CVE-2008-1945 Affecting qemu package, versions <0.9.1-5
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.06% (24th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-QEMU-529116
- published 8 Aug 2008
- disclosed 8 Aug 2008
Introduced: 8 Aug 2008
CVE-2008-1945 Open this link in a new tabHow to fix?
Upgrade Debian:11
qemu
to version 0.9.1-5 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream qemu
package and not the qemu
package as distributed by Debian
.
See How to fix?
for Debian:11
relevant fixed versions and status.
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
References
- https://security-tracker.debian.org/tracker/CVE-2008-1945
- http://www.debian.org/security/2009/dsa-1799
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905
- https://rhn.redhat.com/errata/RHSA-2008-0892.html
- http://secunia.com/advisories/32063
- http://secunia.com/advisories/32088
- http://secunia.com/advisories/34642
- http://secunia.com/advisories/35031
- http://secunia.com/advisories/35062
- http://www.securityfocus.com/bid/30604
- http://www.securitytracker.com/id?1020959
- http://www.ubuntu.com/usn/usn-776-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44269
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162