Executive Summary
Summary | |
---|---|
Title | qemu-kvm security update |
Informations | |||
---|---|---|---|
Name | DSA-3067 | First vendor Publication | 2014-11-06 |
Vendor | Debian | Last vendor Modification | 2014-11-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. CVE-2014-7815 James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest. For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u5. We recommend that you upgrade your qemu-kvm packages. |
Original Source
Url : http://www.debian.org/security/2014/dsa-3067 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-269 | Improper Privilege Management |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:27312 | |||
Oval ID: | oval:org.mitre.oval:def:27312 | ||
Title: | DSA-3067-1 -- qemu-kvm security update | ||
Description: | Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3067-1 CVE-2014-3689 CVE-2014-7815 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | qemu-kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28093 | |||
Oval ID: | oval:org.mitre.oval:def:28093 | ||
Title: | DSA-3066-1 -- qemu security update | ||
Description: | Several vulnerabilities were discovered in qemu, a fast processor emulator. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3066-1 CVE-2014-3689 CVE-2014-7815 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | qemu |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28286 | |||
Oval ID: | oval:org.mitre.oval:def:28286 | ||
Title: | USN-2409-1 -- QEMU vulnerabilities | ||
Description: | Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3615">CVE-2014-3615</a>) Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3640">CVE-2014-3640</a>) It was discovered that QEMU incorrectly handled parameter validation in the vmware_vga device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-3689">CVE-2014-3689</a>) It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5263">CVE-2014-5263</a>) Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the ACPI PCI hotplug interface. A malicious guest could possibly use this issue to access memory of the host, leading to information disclosure or privilege escalation. This issue only affected Ubuntu 14.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5388">CVE-2014-5388</a>) James Spadaro discovered that QEMU incorrectly handled certain VNC bytes_per_pixel values. An attacker having access to a VNC console could possibly use this issue to cause a guest to crash, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7815">CVE-2014-7815</a>) | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2409-1 CVE-2014-3615 CVE-2014-3640 CVE-2014-3689 CVE-2014-5263 CVE-2014-5388 CVE-2014-7815 | Version: | 5 |
Platform(s): | Ubuntu 14.10 Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | qemu qemu-kvm |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2015-10-01 | QEMU VNC set-pixel-format memory corruption attempt RuleID : 35851 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-10-26 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-2628-1.nasl - Type : ACT_GATHER_INFO |
2016-08-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1785-1.nasl - Type : ACT_GATHER_INFO |
2016-08-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1745-1.nasl - Type : ACT_GATHER_INFO |
2016-08-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1698-1.nasl - Type : ACT_GATHER_INFO |
2016-06-17 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1560-1.nasl - Type : ACT_GATHER_INFO |
2016-06-17 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1445-1.nasl - Type : ACT_GATHER_INFO |
2016-05-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1318-1.nasl - Type : ACT_GATHER_INFO |
2016-04-27 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1154-1.nasl - Type : ACT_GATHER_INFO |
2016-04-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-439.nasl - Type : ACT_GATHER_INFO |
2016-04-07 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0955-1.nasl - Type : ACT_GATHER_INFO |
2016-04-01 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-413.nasl - Type : ACT_GATHER_INFO |
2016-03-25 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0873-1.nasl - Type : ACT_GATHER_INFO |
2015-10-21 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1782-1.nasl - Type : ACT_GATHER_INFO |
2015-04-30 | Name : The remote host is missing a vendor-supplied security patch. File : citrix_xenserver_CTX200892.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150305_qemu_kvm_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-03-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-061.nasl - Type : ACT_GATHER_INFO |
2015-03-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0349.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0349.nasl - Type : ACT_GATHER_INFO |
2015-03-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0624.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0349.nasl - Type : ACT_GATHER_INFO |
2014-12-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-37.nasl - Type : ACT_GATHER_INFO |
2014-12-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-01.nasl - Type : ACT_GATHER_INFO |
2014-11-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-220.nasl - Type : ACT_GATHER_INFO |
2014-11-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2409-1.nasl - Type : ACT_GATHER_INFO |
2014-11-11 | Name : The remote Fedora host is missing a security update. File : fedora_2014-14033.nasl - Type : ACT_GATHER_INFO |
2014-11-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13993.nasl - Type : ACT_GATHER_INFO |
2014-11-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3066.nasl - Type : ACT_GATHER_INFO |
2014-11-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3067.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-11-14 21:30:45 |
|
2014-11-08 13:32:00 |
|
2014-11-06 17:22:55 |
|