CVE-2008-1945 (retired)

Priority
Description
QEMU 0.9.0 does not properly handle changes to removable media, which
allows guest OS users to read arbitrary files on the host OS by using the
diskformat: parameter in the -usbdevice option to modify the disk-image
header to identify a different format, a related issue to CVE-2008-2004.
Notes
 kees> this follows CVE-2008-2004 chronologically.
 kees> xen-utils-3.x is in universe.
 mdeslaur> patch is xen-qemu-usbdisk-no-auto-format.patch in RHEL5
Package
Source: kvm (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Patches:
Vendor:http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
Package
Upstream:needs-triage
Package
Upstream:not-affected
More Information

Updated: 2019-03-26 11:43:51 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)