A potential directory traversal issue was found in the tftp server of the SLiRP user-mode networking implementation used by QEMU. It could occur on Windows host, as it allows to use both forward ('/') and backward slash('\') tokens as separators in a file path. A user able to access the tftp server could use this flaw to access undue files by using relative paths. Upstream patch: --------------- -> https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 Reference: ---------- -> https://www.openwall.com/lists/oss-security/2020/01/17/2
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1792132]
External References: https://www.voidsecurity.in/2019/01/virtualbox-tftp-server-pxe-boot.html
Acknowledgments: Name: Reno Robert
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-7211
Statement: This issue affects user-mode or SLiRP networking implementation of the QEMU emulator. Though qemu-kvm package is built with SLiRP networking support, due to its limitations, it is not used by the virtual machine guests by default. This issue does not affect the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 5, 6, 7, 8, Red Hat OpenStack, Red Hat Virtualization and Red Hat Enterprise Linux Advanced Virtualization 8.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days