Bug 1792130 (CVE-2020-7211)
| Summary: | CVE-2020-7211 QEMU: Slirp: potential directory traversal using relative paths via tftp server on Windows host | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | ailan, amit, areis, berrange, bmontgom, cfergeau, dbecker, dblechte, dfediuck, drjones, dwalsh, dwmw2, eedri, eparis, imammedo, itamar, jburrell, jen, jferlan, jforbes, jjoyce, jnovy, jokerman, jpadman, jschluet, kbasil, knoel, lhh, lpeer, lsm5, marcandre.lureau, m.a.young, mburns, mgoldboi, michal.skrivanek, mkenneth, mrezanin, mst, nstielau, pbonzini, philmd, rbalakri, ribarry, rjones, robinlee.sysu, sbonazzo, sclewis, sherold, slinaber, sponnaga, virt-maint, virt-maint, vkuznets, xen-maint, yturgema |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A potential directory traversal issue was found in the tftp server of the SLiRP user-mode networking implementation used by QEMU. It could occur on a Windows host, as it allows the use of both forward ('/') and backward slash('\') tokens as separators in a file path. A user able to access the tftp server could use this flaw to access undue files by using relative paths.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-01-21 08:10:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1792132, 1792144, 1792145, 1792146, 1792147, 1792148, 1792149, 1792150, 1792151, 1792152, 1792153, 1792154 | ||
| Bug Blocks: | 1693188 | ||
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1792132] External References: https://www.voidsecurity.in/2019/01/virtualbox-tftp-server-pxe-boot.html Acknowledgments: Name: Reno Robert This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-7211 Statement: This issue affects user-mode or SLiRP networking implementation of the QEMU emulator. Though qemu-kvm package is built with SLiRP networking support, due to its limitations, it is not used by the virtual machine guests by default. This issue does not affect the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 5, 6, 7, 8, Red Hat OpenStack, Red Hat Virtualization and Red Hat Enterprise Linux Advanced Virtualization 8. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |
A potential directory traversal issue was found in the tftp server of the SLiRP user-mode networking implementation used by QEMU. It could occur on Windows host, as it allows to use both forward ('/') and backward slash('\') tokens as separators in a file path. A user able to access the tftp server could use this flaw to access undue files by using relative paths. Upstream patch: --------------- -> https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 Reference: ---------- -> https://www.openwall.com/lists/oss-security/2020/01/17/2