Executive Summary
Summary | |
---|---|
Title | New kvm packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1907 | First vendor Publication | 2009-10-13 |
Vendor | Debian | Last vendor Modification | 2009-10-13 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5714 Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. CVE-2009-3290 It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. For the stable distribution (lenny), these problems have been fixed in version 72+dfsg-5~lenny3. The oldstable distribution (etch) does not contain kvm. For the testing distribution (squeeze) these problems will be fixed soon. For the unstable distribution (sid) these problems have been fixed in version 85+dfsg-4.1 We recommend that you upgrade your kvm packages. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1907 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11328 | |||
Oval ID: | oval:org.mitre.oval:def:11328 | ||
Title: | The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses." | ||
Description: | The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3290 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13413 | |||
Oval ID: | oval:org.mitre.oval:def:13413 | ||
Title: | DSA-1907-1 kvm -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5714 Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. CVE-2009-3290 It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service and read or write guest kernel memory. For the stable distribution, these problems have been fixed in version 72+dfsg-5~lenny3. The oldstable distribution does not contain kvm. For the testing distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 85+dfsg-4.1 We recommend that you upgrade your kvm packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1907-1 CVE-2008-5714 CVE-2009-3290 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13482 | |||
Oval ID: | oval:org.mitre.oval:def:13482 | ||
Title: | USN-776-1 -- kvm vulnerabilities | ||
Description: | Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM�s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM�s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM�s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-776-1 CVE-2008-1945 CVE-2008-2004 CVE-2008-2382 CVE-2008-4539 CVE-2008-5714 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 | Product(s): | kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13656 | |||
Oval ID: | oval:org.mitre.oval:def:13656 | ||
Title: | USN-776-2 -- kvm regression | ||
Description: | USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM�s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM�s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM�s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-776-2 CVE-2008-1945 CVE-2008-2004 CVE-2008-2382 CVE-2008-4539 CVE-2008-5714 | Version: | 5 |
Platform(s): | Ubuntu 8.04 | Product(s): | kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22837 | |||
Oval ID: | oval:org.mitre.oval:def:22837 | ||
Title: | ELSA-2009:1465: kvm security and bug fix update (Important) | ||
Description: | The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1465-01 CVE-2009-3290 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7760 | |||
Oval ID: | oval:org.mitre.oval:def:7760 | ||
Title: | DSA-1907 kvm -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. The oldstable distribution (etch) does not contain kvm. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1907 CVE-2008-5714 CVE-2009-3290 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | kvm |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for kvm-83-105.el5_ CESA-2009:1465 centos5 i386 File : nvt/gb_CESA-2009_1465_kvm-83-105.el5__centos5_i386.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1804 File : nvt/gb_fedora_2010_1804_kernel_fc11.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-0919 File : nvt/gb_fedora_2010_0919_kernel_fc11.nasl |
2010-03-02 | Name : Fedora Update for kernel FEDORA-2010-1500 File : nvt/gb_fedora_2010_1500_kernel_fc11.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13694 (kernel) File : nvt/fcore_2009_13694.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13098 (kernel) File : nvt/fcore_2009_13098.nasl |
2009-12-10 | Name : Fedora Core 11 FEDORA-2009-12786 (kernel) File : nvt/fcore_2009_12786.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1465 (kvm) File : nvt/ovcesa2009_1465.nasl |
2009-11-11 | Name : Mandriva Security Advisory MDVSA-2009:289 (kernel) File : nvt/mdksa_2009_289.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10639 (kernel) File : nvt/fcore_2009_10639.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-11032 (kernel) File : nvt/fcore_2009_11032.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-11038 (kernel) File : nvt/fcore_2009_11038.nasl |
2009-10-27 | Name : Debian Security Advisory DSA 1915-1 (linux-2.6) File : nvt/deb_1915_1.nasl |
2009-10-19 | Name : Debian Security Advisory DSA 1907-1 (kvm) File : nvt/deb_1907_1.nasl |
2009-10-19 | Name : Fedora Core 10 FEDORA-2009-10525 (kernel) File : nvt/fcore_2009_10525.nasl |
2009-10-06 | Name : Fedora Core 10 FEDORA-2009-10165 (kernel) File : nvt/fcore_2009_10165.nasl |
2009-10-06 | Name : RedHat Security Advisory RHSA-2009:1465 File : nvt/RHSA_2009_1465.nasl |
2009-06-05 | Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl |
2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
2009-05-20 | Name : Ubuntu USN-776-1 (kvm) File : nvt/ubuntu_776_1.nasl |
2009-04-06 | Name : SuSE Security Summary SUSE-SR:2009:008 File : nvt/suse_sr_2009_008.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:008 (qemu) File : nvt/mdksa_2009_008.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:009 (kvm) File : nvt/mdksa_2009_009.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:002 File : nvt/suse_sr_2009_002.nasl |
2009-01-20 | Name : Ubuntu USN-708-1 (hplip) File : nvt/ubuntu_708_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58214 | Linux Kernel arch/x86/kvm/x86.c kvm_emulate_hypercall() Function Arbitrary Gu... |
51033 | Qemu monitor.c Off-by-one VNC Password Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1465.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1465.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1907.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1915.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1465.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10639.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-289.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-852-1.nasl - Type : ACT_GATHER_INFO |
2009-10-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-10165.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kvm-090112.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_qemu-090325.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kvm-090112.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_qemu-090325.nasl - Type : ACT_GATHER_INFO |
2009-05-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-2.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-008.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-009.nasl - Type : ACT_GATHER_INFO |
2009-04-03 | Name : The remote openSUSE host is missing a security update. File : suse_qemu-6123.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:28:54 |
|