ID CVE-2015-5279
Summary Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
References
Vulnerable Configurations
  • QEMU 2.4.0
    cpe:2.3:a:qemu:qemu:2.4.0
CVSS
Base: 7.2 (as of 29-09-2015 - 12:56)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2065.NASL
    description Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86887
    published 2015-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86887
    title CentOS 5 : xen (CESA-2015:2065)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1924.NASL
    description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86558
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86558
    title RHEL 6 : qemu-kvm (RHSA-2015:1924)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151022_KVM_ON_SL5_X.NASL
    description A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) NOTE: The following procedure must be performed before this update will take effect : 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using 'modprobe -r [module]') and reload (using 'modprobe [module]') all of the following modules which are currently running (determined using 'lsmod'): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 86563
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86563
    title Scientific Linux Security Update : kvm on SL5.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1925.NASL
    description From Red Hat Security Advisory 2015:1925 : Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 86557
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86557
    title Oracle Linux 5 : kvm (ELSA-2015-1925)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-015AEC3BF2.NASL
    description ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504), e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224), net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278), net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281), qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-03-04
    plugin id 89126
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89126
    title Fedora 21 : xen-4.4.3-4.fc21 (2015-015aec3bf2)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2065.NASL
    description From Red Hat Security Advisory 2015:2065 : Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 86892
    published 2015-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86892
    title Oracle Linux 5 : xen (ELSA-2015-2065)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-28CFCE6702.NASL
    description ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504), e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224), net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278), net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281), qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-03-04
    plugin id 89186
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89186
    title Fedora 23 : xen-4.5.1-9.fc23 (2015-28cfce6702)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1698-1.NASL
    description kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets (bsc#945987). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI NULL pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93169
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93169
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6AA3322FB15011E59728002590263BF5.NASL
    description Prasad J Pandit, Red Hat Product Security Team, reports : Qemu emulator built with the NE2000 NIC emulation support is vulnerable to an infinite loop issue. It could occur when receiving packets over the network. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS. Qemu emulator built with the NE2000 NIC emulation support is vulnerable to a heap buffer overflow issue. It could occur when receiving packets over the network. A privileged user inside guest could use this flaw to crash the Qemu instance or potentially execute arbitrary code on the host.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 87697
    published 2016-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87697
    title FreeBSD : qemu -- denial of service vulnerabilities in NE2000 NIC support (6aa3322f-b150-11e5-9728-002590263bf5)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1785-1.NASL
    description kvm was updated to fix 33 security issues. These security issues were fixed : - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets (bsc#945987). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI NULL pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93180
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93180
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-EFC1D7BA5E.NASL
