ID CVE-2015-1779
Summary The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
References
Vulnerable Configurations
  • QEMU
    cpe:2.3:a:qemu:qemu
  • Canonical Ubuntu Linux 14.10
    cpe:2.3:o:canonical:ubuntu_linux:14.10
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • Novell SUSE Linux Enterprise Server 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0
  • Novell SUSE Linux Enterprise Desktop 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
  • Novell SUSE Linux Enterprise Server 11.0 Service Pack 3
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3
  • Novell SUSE Linux Enterprise Desktop 11.0 Service Pack 3
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3
  • Fedora 22
    cpe:2.3:o:fedoraproject:fedora:22
  • Fedora 21
    cpe:2.3:o:fedoraproject:fedora:21
CVSS
Base: 7.8 (as of 15-01-2016 - 11:17)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
redhat via4
advisories
  • bugzilla
    id 1273098
    title qemu-kvm build failure race condition in tests/ide-test
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment libcacard is earlier than 10:1.5.3-86.el7_1.8
          oval oval:com.redhat.rhsa:tst:20151943009
        • comment libcacard is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704008
      • AND
        • comment libcacard-devel is earlier than 10:1.5.3-86.el7_1.8
          oval oval:com.redhat.rhsa:tst:20151943011
        • comment libcacard-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704010
      • AND
        • comment libcacard-tools is earlier than 10:1.5.3-86.el7_1.8
          oval oval:com.redhat.rhsa:tst:20151943005
        • comment libcacard-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704016
      • AND
        • comment qemu-img is earlier than 10:1.5.3-86.el7_1.8
          oval oval:com.redhat.rhsa:tst:20151943007
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 10:1.5.3-86.el7_1.8
          oval oval:com.redhat.rhsa:tst:20151943013
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-common is earlier than 10:1.5.3-86.el7_1.8
          oval oval:com.redhat.rhsa:tst:20151943015
        • comment qemu-kvm-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704018
      • AND
        • comment qemu-kvm-tools is earlier than 10:1.5.3-86.el7_1.8
          oval oval:com.redhat.rhsa:tst:20151943017
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2015:1943
    released 2015-10-27
    severity Moderate
    title RHSA-2015:1943: qemu-kvm security update (Moderate)
  • rhsa
    id RHSA-2015:1931
rpms
  • libcacard-10:1.5.3-86.el7_1.8
  • libcacard-devel-10:1.5.3-86.el7_1.8
  • libcacard-tools-10:1.5.3-86.el7_1.8
  • qemu-img-10:1.5.3-86.el7_1.8
  • qemu-kvm-10:1.5.3-86.el7_1.8
  • qemu-kvm-common-10:1.5.3-86.el7_1.8
  • qemu-kvm-tools-10:1.5.3-86.el7_1.8
refmap via4
bid 73303
confirm http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
debian DSA-3259
fedora
  • FEDORA-2015-5482
  • FEDORA-2015-5541
gentoo GLSA-201602-01
mlist
  • [Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets
  • [Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames
  • [Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients
  • [oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
  • [oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder
sectrack 1033975
suse
  • SUSE-SU-2015:0870
  • SUSE-SU-2015:0896
ubuntu USN-2608-1
Last major update 14-10-2016 - 22:00
Published 12-01-2016 - 14:59
Last modified 30-06-2017 - 21:29
Back to Top