Main Vulnerability Database Vulnerabilities #VU16522

Path traversal in QEMU - CVE-2018-16867

Published: December 13, 2018 / Updated: December 13, 2018

Vulnerability identifier: #VU16522

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-16867

CWE-ID: CWE-22

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: QEMU

Affected software:
QEMU

Detailed vulnerability description

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The vulnerability exists in qemu Media Transfer Protocol (MTP) due to an improper filename sanitization. When the guest device is mounted in read-write mode, an adjacent attacker can conduct directory traversal attack in the in usb_mtp_write_data function in hw/usb/dev-mtp.c to read/write arbitrary files which may lead do DoS scenario or arbitrary code execution on the host.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-16867

Update to version 3.1.0.

Sources

https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html

Path traversal in QEMU - CVE-2018-16867

Detailed vulnerability description

How to mitigate CVE-2018-16867

Sources

Please verify you're human