Bug 1292211 (CVE-2015-8556) - CVE-2015-8556 Qemu: virtfs: local privilege escalation via virtfs-proxy-helper
Summary: CVE-2015-8556 Qemu: virtfs: local privilege escalation via virtfs-proxy-helper
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2015-8556
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1291751
TreeView+ depends on / blocked
 
Reported: 2015-12-16 18:17 UTC by Prasad J Pandit
Modified: 2021-02-17 04:35 UTC (History)
37 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A Time of Creation To Time of Usage (TOCTTOU) flaw was discovered in the QEMU emulator built with VirtFS(file system pass-through) support to share folders between host and guest. The flaw occurs if the 'virtfs-proxy-helper' program is installed with SUID permissions or has 'CAP_CHOWN' capability. An unprivileged, local attacker could exploit this flaw to potentially escalate their privileges and gain root access to the system.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:46:38 UTC


Attachments (Terms of Use)

Description Prasad J Pandit 2015-12-16 18:17:22 UTC
Qmeu emulator built with the VirtFS(file system pass-through) support to share
folders between host and guest is vulnerable to a Time of Creation To Time of
Usage(TOCTTOU) issue. This occurs if the 'virtfs-proxy-helper' program is
installed with SUID permissions OR has 'CAP_CHOWN' capability.

An unprivileged user could use this flaw to potentially escalate their privileges to gain root access on the system.

References:
-----------
  -> http://wiki.qemu.org/Documentation/9psetup
  -> http://www.openwall.com/lists/oss-security/2015/12/14/5
  -> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=183dd7394703b49c7af441a

Comment 1 Prasad J Pandit 2015-12-16 18:19:11 UTC
Statement: 

This issue does not affect the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5.

This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, and the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 7.

This issue does not affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.


Note You need to log in before you can comment on or make changes to this bug.