    description ui/vnc: limit client_cut_text msg payload size [CVE-2015-5239] (#1259504), e1000: Avoid infinite loop in processing transmit descriptor [CVE-2015-6815] (#1260224), net: add checks to validate ring buffer pointers [CVE-2015-5279] (#1263278), net: avoid infinite loop when receiving packets [CVE-2015-5278] (#1263281), qemu buffer overflow in virtio-serial [CVE-2015-5745] (#1251354) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-03-04
    plugin id 89456
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89456
    title Fedora 22 : xen-4.5.1-9.fc22 (2015-efc1d7ba5e)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1925.NASL
    description Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86550
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86550
    title CentOS 5 : kvm (CESA-2015:1925)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3362.NASL
    description Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. - CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash). - CVE-2015-5279 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process. - CVE-2015-6815 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the e1000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash). - CVE-2015-6855 Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE subsystem in QEMU occurring while executing IDE's WIN_READ_NATIVE_MAX command to determine the maximum size of a drive. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86024
    published 2015-09-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86024
    title Debian DSA-3362-1 : qemu-kvm - security update
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL63519101.NASL
    description CVE-2014-8106 Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. CVE-2015-3209 Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. CVE-2015-5165 The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. CVE-2015-5279 Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. CVE-2015-7504 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. CVE-2015-7512 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Impact An attacker may be able to cause a denial of service (DoS) or execute arbitrary code if using the virtual drivers specified in these CVE descriptions.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 88770
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88770
    title F5 Networks BIG-IP : Multiple QEMU vulnerabilities (K63519101)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201602-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201602-01 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might cause a Denial of Service or gain escalated privileges from a guest VM. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 88587
    published 2016-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88587
    title GLSA-201602-01 : QEMU: Multiple vulnerabilities (Venom)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-16370.NASL
    description - CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225) * CVE-2015-6855: ide: divide by zero issue (bz #1261793) * CVE-2015-5278: Infinite loop in ne2000_receive() (bz #1263284) * CVE-2015-5279: Heap overflow vulnerability in ne2000_receive() (bz #1263287) ---- Fix emulation of various instructions, required by libm in F22 ppc64 guests. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-11-10
    plugin id 86112
    published 2015-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86112
    title Fedora 23 : qemu-2.4.0-4.fc23 (2015-16370)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2745-1.NASL
    description Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-5239) Qinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. (CVE-2015-5278) Qinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-5279) Qinghao Tang discovered that QEMU incorrectly handled transmit descriptor data when sending network packets. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. (CVE-2015-6815) Qinghao Tang discovered that QEMU incorrectly handled ATAPI command permissions. A malicious guest could use this issue to cause the QEMU process to crash, resulting in a denial of service. (CVE-2015-6855). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 86146
    published 2015-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86146
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : qemu, qemu-kvm vulnerabilities (USN-2745-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1924.NASL
    description From Red Hat Security Advisory 2015:1924 : Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 86556
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86556
    title Oracle Linux 6 : qemu-kvm (ELSA-2015-1924)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1782-1.NASL
