[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2020-7211 QEMU: Slirp: potential directory traversal using relative paths via tft
From: P J P <ppandit () redhat ! com>
Date: 2020-01-17 7:15:51
Message-ID: nycvar.YSQ.7.76.2001171230050.223874 () xnncv
[Download RAW message or body]
Hello,
A potential directory traversal issue was found in the tftp server of the
SLiRP user-mode networking implementation used by QEMU. It could occur on
Windows host, as it allows to use both forward ('/') and backward slash('\')
tokens as separators in a file path.
A user able to access the tftp server could use this flaw to access undue
files by using relative paths.
Upstream patch:
---------------
-> https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
'CVE-2020-7211' assigned via -> https://cveform.mitre.org/
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic