Executive Summary
Summary | |
---|---|
Title | KVM vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-776-1 | First vendor Publication | 2009-05-12 |
Vendor | Ubuntu | Last vendor Modification | 2009-05-12 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 8.10: After a standard system upgrade you need to restart all KVM VMs to effect the necessary changes. Details follow: Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. (CVE-2008-2382) Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. (CVE-2008-4539) It was discovered that KVM's VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service. (CVE-2008-5714) |
Original Source
Url : http://www.ubuntu.com/usn/USN-776-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-200 | Information Exposure |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11021 | |||
Oval ID: | oval:org.mitre.oval:def:11021 | ||
Title: | The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. | ||
Description: | The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2004 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13482 | |||
Oval ID: | oval:org.mitre.oval:def:13482 | ||
Title: | USN-776-1 -- kvm vulnerabilities | ||
Description: | Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM�s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM�s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM�s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-776-1 CVE-2008-1945 CVE-2008-2004 CVE-2008-2382 CVE-2008-4539 CVE-2008-5714 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 | Product(s): | kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13656 | |||
Oval ID: | oval:org.mitre.oval:def:13656 | ||
Title: | USN-776-2 -- kvm regression | ||
Description: | USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM�s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM�s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM�s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-776-2 CVE-2008-1945 CVE-2008-2004 CVE-2008-2382 CVE-2008-4539 CVE-2008-5714 | Version: | 5 |
Platform(s): | Ubuntu 8.04 | Product(s): | kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22720 | |||
Oval ID: | oval:org.mitre.oval:def:22720 | ||
Title: | ELSA-2008:0194: xen security and bug fix update (Important) | ||
Description: | The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0194-01 CVE-2007-3919 CVE-2007-5730 CVE-2008-0928 CVE-2008-1943 CVE-2008-1944 CVE-2008-2004 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | xen |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7873 | |||
Oval ID: | oval:org.mitre.oval:def:7873 | ||
Title: | DSA-1799 qemu -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the QEMU processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: Ian Jackson discovered that range checks of file operations on emulated disk devices were insufficiently enforced. It was discovered that an error in the format auto detection of removable media could lead to the disclosure of files in the host system. A buffer overflow has been found in the emulation of the Cirrus graphics adaptor. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1799 CVE-2008-0928 CVE-2008-4539 CVE-2008-1945 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | qemu |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9905 | |||
Oval ID: | oval:org.mitre.oval:def:9905 | ||
Title: | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | ||
Description: | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1945 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-19 | Name : Debian Security Advisory DSA 1907-1 (kvm) File : nvt/deb_1907_1.nasl |
2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
2009-06-05 | Name : Ubuntu USN-774-1 (moin) File : nvt/ubuntu_774_1.nasl |
2009-06-05 | Name : Ubuntu USN-773-1 (pango1.0) File : nvt/ubuntu_773_1.nasl |
2009-06-05 | Name : Ubuntu USN-772-1 (mpfr) File : nvt/ubuntu_772_1.nasl |
2009-06-05 | Name : Ubuntu USN-771-1 (libmodplug) File : nvt/ubuntu_771_1.nasl |
2009-06-05 | Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl |
2009-06-05 | Name : Ubuntu USN-698-3 (nagios2) File : nvt/ubuntu_698_3.nasl |
2009-05-20 | Name : Debian Security Advisory DSA 1799-1 (qemu) File : nvt/deb_1799_1.nasl |
2009-05-20 | Name : Ubuntu USN-776-1 (kvm) File : nvt/ubuntu_776_1.nasl |
2009-04-09 | Name : Mandriva Update for qemu MDVSA-2008:162 (qemu) File : nvt/gb_mandriva_MDVSA_2008_162.nasl |
2009-04-06 | Name : SuSE Security Summary SUSE-SR:2009:008 File : nvt/suse_sr_2009_008.nasl |
2009-03-06 | Name : RedHat Update for xen RHSA-2008:0194-01 File : nvt/gb_RHSA-2008_0194-01_xen.nasl |
2009-03-06 | Name : RedHat Update for xen RHSA-2008:0892-01 File : nvt/gb_RHSA-2008_0892-01_xen.nasl |
2009-02-17 | Name : Fedora Update for kvm FEDORA-2008-9556 File : nvt/gb_fedora_2008_9556_kvm_fc8.nasl |
2009-02-16 | Name : Fedora Update for kvm FEDORA-2008-10000 File : nvt/gb_fedora_2008_10000_kvm_fc10.nasl |
2009-02-13 | Name : Fedora Update for kvm FEDORA-2008-11705 File : nvt/gb_fedora_2008_11705_kvm_fc9.nasl |
2009-02-13 | Name : Fedora Update for kvm FEDORA-2008-11727 File : nvt/gb_fedora_2008_11727_kvm_fc10.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:002 File : nvt/suse_sr_2009_002.nasl |
2009-01-20 | Name : Ubuntu USN-708-1 (hplip) File : nvt/ubuntu_708_1.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:010 (qemu) File : nvt/mdksa_2009_010.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:009 (kvm) File : nvt/mdksa_2009_009.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:008 (qemu) File : nvt/mdksa_2009_008.nasl |
2009-01-07 | Name : Ubuntu USN-702-1 (samba) File : nvt/ubuntu_702_1.nasl |
2009-01-07 | Name : Ubuntu USN-703-1 (xterm) File : nvt/ubuntu_703_1.nasl |
2008-11-19 | Name : FreeBSD Ports: qemu, qemu-devel File : nvt/freebsd_qemu3.nasl |
2008-09-04 | Name : FreeBSD Ports: qemu, qemu-devel File : nvt/freebsd_qemu2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
52913 | KVM kvm-79 VNC Server vnc.c protocol_client_msg Function Crafted Message Remo... |
52912 | QEMU VNC Server vnc.c protocol_client_msg Function Crafted Message Remote DoS |
51033 | Qemu monitor.c Off-by-one VNC Password Weakness |
48798 | QEMU -usbdevice Option diskformat: Parameter Host OS Arbitrary File Access |
44918 | QEMU vl.c drive_init() Function Crafted Disk Image Header Arbitrary Local Fil... |
35494 | QEMU Cirrus VGA Extension cirrus_invalidate_region Function Multiple Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2008-2007.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2008-2003.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0892.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0194.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10083.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081001_xen_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080513_xen_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1907.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0892.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0194.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kvm-090112.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_qemu-090325.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kvm-090112.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_qemu-090325.nasl - Type : ACT_GATHER_INFO |
2009-05-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-2.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-1.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1799.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-11727.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-162.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-010.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-009.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-703-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-008.nasl - Type : ACT_GATHER_INFO |
2009-04-03 | Name : The remote openSUSE host is missing a security update. File : suse_qemu-6123.nasl - Type : ACT_GATHER_INFO |
2008-12-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-11705.nasl - Type : ACT_GATHER_INFO |
2008-11-03 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_07bb3bd2a92011dd85030211060005df.nasl - Type : ACT_GATHER_INFO |
2008-10-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0892.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote openSUSE host is missing a security update. File : suse_qemu-5270.nasl - Type : ACT_GATHER_INFO |
2008-05-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0194.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8950ac621d3011dd93880211060005df.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:57 |
|