Executive Summary

Summary
Titleqemu-kvm security update
Informations
NameDSA-2396First vendor Publication2012-01-27
VendorDebianLast vendor Modification2012-01-27
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score7.4Attack RangeAdjacent network
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score4.4AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.

This update also fixes a guest-triggerable memory corruption in VNC handling.

For the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze8.

For the unstable distribution (sid), this problem has been fixed in version 1.0+dfsg-5.

We recommend that you upgrade your qemu-kvm packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2396

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21269
 
Oval ID: oval:org.mitre.oval:def:21269
Title: RHSA-2012:0370: xen security and bug fix update (Important)
Description: Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
Family: unix Class: patch
Reference(s): RHSA-2012:0370-01
CVE-2012-0029
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): xen
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21188
 
Oval ID: oval:org.mitre.oval:def:21188
Title: RHSA-2012:0050: qemu-kvm security, bug fix, and enhancement update (Important)
Description: Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
Family: unix Class: patch
Reference(s): RHSA-2012:0050-01
CESA-2012:0050
CVE-2012-0029
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20784
 
Oval ID: oval:org.mitre.oval:def:20784
Title: RHSA-2012:0051: kvm security update (Important)
Description: Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
Family: unix Class: patch
Reference(s): RHSA-2012:0051-01
CESA-2012:0051
CVE-2011-4622
CVE-2012-0029
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15404
 
Oval ID: oval:org.mitre.oval:def:15404
Title: DSA-2404-1 xen-qemu-dm-4.0 -- buffer overflow
Description: Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges. The old stable distribution does not contain the xen-qemu-dm-4.0 package.
Family: unix Class: patch
Reference(s): DSA-2404-1
CVE-2012-0029
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): xen-qemu-dm-4.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15011
 
Oval ID: oval:org.mitre.oval:def:15011
Title: USN-1339-1 -- QEMU vulnerability
Description: qemu-kvm: Machine emulator and virtualizer A remote attacker could cause QEMU to crash.
Family: unix Class: patch
Reference(s): USN-1339-1
CVE-2012-0029
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 10.10
Product(s): QEMU
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14929
 
Oval ID: oval:org.mitre.oval:def:14929
Title: DSA-2396-1 qemu-kvm -- buffer underflow
Description: Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation. This update also fixes a guest-triggerable memory corruption in VNC handling.
Family: unix Class: patch
Reference(s): DSA-2396-1
CVE-2012-0029
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23839
 
Oval ID: oval:org.mitre.oval:def:23839
Title: ELSA-2012:0050: qemu-kvm security, bug fix, and enhancement update (Important)
Description: Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
Family: unix Class: patch
Reference(s): ELSA-2012:0050-01
CVE-2012-0029
Version: 6
Platform(s): Oracle Linux 6
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23102
 
Oval ID: oval:org.mitre.oval:def:23102
Title: ELSA-2012:0051: kvm security update (Important)
Description: Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
Family: unix Class: patch
Reference(s): ELSA-2012:0051-01
CVE-2011-4622
CVE-2012-0029
Version: 13
Platform(s): Oracle Linux 5
Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22829
 
Oval ID: oval:org.mitre.oval:def:22829
Title: ELSA-2012:0370: xen security and bug fix update (Important)
Description: Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
Family: unix Class: patch
Reference(s): ELSA-2012:0370-01
CVE-2012-0029
Version: 6
Platform(s): Oracle Linux 5
Product(s): xen
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27905
 
Oval ID: oval:org.mitre.oval:def:27905
Title: ELSA-2012-0370 -- xen security and bug fix update (important)
Description: [3.0.3-135.el5_8.2] - Fix broken timestamp log (rhbz 797836) [3.0.3-135.el5_8.1] - qemu-dm/e1000: bounds packet size against buffer size (rhbz 786862) - Use correct expansion in xen-network-common.sh (rhbz 797191)
Family: unix Class: patch
Reference(s): ELSA-2012-0370
CVE-2012-0029
Version: 3
Platform(s): Oracle Linux 5
Product(s): xen
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27871
 
Oval ID: oval:org.mitre.oval:def:27871
Title: ELSA-2012-0050 -- qemu-kvm security, bug fix, and enhancement update (important)
Description: [qemu-kvm-0.12.1.2-2.209.el6_2.4] - kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772081] - Resolves: bz#772081 (EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-6.2.z]) [qemu-kvm-0.12.1.2-2.209.el6_2.3] - kvm-Revert-virtio-blk-refuse-SG_IO-requests-with-scsi-of.patch [for bz#767721] - kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off-v2.patch [bz#767721] - CVE: CVE-2011-4127 - Resolves: bz#767721 (qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.2.z]) [qemu-kvm-0.12.1.2-2.209.el6_2.2] - kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off.patch [bz#752375] - CVE: CVE-2011-4127 - Resolves: bz#767721 (EMBARGOED qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.3]) - Resolves: bz#767906 (qemu-kvm should be built with full relro and PIE support)
Family: unix Class: patch
Reference(s): ELSA-2012-0050
CVE-2012-0029
Version: 3
Platform(s): Oracle Linux 6
Product(s): qemu-kvm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