    description qemu was updated to fix several security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-5154: Heap-based buffer overflow in the IDE subsystem in QEMU, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. (bsc#938344). - CVE-2015-5278: QEMU was vulnerable to an infinite loop issue that could occur when receiving packets over the network. (bsc#945989) - CVE-2015-5279: QEMU was vulnerable to a heap buffer overflow issue that could occur when receiving packets over the network. (bsc#945987) - CVE-2015-6855: QEMU was vulnerable to a divide by zero issue that could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. (bsc#945404) - CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. (bsc#902737) : Also The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 86490
    published 2015-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86490
    title SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:1782-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1924.NASL
    description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86549
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86549
    title CentOS 6 : qemu-kvm (CESA-2015:1924)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151022_QEMU_KVM_ON_SL6_X.NASL
    description A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 86564
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86564
    title Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3361.NASL
    description Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash). - CVE-2015-5279 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process. - CVE-2015-6815 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the e1000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash). - CVE-2015-6855 Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE subsystem in QEMU occurring while executing IDE's WIN_READ_NATIVE_MAX command to determine the maximum size of a drive. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86023
    published 2015-09-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86023
    title Debian DSA-3361-1 : qemu - security update
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0051.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407] - kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407] - kvm-vga-use-constants-from-vga.h.patch [bz#1331407] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patc h [bz#1331407] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710. patch [bz#1331407] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331407] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331407] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac .patch - Resolves: bz#1331407 (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.8.z]) - Revert 'warning when CPU threads>1 for non-Intel CPUs' fix - kvm-qemu-ga-implement-win32-guest-set-user-password.patc h [bz#1174181] - kvm-util-add-base64-decoding-function.patch [bz#1174181] - kvm-qga-convert-to-use-error-checked-base64-decode.patch [bz#1174181] - kvm-qga-use-more-idiomatic-qemu-style-eol-operators.patc h [bz#1174181] - kvm-qga-use-size_t-for-wcslen-return-value.patch [bz#1174181] - kvm-qga-use-wide-chars-constants-for-wchar_t-comparisons .patch - kvm-qga-fix-off-by-one-length-check.patch [bz#1174181] - kvm-qga-check-utf8-to-utf16-conversion.patch [bz#1174181] - Resolves: bz#1174181 (RFE: provide QEMU guest agent command for setting root account password (Linux guest)) - kvm-hw-qxl-qxl_send_events-nop-if-stopped.patch [bz#1290743] - kvm-block-mirror-fix-full-sync-mode-when-target-does-not .patch [bz#971312] - Resolves: bz#1290743 (qemu-kvm core dumped when repeat system_reset 20 times during guest boot) - Resolves: bz#971312 (block: Mirroring to raw block device doesn't zero out unused blocks) - Mon Feb 08 2016 Miroslav Rezanina < - 0.12.1.2-2.488.el6 - Fixed qemu-ga path configuration [bz#1213233] - Resolves: bz#1213233 ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 'fsfreeze-hook' script doesn't exist) - kvm-virtio-scsi-use-virtqueue_map_sg-when-loading-reques .patch - kvm-scsi-disk-fix-cmd.mode-field-typo.patch [bz#1249740] - Resolves: bz#1249740 (Segfault occurred at Dst VM while completed migration upon ENOSPC) - kvm-blockdev-Error-out-on-negative-throttling-option-val .patch - kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE .patch - Resolves: bz#1294619 (Guest should failed to boot if set iops,bps to negative number) - Resolves: bz#1298046 (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-6.8]) - kvm-Change-fsfreeze-hook-default-location.patch [bz#1213233] - kvm-qxl-replace-pipe-signaling-with-bottom-half.patch [bz#1290743] - Resolves: bz#1213233 ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 'fsfreeze-hook' script doesn't exist) - Resolves: bz#1290743 (qemu-kvm core dumped when repeat system_reset 20 times during guest boot) - kvm-qga-flush-explicitly-when-needed.patch [bz#1210246] - kvm-qga-add-guest-set-user-password-command.patch [bz#1174181] - kvm-qcow2-Zero-initialise-first-cluster-for-new-images.p atch [bz#1223216] - kvm-Documentation-Warn-against-qemu-img-on-active-image. patch [bz#1297424] - kvm-target-i386-warns-users-when-CPU-threads-1-for-non-I .patch - kvm-qemu-options-Fix-texinfo-markup.patch [bz#1250442] - kvm-qga-Fix-memory-allocation-pasto.patch [] - kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work- .patch - Resolves: bz#1174181 (RFE: provide QEMU guest agent command for setting root/administrator account password) - Resolves: bz#1210246 ([virtagent]The 'write' content is lost if 'read' it before flush through guest agent) - Resolves: bz#1223216 (qemu-img can not create qcow2 image when backend is block device) - Resolves: bz#1250442 (qemu-doc.html bad markup in section 3.3 Invocation) - Resolves: bz#1268347 (posix_fallocate emulation on NFS fails with Bad file descriptor if fd is opened O_WRONLY) - Resolves: bz#1292678 (Qemu should report error when cmdline set threads=2 in amd host) - Resolves: bz#1297424 (Add warning about running qemu-img on active VMs to its manpage) - kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1262866] - kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in .patch - Resolves: bz#1262866 ([RHEL6] Package is 100% lost when ping from host to Win2012r2 guest with 64000 size) - kvm-qemu-kvm-get-put-MSR_TSC_AUX-across-reset-and-migrat .patch - kvm-qcow2-Discard-VM-state-in-active-L1-after-creating-s .patch - kvm-net-pcnet-add-check-to-validate-receive-data-size-CV .patch - kvm-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch [bz#1286567] - Resolves: bz#1219908 (Writing snapshots with 'virsh snapshot-create-as' command slows as more snapshots are created) - Resolves: bz#1265428 (contents of MSR_TSC_AUX are not migrated) - Resolves: bz#1286567 (CVE-2015-7512 qemu-kvm: Qemu: net: pcnet: buffer overflow in non-loopback mode [rhel-6.8]) - kvm-net-add-checks-to-validate-ring-buffer-pointers-CVE- .patch - Resolves: bz#1263275 (CVE-2015-5279 qemu-kvm: qemu: Heap overflow vulnerability in ne2000_receive function [rhel-6.8]) - kvm-virtio-rng-fix-segfault-when-adding-a-virtio-pci-rng .patch - kvm-qga-commands-posix-Fix-bug-in-guest-fstrim.patch [bz#1213236] - kvm-rtl8139-avoid-nested-ifs-in-IP-header-parsing-CVE-20 .patch - kvm-rtl8139-drop-tautologous-if-ip-.-statement-CVE-2015- .patch - kvm-rtl8139-skip-offload-on-short-Ethernet-IP-header-CVE .patch - kvm-rtl8139-check-IP-Header-Length-field-CVE-2015-5165.p atch [bz#1248763] - kvm-rtl8139-check-IP-Total-Length-field-CVE-2015-5165.pa tch [bz#1248763] - kvm-rtl8139-skip-offload-on-short-TCP-header-CVE-2015-51 .patch - kvm-rtl8139-check-TCP-Data-Offset-field-CVE-2015-5165.pa tch [bz#1248763] - Resolves: bz#1213236 ([virtagent] 'guest-fstrim' failed for guest with os on spapr-vscsi disk) - Resolves: bz#1230068 (Segmentation fault when re-adding virtio-rng-pci device) - Resolves: bz#1248763 (CVE-2015-5165 qemu-kvm: Qemu: rtl8139 uninitialized heap memory information leakage to guest [rhel-6.8])
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 91316
    published 2016-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91316
    title OracleVM 3.4 : qemu-kvm (OVMSA-2016-0051)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-16369.NASL
    description - Fix typo causing qemu-img to link against entire world (bz #1260996) * CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225) * CVE-2015-6855: ide: divide by zero issue (bz #1261793) * CVE-2015-5278: Infinite loop in ne2000_receive() (bz #1263284) * CVE-2015-5279: Heap overflow vulnerability in ne2000_receive() (bz #1263287) * Make block copy more stable (bz #1264416) * Fix hang at start of live merge for large images (bz #1262901) ---- Fix emulation of various instructions, required by libm in F22 ppc64 guests. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-11-10
    plugin id 86333
    published 2015-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86333
    title Fedora 22 : qemu-2.3.1-5.fc22 (2015-16369)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2065.NASL
    description Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86893
    published 2015-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86893
    title RHEL 5 : xen (RHSA-2015:2065)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1923.NASL
    description Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86597
    published 2015-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86597
    title RHEL 6 : qemu-kvm-rhev (RHSA-2015:1923)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1925.NASL
    description Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86559
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86559
    title RHEL 5 : kvm (RHSA-2015:1925)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151116_XEN_ON_SL5_X.NASL
    description A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 86894
    published 2015-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86894
