| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.8 | $0-$5k | 0.00 |
Summary
A vulnerability was found in QEMU. It has been rated as problematic. This affects an unknown function of the file hw/9pfs/9p.c of the component Export Handler. This manipulation with the input .. causes path traversal.
This vulnerability appears as CVE-2016-7116. The attack requires local access. There is no available exploit.
Upgrading the affected component is advised.
Details
A vulnerability was found in QEMU (Virtualization Software) (version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown function of the file hw/9pfs/9p.c of the component Export Handler. The manipulation with the input value .. leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality, and integrity. The summary by CVE is:
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
The bug was discovered 12/09/2016. The weakness was presented 12/10/2016 by Felix Wilhelm (Website). It is possible to read the advisory at git.qemu.org. This vulnerability is known as CVE-2016-7116 since 08/30/2016. Attacking locally is a requirement. The successful exploitation requires a single authentication. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1006 according to MITRE ATT&CK.
The vulnerability scanner Nessus provides a plugin with the ID 94669 (Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : qemu, qemu-kvm vulnerabilities (USN-3125-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Ubuntu Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 169313 (SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2016:2589-1)).
Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (94669) and SecurityFocus (BID 92680†). See VDB-92520, VDB-93311, VDB-93998 and VDB-93999 for similar entries. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Name
License
Website
- Product: https://www.qemu.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.0VulDB Meta Temp Score: 5.8
VulDB Base Score: 6.0
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.0
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 94669
Nessus Name: Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : qemu, qemu-kvm vulnerabilities (USN-3125-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 69767
OpenVAS Name: Fedora Update for xen FEDORA-2016-689f240960
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: 56f101ecce0eafd09e2daf1c4eeb1377d6959261
Timeline
08/30/2016 🔍08/30/2016 🔍
11/09/2016 🔍
11/10/2016 🔍
12/09/2016 🔍
12/09/2016 🔍
12/10/2016 🔍
12/10/2016 🔍
10/05/2022 🔍
Sources
Product: qemu.orgAdvisory: USN-3125-1
Researcher: Felix Wilhelm
Status: Not defined
Confirmation: 🔍
CVE: CVE-2016-7116 (🔍)
GCVE (CVE): GCVE-0-2016-7116
GCVE (VulDB): GCVE-100-94003
SecurityFocus: 92680 - QEMU File Handling Multiple Directory Traversal Vulnerabilities
See also: 🔍
Entry
Created: 12/10/2016 13:38Updated: 10/05/2022 10:11
Changes: 12/10/2016 13:38 (63), 06/22/2019 18:07 (16), 10/05/2022 10:06 (5), 10/05/2022 10:11 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.