50439 | CVE-2011-2527 | SECUNIA:45187 | View |
| 545407 | 50439 | CVE-2011-2527 | URL:http://secunia.com/advisories/45187 | View |
| 545408 | 50439 | CVE-2011-2527 | SECUNIA:45188 | View |
| 545409 | 50439 | CVE-2011-2527 | URL:http://secunia.com/advisories/45188 | View |
| 545410 | 50439 | CVE-2011-2527 | SECUNIA:45419 | View |
| 545411 | 50439 | CVE-2011-2527 | URL:http://secunia.com/advisories/45419 | View |
| 545412 | 50439 | CVE-2011-2527 | SECUNIA:47157 | View |
| 545413 | 50439 | CVE-2011-2527 | URL:http://secunia.com/advisories/47157 | View |
| 545414 | 50439 | CVE-2011-2527 | SECUNIA:47992 | View |
| 545415 | 50439 | CVE-2011-2527 | URL:http://secunia.com/advisories/47992 | View |
| 545416 | 50439 | CVE-2011-2527 | XF:qemu-runas-priv-escalation(68539) | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 34489 | JVNDB-2011-004731 | Prosody の json.decode 関数におけるサービス運用妨害 (DoS) の脆弱性 | Prosody の util/json.lua の json.decode 関数には、サービス運用妨害 (無限ループ) 状態となる脆弱性が存在します。 | CVE-2011-2532 | 50439 | 5 | http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004731.html | View |