    title Scientific Linux Security Update : xen on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-16368.NASL
    description - CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225) * CVE-2015-6855: ide: divide by zero issue (bz #1261793) * CVE-2015-5278: Infinite loop in ne2000_receive() (bz #1263284) * CVE-2015-5279: Heap overflow vulnerability in ne2000_receive() (bz #1263287) * Make block copy more stable (bz #1264416) * Fix hang at start of live merge for large images (bz #1262901) ---- * CVE-2015-5225: heap memory corruption in vnc_refresh_server_surface (bz #1255899) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-11-10
    plugin id 86332
    published 2015-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86332
    title Fedora 21 : qemu-2.1.3-11.fc21 (2015-16368)
redhat via4
advisories
  • bugzilla
    id 1256672
    title CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment qemu-guest-agent is earlier than 2:0.12.1.2-2.479.el6_7.2
          oval oval:com.redhat.rhsa:tst:20151924005
        • comment qemu-guest-agent is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121234008
      • AND
        • comment qemu-img is earlier than 2:0.12.1.2-2.479.el6_7.2
          oval oval:com.redhat.rhsa:tst:20151924011
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 2:0.12.1.2-2.479.el6_7.2
          oval oval:com.redhat.rhsa:tst:20151924009
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-tools is earlier than 2:0.12.1.2-2.479.el6_7.2
          oval oval:com.redhat.rhsa:tst:20151924007
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2015:1924
    released 2015-10-22
    severity Important
    title RHSA-2015:1924: qemu-kvm security update (Important)
  • bugzilla
    id 1256672
    title CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment kmod-kvm is earlier than 0:83-274.el5_11
          oval oval:com.redhat.rhsa:tst:20151925008
        • comment kmod-kvm is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465005
      • AND
        • comment kmod-kvm-debug is earlier than 0:83-274.el5_11
          oval oval:com.redhat.rhsa:tst:20151925002
        • comment kmod-kvm-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110028007
      • AND
        • comment kvm is earlier than 0:83-274.el5_11
          oval oval:com.redhat.rhsa:tst:20151925004
        • comment kvm is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465003
      • AND
        • comment kvm-qemu-img is earlier than 0:83-274.el5_11
          oval oval:com.redhat.rhsa:tst:20151925010
        • comment kvm-qemu-img is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465007
      • AND
        • comment kvm-tools is earlier than 0:83-274.el5_11
          oval oval:com.redhat.rhsa:tst:20151925006
        • comment kvm-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465009
    rhsa
    id RHSA-2015:1925
    released 2015-10-22
    severity Important
    title RHSA-2015:1925: kvm security update (Important)
  • bugzilla
    id 1256672
    title CVE-2015-5279 qemu: Heap overflow vulnerability in ne2000_receive() function
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment xen is earlier than 0:3.0.3-147.el5_11
          oval oval:com.redhat.rhsa:tst:20152065004
        • comment xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070114003
      • AND
        • comment xen-devel is earlier than 0:3.0.3-147.el5_11
          oval oval:com.redhat.rhsa:tst:20152065002
        • comment xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070114007
      • AND
        • comment xen-libs is earlier than 0:3.0.3-147.el5_11
          oval oval:com.redhat.rhsa:tst:20152065006
        • comment xen-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070114005
    rhsa
    id RHSA-2015:2065
    released 2015-11-16
    severity Important
    title RHSA-2015:2065: xen security update (Important)
  • rhsa
    id RHSA-2015:1896
  • rhsa
    id RHSA-2015:1923
rpms
  • qemu-guest-agent-2:0.12.1.2-2.479.el6_7.2
  • qemu-img-2:0.12.1.2-2.479.el6_7.2
  • qemu-kvm-2:0.12.1.2-2.479.el6_7.2
  • qemu-kvm-tools-2:0.12.1.2-2.479.el6_7.2
  • kmod-kvm-0:83-274.el5_11
  • kmod-kvm-debug-0:83-274.el5_11
  • kvm-0:83-274.el5_11
  • kvm-qemu-img-0:83-274.el5_11
  • kvm-tools-0:83-274.el5_11
  • xen-0:3.0.3-147.el5_11
  • xen-devel-0:3.0.3-147.el5_11
  • xen-libs-0:3.0.3-147.el5_11
refmap via4
bid 76746
confirm
debian
  • DSA-3361
  • DSA-3362
fedora
  • FEDORA-2015-16368
  • FEDORA-2015-16369
  • FEDORA-2015-16370
gentoo GLSA-201602-01
mlist
  • [Qemu-devel] 20150915 [PULL 2/3] net: add checks to validate ring buffer pointers
  • [oss-security] 20150915 CVE-2015-5279 Qemu: net: add checks to validate ring buffer pointers
sectrack 1033569
suse SUSE-SU-2015:1782
Last major update 23-12-2016 - 21:59
Published 28-09-2015 - 12:59
Last modified 27-12-2017 - 21:29
Back to Top