Release date:
Updated on:
Affected Systems:
QEMU 0.9.1
QEMU 0.9
QEMU 0.8.2
QEMU 0.6.1
QEMU 0.10.6
QEMU 0.10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48659
Cve id: CVE-2011-2527
QEMU is an open source simulator software.
Qemu kvm has the Local Security Restriction Bypass Vulnerability in the implementation of the-runas parameter. Local attackers can exploit this vulnerability to bypass security restrictions and obtain illegal read/write permissions for some files.
<* Source: Andrew griiths (andrewg@tasmail.com)
Link: https://bugs.launchpad.net/qemu/+bug/807893
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://fabrice.bellard.free.fr/qemu/