Vulnerability Description
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | 0.9.0 |
| Opensuse | Opensuse | 10.3 |
| Suse | Linux Enterprise Server | 10 |
| Debian | Debian Linux | 4.0 |
| Canonical | Ubuntu Linux | 8.04 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Eus | 5.2 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Workstation | 5.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlMailing ListThird Party Advisory
- http://secunia.com/advisories/32063Third Party Advisory
- http://secunia.com/advisories/32088Third Party Advisory
- http://secunia.com/advisories/34642Third Party Advisory
- http://secunia.com/advisories/35031Third Party Advisory
- http://secunia.com/advisories/35062Third Party Advisory
- http://www.debian.org/security/2009/dsa-1799Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162Third Party Advisory
- http://www.securityfocus.com/bid/30604Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1020959Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/usn-776-1Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44269Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://rhn.redhat.com/errata/RHSA-2008-0892.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2008-1945?
CVE-2008-1945 is a vulnerability with a CVSS score of 2.1 (LOW). QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify...
How severe is CVE-2008-1945?
CVE-2008-1945 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1945?
Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Opensuse Opensuse, Suse Linux Enterprise Server, Debian Debian Linux, Canonical Ubuntu Linux.