Bug 425101 (CVE-2007-6328)
Summary: | CVE-2007-6328 dosbox: access to filesystem of host system | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Andreas Bierfert <andreas.bierfert> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6328 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-12-17 17:28:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2007-12-14 16:15:23 UTC
Allowing uncontrolled access to filesystem outside of the emulated DOS system seems to be a design decision for DOSBox, even though it may not be common for other emulators / virtualization solution. Given upstream statement mentioned in original report, this probably won't get changed soon. Andreas, have you possibly heard some other feedback from DOSBox community about this announcement? No I have to. But from reading through the report this is nothing new imho. DOSBox has allowed this for a long time. The assessment of it being a potential risk is right _but_ it is not like a hidden magic feature but clear from design so I would say that this is nothing we have to worry about for now. Given this is design decision and upstream does not seem to change this any time soon, I'm closing this as WONTFIX. If upstream decision is changed in the future, we will likely follow shortly after by moving to new upstream release, but it does not seem to make sense to do fork at the moment. |