Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2012-2652

Published: 07/08/2012 Updated: 13/02/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Qemu

Vulnerability Summary

The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu 1.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2012-2652
Debian Bug report logs - #678280 CVE-2012-2652 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Wed, 20 Jun 2012 15:24:02 UTC Severity: grave Tags: patch ...
Ubuntu Security Notice: qemu-kvm vulnerability
QEMU could be made to overwrite files as the administrator, or expose sensitive information ...
Debian Security Advisories: DSA-2545-1 qemu -- multiple vulnerabilities
Multiple vulnerabilities have been discovered in QEMU, a fast processor emulator The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2652: The snapshot mode of QEMU (-snapshot) incorrectly handles temporary files used to store the current state, making it vulnerable to symlink attacks (includin ...
Debian Security Advisories: DSA-2542-1 qemu-kvm -- multiple vulnerabilities
Multiple vulnerabilities have been discovered in KVM, a full virtualization solution on x86 hardware The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2652: The snapshot mode of QEMU (-snapshot) incorrectly handles temporary files used to store the current state, making it vulnerable to symli ...

References

NVD-CWE-Otherhttp://www.ubuntu.com/usn/USN-1522-1http://secunia.com/advisories/50132http://www.securityfocus.com/bid/53725http://www.debian.org/security/2012/dsa-2545http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.htmlhttp://secunia.com/advisories/50689http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=loghttp://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678280https://usn.ubuntu.com/1522-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook