oss-sec mailing list archives
CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)
From: P J P <ppandit () redhat com>
Date: Thu, 6 Dec 2018 14:38:32 +0530 (IST)
Hello,A flaw was found in qemu Media Transfer Protocol (MTP). A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html This issue was reported by Michael Hanselmann of hansmi.ch. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Current thread:
- CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP) P J P (Dec 06)