CVE-2018-16867

Published: Dec 12, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.1 / Impact: 6.0

Source: NVD

Description

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

Affected (10)

Products: Qemu: Qemu · Fedoraproject: Fedora · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 3.0.0
Qemu Qemu	Version 3.1.0 rc0
Qemu Qemu	Version 3.1.0 rc1
Qemu Qemu	Version 3.1.0 rc2
Qemu Qemu	Version 3.1.0 rc3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (10)

http://www.securityfocus.com/bid/106195

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/

Source: secalert@redhat.com

https://usn.ubuntu.com/3923-1/

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2018/12/06/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/106195

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3923-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openwall.com/lists/oss-security/2018/12/06/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.