|
From: | Konstantin Kostiuk |
Subject: | Re: [PATCH v2 0/2] QGA installer fixes |
Date: | Mon, 27 Feb 2023 10:18:50 +0200 |
On 21/2/23 12:21, Konstantin Kostiuk wrote:
> resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423
> fixes: CVE-2023-0664
>
> CVE Technical details: The cached installer for QEMU Guest Agent in c:\windows\installer
> (https://github.com/qemu/qemu/blob/master/qga/installer/qemu-ga.wxs),
> can be leveraged to begin a repair of the installation without validation
> that the repair is being performed by an administrative user. The MSI repair
> custom action "RegisterCom" and "UnregisterCom" is not set for impersonation
> which allows for the actions to occur as the SYSTEM account
> (LINE 137 AND 145 of qemu-ga.wxs). The custom action also leverages cmd.exe
> to run qemu-ga.exe in line 134 and 142 which causes an interactive command
> shell to spawn even though the MSI is set to be non-interactive on line 53.
>
> v1: https://lists.nongnu.org/archive/html/qemu-devel/2023-02/msg05661.html
Per
CAA8xKjUQFBVgDVJ059FvGoSjkv+kZ5jB1gfMNz+ao-twH7FDRg@mail.gmail.com/" rel="noreferrer" target="_blank">https://lore.kernel.org/qemu-devel/CAA8xKjUQFBVgDVJ059FvGoSjkv+kZ5jB1gfMNz+ao-twH7FDRg@mail.gmail.com/:
Reported-by: Brian Wiltse <brian.wiltse@live.com>
> v1 -> v2:
> Add explanation into commit messages
Thanks, much appreciated!
> Konstantin Kostiuk (2):
> qga/win32: Remove change action from MSI installer
> qga/win32: Use rundll for VSS installation
>
> qga/installer/qemu-ga.wxs | 11 ++++++-----
> qga/vss-win32/install.cpp | 9 +++++++++
> qga/vss-win32/qga-vss.def | 2 ++
> 3 files changed, 17 insertions(+), 5 deletions(-)
>
> --
> 2.25.1
>
[Prev in Thread] | Current Thread | [Next in Thread] |