NVD Vulnerability Detail

CVE-2018-16867

Summary	A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
Publication Date	Dec. 12, 2018, 10:29 p.m.
Registration Date	March 1, 2021, 7:05 p.m.
Last Update	Nov. 21, 2024, 12:53 p.m.

Affected software configurations

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:29:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/106195	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/106195	Third Party Advisory VDB Entry
3	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867	Issue Tracking Patch Third Party Advisory
4	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867	Issue Tracking Patch Third Party Advisory
5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
7	https://usn.ubuntu.com/3923-1/	Third Party Advisory
8	https://usn.ubuntu.com/3923-1/	Third Party Advisory
9	https://www.openwall.com/lists/oss-security/2018/12/06/1	Mailing List Patch Third Party Advisory
10	https://www.openwall.com/lists/oss-security/2018/12/06/1	Mailing List Patch Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-362	競合状態	https://cwe.mitre.org/data/definitions/362.html

JVN Vulnerability Information

qemu Media Transfer Protocol におけるパストラバーサルの脆弱性

Title	qemu Media Transfer Protocol におけるパストラバーサルの脆弱性
Summary	qemu Media Transfer Protocol (MTP) には、パストラバーサルの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 12, 2018, midnight
Registration Date	Feb. 14, 2019, 6:04 p.m.
Last Update	Feb. 14, 2019, 6:04 p.m.

Affected System

Fabrice Bellard

QEMU 3.1.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-16867	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16867
2	CVE-2018-16867	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16867
National Vulnerability Database (NVD)
3	CVE-2018-16867	https://nvd.nist.gov/vuln/detail/CVE-2018-16867
4	CVE-2018-16867	https://nvd.nist.gov/vuln/detail/CVE-2018-16867
関連文書
5	CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)	https://www.openwall.com/lists/oss-security/2018/12/06/1
6	CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)	https://www.openwall.com/lists/oss-security/2018/12/06/1

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html
2	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

その他

No	Name	URL
関連文書
1	Bug 1654885	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867
2	Bug 1654885	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867

Change Log

No	Changed Details	Date of change
1	[2019年02月14日] 掲載	Feb. 14, 2019, 6:04 p.m.