Main Vulnerability Database Vulnerabilities #VU16522

#VU16522 Path traversal in QEMU - CVE-2018-16867

Published: December 13, 2018 / Updated: December 13, 2018

Vulnerability identifier: #VU16522

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-16867

CWE-ID: CWE-22

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
QEMU

Software vendor:
QEMU

Description

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The vulnerability exists in qemu Media Transfer Protocol (MTP) due to an improper filename sanitization. When the guest device is mounted in read-write mode, an adjacent attacker can conduct directory traversal attack in the in usb_mtp_write_data function in hw/usb/dev-mtp.c to read/write arbitrary files which may lead do DoS scenario or arbitrary code execution on the host.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 3.1.0.

External links

https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html

#VU16522 Path traversal in QEMU - CVE-2018-16867

Description

Remediation

External links

Please verify you're human