[v3.1] qemu: tmp vulns (CVE-2015-4037)
So some suspicious looking tmp usage in qemu …
snprintf(ssmb_dir,
sizeof(s>smb_dir), "/tmp/qemu-smb.%ld%d“,>smb_dir);
(long)getpid(), instance);
if (mkdir(s->smb_dir, 0700) < 0) {
error_report(”could not create samba server dir ’%s’",
s
return –1;
The simplest attack would be a DoS in which someone creates
/tmp/qemu-smb.- files to prevent the legitimate creation of
s->smb_dir (mkdir will not follow a symlink).
Reference: http://www.openwall.com/lists/oss-security/2015/05/23/4
(from redmine: issue id 4327, created on 2015-06-15, closed on 2015-08-05)
- Relations:
- parent #4324 (closed)
- Changesets:
- Revision b94b5d00 by Natanael Copa on 2015-08-05T10:03:44Z:
main/qemu: security fix for CVE-2015-4037
ref #4324
fixes #4327