CVE-2011-2527

Related Files

Red Hat Security Advisory 2011-1531-03

Posted Dec 6, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1531-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line with the "-runas" option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group.

tags | advisory, root

systems | linux, redhat

advisories | CVE-2011-2527

SHA-256 | 16923c194b532ddc6c8d7a2dcc4465a1625af19775eb04b43ffaf4553809d229

Download | Favorite | View

Ubuntu Security Notice USN-1177-1

Posted Jul 27, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1177-1 - Andrew Griffiths discovered that QEMU did not correctly drop privileges when using the 'runas' argument. Under certain circumstances a local attacker could exploit this to escalate privileges.

tags | advisory, local

systems | linux, ubuntu

advisories | CVE-2011-2527

SHA-256 | 2db2352dca97c03e93a4de8cf6727155b5bccf0dc86d6436fc53e270444efcdd

Download | Favorite | View

Debian Security Advisory 2282-1

Posted Jul 25, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2282-1 - Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware.

tags | advisory, x86, vulnerability

systems | linux, debian

advisories | CVE-2011-2212, CVE-2011-2527

SHA-256 | 4fa44e9efca1c5b557bed9d0c7b29b0c56e7c7e66d15cbe2066edfaf181e51e0

Download | Favorite | View