Bug 1161180 - (CVE-2020-7211) VUL-0: CVE-2020-7211: kvm,qemu: potential directory traversal using relative paths via tftp server on Windows host
(CVE-2020-7211)
VUL-0: CVE-2020-7211: kvm,qemu: potential directory traversal using relative ...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/251288/
CVSSv3.1:SUSE:CVE-2020-7211:5.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-01-17 12:12 UTC by Alexandros Toptsoglou
Modified: 2020-06-09 19:47 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-01-17 12:12:43 UTC
CVE-2020-7211

A potential directory traversal issue was found in the tftp server
of the SLiRP user-mode networking implementation used by QEMU.
It could occur on Windows host, as it allows to use both forward ('/')
and backward slash('\') tokens as separators in a file path.

A user able to access the tftp server could use this flaw to access
undue files by using relative paths.

Upstream patch:
---------------
  -> https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2020/01/17/2

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1792130
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7211
http://seclists.org/oss-sec/2020/q1/15
https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
Comment 1 Alexandros Toptsoglou 2020-01-17 12:20:47 UTC
Tracked as affected the following:

kvm --> SLE11-SP1, SLE11-SP3
qemu --> SLE11, SLE12-SP1,2,3,4,5, SLE15,SLE15-SP1
Comment 2 Bruce Rogers 2020-03-12 21:59:02 UTC
The fix is specifically for a Windows build of qemu, and hence doesn't affect our products.