Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-2527 | First vendor Publication | 2012-06-21 |
| Vendor | Cve | Last vendor Modification | 2020-11-02 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2527 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12960 | |||
| Oval ID: | oval:org.mitre.oval:def:12960 | ||
| Title: | DSA-2282-1 qemu-kvm -- several | ||
| Description: | Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2527 Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2282-1 CVE-2011-2212 CVE-2011-2527 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | qemu-kvm |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14171 | |||
| Oval ID: | oval:org.mitre.oval:def:14171 | ||
| Title: | USN-1177-1 -- qemu-kvm vulnerability | ||
| Description: | qemu-kvm: Machine emulator and virtualizer QEMU could be made to run with adminstrator group privileges under certain circumstances. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1177-1 CVE-2011-2527 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | qemu-kvm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26941 | |||
| Oval ID: | oval:org.mitre.oval:def:26941 | ||
| Title: | RHSA-2011:1531 -- qemu-kvm security, bug fix, and enhancement update (Moderate) | ||
| Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line ("/usr/libexec/qemu-kvm") with the "-runas" option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group. (CVE-2011-2527) Note: This issue only affected qemu-kvm when it was started directly from the command line. It did not affect the Red Hat Enterprise Virtualization platform or applications that start qemu-kvm via libvirt, such as the Virtual Machine Manager (virt-manager). This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. All users of qemu-kvm are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1531 CVE-2011-2527 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | qemu-kvm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27567 | |||
| Oval ID: | oval:org.mitre.oval:def:27567 | ||
| Title: | ELSA-2011-1531 -- qemu-kvm security, bug fix, and enhancement update (moderate) | ||
| Description: | [qemu-kvm-0.12.1.2-2.209.el6] - kvm-hda-do-not-mix-output-and-input-streams-RHBZ-740493-v2.patch [bz#740493] - kvm-hda-do-not-mix-output-and-input-stream-states-RHBZ-740493-v2.patch [bz#740493] - kvm-intel-hda-fix-stream-search.patch [bz#740493] - Resolves: bz#740493 (audio playing doesn't work when sound recorder is opened) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-1531 CVE-2011-2527 | Version: | 3 |
| Platform(s): | Oracle Linux 6 | Product(s): | qemu-kvm |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-09 | Name : RedHat Update for qemu-kvm RHSA-2011:1531-03 File : nvt/gb_RHSA-2011_1531-03_qemu-kvm.nasl |
| 2012-06-08 | Name : Fedora Update for qemu FEDORA-2012-8604 File : nvt/gb_fedora_2012_8604_qemu_fc15.nasl |
| 2011-08-07 | Name : Debian Security Advisory DSA 2282-1 (qemu-kvm) File : nvt/deb_2282_1.nasl |
| 2011-08-02 | Name : Ubuntu Update for qemu-kvm USN-1177-1 File : nvt/gb_ubuntu_USN_1177_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 74752 | qemu-kvm -runas Option Local Privilege Escalation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_kvm-120124.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1531.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-06-08 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8604.nasl - Type : ACT_GATHER_INFO |
| 2012-01-30 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-120116.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1177-1.nasl - Type : ACT_GATHER_INFO |
| 2011-07-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2282.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:16:24 |
|
| 2024-02-01 12:04:42 |
|
| 2023-09-05 12:15:22 |
|
| 2023-09-05 01:04:34 |
|
| 2023-09-02 12:15:26 |
|
| 2023-09-02 01:04:38 |
|
| 2023-08-12 12:18:37 |
|
| 2023-08-12 01:04:39 |
|
| 2023-08-11 12:15:31 |
|
| 2023-08-11 01:04:47 |
|
| 2023-08-06 12:14:55 |
|
| 2023-08-06 01:04:39 |
|
| 2023-08-04 12:14:59 |
|
| 2023-08-04 01:04:40 |
|
| 2023-07-14 12:14:58 |
|
| 2023-07-14 01:04:38 |
|
| 2023-03-29 01:16:53 |
|
| 2023-03-28 12:04:44 |
|
| 2022-10-11 12:13:21 |
|
| 2022-10-11 01:04:23 |
|
| 2021-05-05 01:08:31 |
|
| 2021-05-04 12:14:44 |
|
| 2021-04-22 01:16:03 |
|
| 2020-11-03 09:22:45 |
|
| 2020-11-02 17:22:45 |
|
| 2020-05-23 01:44:50 |
|
| 2020-05-23 00:28:57 |
|
| 2018-09-07 12:05:48 |
|
| 2017-08-29 09:23:17 |
|
| 2016-12-08 09:23:25 |
|
| 2016-06-28 18:42:45 |
|
| 2016-04-26 20:51:59 |
|
| 2014-06-14 13:31:03 |
|
| 2014-02-17 11:03:22 |
|
| 2013-05-10 23:03:17 |
|
