CVE-2015-4037 - OpenCVE

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
http://www.debian.org/security/2015/dsa-3284
http://www.debian.org/security/2015/dsa-3285
http://www.openwall.com/lists/oss-security/2015/05/13/7
http://www.openwall.com/lists/oss-security/2015/05/16/5
http://www.openwall.com/lists/oss-security/2015/05/23/4
http://www.securityfocus.com/bid/74809
http://www.securitytracker.com/id/1032547
http://www.ubuntu.com/usn/USN-2630-1
https://bugzilla.redhat.com/show_bug.cgi?id=1222892
https://nvd.nist.gov/vuln/detail/CVE-2015-4037
https://www.cve.org/CVERecord?id=CVE-2015-4037

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-08-26T19:00:00

Updated: 2024-08-06T06:04:02.725Z

Reserved: 2015-05-19T00:00:00

Link: CVE-2015-4037

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-08-26T19:59:05.737

Modified: 2016-12-24T02:59:16.477

Link: CVE-2015-4037

Redhat

Severity : Moderate

Publid Date: 2015-05-13T00:00:00Z

Links: CVE-2015-4037 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-2630-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"name": "SUSE-SU-2015:1152", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"}, {"name": "[oss-security] 20150523 Re: QEMU 2.3.0 tmp vulns CVE request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/05/23/4"}, {"name": "SUSE-SU-2015:1519", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"}, {"name": "FEDORA-2015-9599", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html"}, {"name": "FEDORA-2015-9601", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html"}, {"name": "[oss-security] 20150516 Re: QEMU 2.3.0 tmp vulns CVE request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/05/16/5"}, {"name": "DSA-3284", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3284"}, {"name": "1032547", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032547"}, {"name": "openSUSE-SU-2015:1965", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"}, {"name": "74809", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74809"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892"}, {"name": "[oss-security] 20150513 QEMU 2.3.0 tmp vulns CVE request", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/05/13/7"}, {"name": "DSA-3285", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3285"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:04:02.725Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2630-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"name": "SUSE-SU-2015:1152", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"}, {"name": "[oss-security] 20150523 Re: QEMU 2.3.0 tmp vulns CVE request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/05/23/4"}, {"name": "SUSE-SU-2015:1519", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"}, {"name": "FEDORA-2015-9599", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html"}, {"name": "FEDORA-2015-9601", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html"}, {"name": "[oss-security] 20150516 Re: QEMU 2.3.0 tmp vulns CVE request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/05/16/5"}, {"name": "DSA-3284", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3284"}, {"name": "1032547", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032547"}, {"name": "openSUSE-SU-2015:1965", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"}, {"name": "74809", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74809"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892"}, {"name": "[oss-security] 20150513 QEMU 2.3.0 tmp vulns CVE request", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/05/13/7"}, {"name": "DSA-3285", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3285"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-4037", "datePublished": "2015-08-26T19:00:00", "dateReserved": "2015-05-19T00:00:00", "dateUpdated": "2024-08-06T06:04:02.725Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABF17A18-4BE8-41B7-B50C-F4A137B3B2F1", "versionEndIncluding": "2.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n slirp_smb en net/slirp.c en QEMU 2.3.0 y en versiones anteriores, crea archivos temporales con nombres predecibles, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (fallo en la instanciaci\u00f3n) creando archivos /tmp/qemu-smb.*-* antes que el programa."}], "id": "CVE-2015-4037", "lastModified": "2016-12-24T02:59:16.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-26T19:59:05.737", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3284"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3285"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/05/13/7"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/05/16/5"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/05/23/4"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/74809"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1032547"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "qemu: insecure temporary file use in /net/slirp.c", "id": "1222892", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "draft"}, "cwe": "CWE-377", "details": ["The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program."], "name": "CVE-2015-4037", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "qemu-guest-agent", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:4", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 4"}], "public_date": "2015-05-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-4037\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4037"], "statement": "This issue affects the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7, and the versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.", "threat_severity": "Moderate"}