[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2020-7211 QEMU: Slirp: potential directory traversal using relative paths via tft
From:       P J P <ppandit () redhat ! com>
Date:       2020-01-17 7:15:51
Message-ID: nycvar.YSQ.7.76.2001171230050.223874 () xnncv
[Download RAW message or body]

   Hello,

A potential directory traversal issue was found in the tftp server of the 
SLiRP user-mode networking implementation used by QEMU. It could occur on 
Windows host, as it allows to use both forward ('/') and backward slash('\') 
tokens as separators in a file path.

A user able to access the tftp server could use this flaw to access undue 
files by using relative paths.

Upstream patch:
---------------
   -> https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4

'CVE-2020-7211' assigned via -> https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

[prev in list] [next in list] [prev in thread] [next in thread]