FreeBSD : qemu -- 'drive_init()' Disk Format Security Bypass (8950ac62-1d30-11dd-9388-0211060005df)
Medium Nessus Plugin ID 32147
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSecunia reports :
A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions.
The vulnerability is caused due to the 'drive_init()' function in vl.c determining the format of a disk from data contained in the disk's header. This can be exploited by a malicious user in a guest system to e.g. read arbitrary files on the host by writing a fake header to a raw formatted disk image.
SolutionUpdate the affected packages.