Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
| Link | Tags |
|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html | third party advisory mailing list |
| http://www.securitytracker.com/id/1037604 | vdb entry third party advisory |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | third party advisory mailing list |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602 | issue tracking third party advisory |
| http://www.openwall.com/lists/oss-security/2017/01/17/12 | third party advisory mailing list |
| https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html | third party advisory mailing list |
| https://security.gentoo.org/glsa/201704-01 | third party advisory vendor advisory |
| http://www.securityfocus.com/bid/95461 | vdb entry third party advisory |