OpenVAS Exploits

DateDescription
2012-12-18Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-11-23Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-15Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-10-22Name : Gentoo Security Advisory GLSA 201210-04 (ebuild)
File : nvt/glsa_201210_04.nasl
2012-10-19Name : Fedora Update for qemu FEDORA-2012-15606
File : nvt/gb_fedora_2012_15606_qemu_fc16.nasl
2012-09-22Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-08-24Name : Fedora Update for xen FEDORA-2012-11785
File : nvt/gb_fedora_2012_11785_xen_fc16.nasl
2012-08-14Name : Fedora Update for qemu FEDORA-2012-11305
File : nvt/gb_fedora_2012_11305_qemu_fc16.nasl
2012-08-06Name : Fedora Update for xen FEDORA-2012-11190
File : nvt/gb_fedora_2012_11190_xen_fc16.nasl
2012-07-30Name : CentOS Update for qemu-img CESA-2012:0050 centos6
File : nvt/gb_CESA-2012_0050_qemu-img_centos6.nasl
2012-07-30Name : CentOS Update for kmod-kvm CESA-2012:0051 centos5
File : nvt/gb_CESA-2012_0051_kmod-kvm_centos5.nasl
2012-07-09Name : RedHat Update for qemu-kvm RHSA-2012:0050-01
File : nvt/gb_RHSA-2012_0050-01_qemu-kvm.nasl
2012-06-28Name : Fedora Update for xen FEDORA-2012-9399
File : nvt/gb_fedora_2012_9399_xen_fc16.nasl
2012-06-28Name : Fedora Update for xen FEDORA-2012-9430
File : nvt/gb_fedora_2012_9430_xen_fc15.nasl
2012-06-08Name : Fedora Update for qemu FEDORA-2012-8592
File : nvt/gb_fedora_2012_8592_qemu_fc16.nasl
2012-06-08Name : Fedora Update for qemu FEDORA-2012-8604
File : nvt/gb_fedora_2012_8604_qemu_fc15.nasl
2012-04-02Name : Fedora Update for xen FEDORA-2012-1375
File : nvt/gb_fedora_2012_1375_xen_fc16.nasl
2012-03-09Name : RedHat Update for xen RHSA-2012:0370-01
File : nvt/gb_RHSA-2012_0370-01_xen.nasl
2012-02-21Name : Fedora Update for xen FEDORA-2012-1539
File : nvt/gb_fedora_2012_1539_xen_fc15.nasl
2012-02-12Name : Debian Security Advisory DSA 2404-1 (xen-qemu-dm-4.0)
File : nvt/deb_2404_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2396-1 (qemu-kvm)
File : nvt/deb_2396_1.nasl
2012-01-25Name : Ubuntu Update for qemu-kvm USN-1339-1
File : nvt/gb_ubuntu_USN_1339_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
78506Qemu hw/e1000.c process_tx_desc() Function DMA Request Legacy Packet Packet L...

Nessus® Vulnerability Scanner

DateDescription
2014-11-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0109.nasl - Type : ACT_GATHER_INFO
2014-11-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_qemu-120207.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-84.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-243.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_kvm-120124.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libvirt-120208.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-404.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0370.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0050.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0051.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0050.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0051.nasl - Type : ACT_GATHER_INFO
2012-10-19Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201210-04.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120307_xen_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120123_kvm_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-08Name : The remote Fedora host is missing a security update.
File : fedora_2012-8592.nasl - Type : ACT_GATHER_INFO
2012-06-08Name : The remote Fedora host is missing a security update.
File : fedora_2012-8604.nasl - Type : ACT_GATHER_INFO
2012-03-20Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xen-201202-120209.nasl - Type : ACT_GATHER_INFO
2012-03-20Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xen-201202-120210.nasl - Type : ACT_GATHER_INFO
2012-03-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0370.nasl - Type : ACT_GATHER_INFO
2012-02-20Name : The remote Fedora host is missing a security update.
File : fedora_2012-1539.nasl - Type : ACT_GATHER_INFO
2012-02-20Name : The remote Fedora host is missing a security update.
File : fedora_2012-1375.nasl - Type : ACT_GATHER_INFO
2012-02-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2404.nasl - Type : ACT_GATHER_INFO
2012-01-31Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2396.nasl - Type : ACT_GATHER_INFO
2012-01-30Name : The remote SuSE 11 host is missing a security update.
File : suse_11_kvm-120116.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0050.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0051.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1339-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2014-02-17 11:30:46
  • Multiple Updates
2013-05-11 00:44:17
  • Multiple Updates
2013-04-19 13:21:42
  • Multiple Updates
2013-01-04 13:20:52
  • Multiple Updates