Executive Summary
Summary | |
---|---|
Title | qemu-kvm security update |
Informations | |||
---|---|---|---|
Name | DSA-2282 | First vendor Publication | 2011-07-25 |
Vendor | Debian | Last vendor Modification | 2011-07-25 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.4 | Attack Range | Adjacent network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 4.4 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2527 Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation. For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze6. For the unstable distribution (sid), this problem has been fixed in version 0.14.1+dfsg-3. We recommend that you upgrade your qemu-kvm packages. |
Original Source
Url : http://www.debian.org/security/2011/dsa-2282 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12960 | |||
Oval ID: | oval:org.mitre.oval:def:12960 | ||
Title: | DSA-2282-1 qemu-kvm -- several | ||
Description: | Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2527 Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2282-1 CVE-2011-2212 CVE-2011-2527 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14171 | |||
Oval ID: | oval:org.mitre.oval:def:14171 | ||
Title: | USN-1177-1 -- qemu-kvm vulnerability | ||
Description: | qemu-kvm: Machine emulator and virtualizer QEMU could be made to run with adminstrator group privileges under certain circumstances. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1177-1 CVE-2011-2527 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26941 | |||
Oval ID: | oval:org.mitre.oval:def:26941 | ||
Title: | RHSA-2011:1531 -- qemu-kvm security, bug fix, and enhancement update (Moderate) | ||
Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line ("/usr/libexec/qemu-kvm") with the "-runas" option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group. (CVE-2011-2527) Note: This issue only affected qemu-kvm when it was started directly from the command line. It did not affect the Red Hat Enterprise Virtualization platform or applications that start qemu-kvm via libvirt, such as the Virtual Machine Manager (virt-manager). This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. All users of qemu-kvm are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1531 CVE-2011-2527 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27567 | |||
Oval ID: | oval:org.mitre.oval:def:27567 | ||
Title: | ELSA-2011-1531 -- qemu-kvm security, bug fix, and enhancement update (moderate) | ||
Description: | [qemu-kvm-0.12.1.2-2.209.el6] - kvm-hda-do-not-mix-output-and-input-streams-RHBZ-740493-v2.patch [bz#740493] - kvm-hda-do-not-mix-output-and-input-stream-states-RHBZ-740493-v2.patch [bz#740493] - kvm-intel-hda-fix-stream-search.patch [bz#740493] - Resolves: bz#740493 (audio playing doesn't work when sound recorder is opened) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1531 CVE-2011-2527 | Version: | 3 |
Platform(s): | Oracle Linux 6 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-22 | Name : Gentoo Security Advisory GLSA 201210-04 (ebuild) File : nvt/glsa_201210_04.nasl |
2012-07-09 | Name : RedHat Update for qemu-kvm RHSA-2011:1531-03 File : nvt/gb_RHSA-2011_1531-03_qemu-kvm.nasl |
2012-06-08 | Name : Fedora Update for qemu FEDORA-2012-8604 File : nvt/gb_fedora_2012_8604_qemu_fc15.nasl |
2012-06-06 | Name : RedHat Update for qemu-kvm RHSA-2011:0919-01 File : nvt/gb_RHSA-2011_0919-01_qemu-kvm.nasl |
2011-08-07 | Name : Debian Security Advisory DSA 2282-1 (qemu-kvm) File : nvt/deb_2282_1.nasl |
2011-08-02 | Name : Ubuntu Update for qemu-kvm USN-1177-1 File : nvt/gb_ubuntu_USN_1177_1.nasl |
2011-07-08 | Name : Ubuntu Update for qemu-kvm USN-1165-1 File : nvt/gb_ubuntu_USN_1165_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74752 | qemu-kvm -runas Option Local Privilege Escalation |
73618 | Qemu VirtIO virtqueue Request Parsing Local Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_kvm-110711.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_kvm-110711.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_kvm-120124.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0919.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0919.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1531.nasl - Type : ACT_GATHER_INFO |
2012-10-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201210-04.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-06-08 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8604.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-120116.nasl - Type : ACT_GATHER_INFO |
2011-07-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1177-1.nasl - Type : ACT_GATHER_INFO |
2011-07-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2282.nasl - Type : ACT_GATHER_INFO |
2011-07-19 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_kvm-110630.nasl - Type : ACT_GATHER_INFO |
2011-07-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1165-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:30:20 |
|