[v3.2] qemu: tmp vulns (CVE-2015-4037)
So some suspicious looking tmp usage in qemu …
snprintf(ssmb_dir,
sizeof(s>smb_dir), "/tmp/qemu-smb.%ld%d“,>smb_dir);
(long)getpid(), instance);
if (mkdir(s->smb_dir, 0700) < 0) {
error_report(”could not create samba server dir ’%s’",
s
return –1;
The simplest attack would be a DoS in which someone creates
/tmp/qemu-smb.- files to prevent the legitimate creation of
s->smb_dir (mkdir will not follow a symlink).
Reference: http://www.openwall.com/lists/oss-security/2015/05/23/4
(from redmine: issue id 4328, created on 2015-06-15, closed on 2015-08-05)
- Relations:
- parent #4324 (closed)
- Changesets:
- Revision 786a06d1 by Natanael Copa on 2015-07-08T07:59:26Z:
main/qemu: security fix for CVE-2015-4037
ref #4328
- Revision 3397c7cc by Natanael Copa on 2015-07-08T08:01:44Z:
main/qemu: security fix for CVE-2015-4037
ref #4324
fixes #4328
(cherry picked from commit 786a06d135bec56c5f93b9b5a0099cb34957f1da)