ByteOS Network

Vulnerability Details :

CVE-2008-0928

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-03 Mar, 2008 | 22:00

Updated At-07 Aug, 2024 | 08:01

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:03 Mar, 2008 | 22:00

Updated At:07 Aug, 2024 | 08:01

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html	vendor-advisory x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html	vendor-advisory x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2008-0194.html	vendor-advisory x_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html	vendor-advisory x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html	vendor-advisory x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=433560	x_refsource_CONFIRM
http://secunia.com/advisories/34642	third-party-advisory x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:016	vendor-advisory x_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162	vendor-advisory x_refsource_MANDRIVA
http://marc.info/?l=debian-security&m=120343592917055&w=2	mailing-list x_refsource_MLIST
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html	vendor-advisory x_refsource_FEDORA
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html	vendor-advisory x_refsource_FEDORA
http://secunia.com/advisories/29963	third-party-advisory x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706	vdb-entry signature x_refsource_OVAL
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html	vendor-advisory x_refsource_SUSE
http://secunia.com/advisories/29129	third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/28001	vdb-entry x_refsource_BID
http://www.debian.org/security/2009/dsa-1799	vendor-advisory x_refsource_DEBIAN
http://secunia.com/advisories/29136	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/35031	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29081	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29172	third-party-advisory x_refsource_SECUNIA

Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0194.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=433560

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/34642

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:016

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: http://marc.info/?l=debian-security&m=120343592917055&w=2

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://secunia.com/advisories/29963

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://secunia.com/advisories/29129

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securityfocus.com/bid/28001

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.debian.org/security/2009/dsa-1799

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://secunia.com/advisories/29136

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/35031

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/29081

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/29172

Resource:

third-party-advisory

x_refsource_SECUNIA

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html	vendor-advisory x_refsource_FEDORA x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0194.html	vendor-advisory x_refsource_REDHAT x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html	vendor-advisory x_refsource_FEDORA x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html	vendor-advisory x_refsource_FEDORA x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=433560	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/34642	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:016	vendor-advisory x_refsource_MANDRIVA x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162	vendor-advisory x_refsource_MANDRIVA x_transferred
http://marc.info/?l=debian-security&m=120343592917055&w=2	mailing-list x_refsource_MLIST x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html	vendor-advisory x_refsource_FEDORA x_transferred
http://secunia.com/advisories/29963	third-party-advisory x_refsource_SECUNIA x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706	vdb-entry signature x_refsource_OVAL x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html	vendor-advisory x_refsource_SUSE x_transferred
http://secunia.com/advisories/29129	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securityfocus.com/bid/28001	vdb-entry x_refsource_BID x_transferred
http://www.debian.org/security/2009/dsa-1799	vendor-advisory x_refsource_DEBIAN x_transferred
http://secunia.com/advisories/29136	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/35031	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/29081	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/29172	third-party-advisory x_refsource_SECUNIA x_transferred

Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0194.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=433560

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/34642

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:016

Resource:

vendor-advisory

x_refsource_MANDRIVA

x_transferred

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

Resource:

vendor-advisory

x_refsource_MANDRIVA

x_transferred

Hyperlink: http://marc.info/?l=debian-security&m=120343592917055&w=2

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://secunia.com/advisories/29963

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://secunia.com/advisories/29129

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securityfocus.com/bid/28001

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.debian.org/security/2009/dsa-1799

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://secunia.com/advisories/29136

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/35031

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/29081

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/29172

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:03 Mar, 2008 | 22:44

Updated At:02 Nov, 2020 | 14:39

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.7	MEDIUM	AV:L/AC:M/Au:N/C:C/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.7

Base severity: MEDIUM

Vector:

AV:L/AC:M/Au:N/C:C/I:N/A:N

CPE Matches

QEMU

>>qemu>>0.1.0

cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*

QEMU

>>qemu>>0.1.1

cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*

QEMU

>>qemu>>0.1.2

cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*

QEMU

>>qemu>>0.1.3

cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*

QEMU

>>qemu>>0.1.4

cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*

QEMU

>>qemu>>0.1.5

cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*

QEMU

>>qemu>>0.1.6

cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*

QEMU

>>qemu>>0.2.0

cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*

QEMU

>>qemu>>0.3.0

cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*

QEMU

>>qemu>>0.4.0

cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*

QEMU

>>qemu>>0.4.1

cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*

QEMU

>>qemu>>0.4.2

cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*

QEMU

>>qemu>>0.4.3

cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*

QEMU

>>qemu>>0.5.0

cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*

QEMU

>>qemu>>0.5.1

cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*

QEMU

>>qemu>>0.5.2

cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*

QEMU

>>qemu>>0.5.3

cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*

QEMU

>>qemu>>0.5.4

cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*

QEMU

>>qemu>>0.5.5

cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*

QEMU

>>qemu>>0.6.0

cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*

QEMU

>>qemu>>0.6.1

cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*

QEMU

>>qemu>>0.7.0

cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*

QEMU

>>qemu>>0.7.1

cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*

QEMU

>>qemu>>0.7.2

cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*

QEMU

>>qemu>>0.8.0

cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*

QEMU

>>qemu>>0.8.1

cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*

QEMU

>>qemu>>0.8.2

cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*

QEMU

>>qemu>>0.9.0

cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*

QEMU

>>qemu>>0.9.1

cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html	cve@mitre.org	N/A
http://marc.info/?l=debian-security&m=120343592917055&w=2	cve@mitre.org	N/A
http://secunia.com/advisories/29081	cve@mitre.org	N/A
http://secunia.com/advisories/29129	cve@mitre.org	N/A
http://secunia.com/advisories/29136	cve@mitre.org	N/A
http://secunia.com/advisories/29172	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/29963	cve@mitre.org	N/A
http://secunia.com/advisories/34642	cve@mitre.org	N/A
http://secunia.com/advisories/35031	cve@mitre.org	N/A
http://www.debian.org/security/2009/dsa-1799	cve@mitre.org	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162	cve@mitre.org	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:016	cve@mitre.org	N/A
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html	cve@mitre.org	N/A
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2008-0194.html	cve@mitre.org	N/A
http://www.securityfocus.com/bid/28001	cve@mitre.org	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=433560	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706	cve@mitre.org	N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html	cve@mitre.org	N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html	cve@mitre.org	N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html	cve@mitre.org	N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html	cve@mitre.org	N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://marc.info/?l=debian-security&m=120343592917055&w=2

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/29081

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/29129

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/29136

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/29172

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/29963

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/34642

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/35031

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2009/dsa-1799

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:016

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0194.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/28001

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=433560

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html

Source: cve@mitre.org

Resource: N/A

Similar CVEs

2Records found

CVE-2009-4358

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.7||MEDIUM

EPSS-0.05% / 13.38%

7 Day CHG~0.00%

Published-20 Dec, 2009 | 02:00

Updated-16 Sep, 2024 | 18:55

freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory (/var/db/freebsd-update by default), which allows local users to read copies of sensitive files after a (1) freebsd-update fetch (fetch) or (2) freebsd-update upgrade (upgrade) operation.

Vendor-n/a FreeBSD Foundation

Product-freebsd n/a

CWE ID-CWE-264

Not Available

CVE-2009-3564

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.7||MEDIUM

EPSS-0.05% / 16.46%

7 Day CHG~0.00%

Published-06 Oct, 2009 | 17:22

Updated-07 Aug, 2024 | 06:31

puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.

Vendor-reductivelabs n/a Fedora Project

Product-puppet fedora n/a

CWE ID-CWE-264

Not Available

CVE-2008-0928

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs