Vigil@nce - QEMU Guest Agent: privilege escalation via permissions
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is located in a guest system, can alter a file of
the QEMU Guest Agent, in order to escalate his privileges in his
guest system.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 07/05/2013
DESCRIPTION OF THE VULNERABILITY
The QEMU Guest Agent (qemu-ga) daemon uses QMP (QEMU Monitor
Protocol) commands in order to communicate with an instance.
However, this daemon creates its log and state files in mode 0666
(read and write for the world).
An attacker, who is located in a guest system, can therefore alter
a file of the QEMU Guest Agent, in order to escalate his
privileges in his guest system. Technical details about the
precise attack vector are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/QEMU-Guest-Agent-privilege-escalation-via-permissions-12759