ID CVE-2017-10664
Summary qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1466190
    title CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment qemu-img is earlier than 10:1.5.3-141.el7_4.1
            oval oval:com.redhat.rhsa:tst:20172445001
          • comment qemu-img is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110345002
        • AND
          • comment qemu-kvm is earlier than 10:1.5.3-141.el7_4.1
            oval oval:com.redhat.rhsa:tst:20172445003
          • comment qemu-kvm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110345004
        • AND
          • comment qemu-kvm-common is earlier than 10:1.5.3-141.el7_4.1
            oval oval:com.redhat.rhsa:tst:20172445005
          • comment qemu-kvm-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140704014
        • AND
          • comment qemu-kvm-tools is earlier than 10:1.5.3-141.el7_4.1
            oval oval:com.redhat.rhsa:tst:20172445007
          • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110345006
    rhsa
    id RHSA-2017:2445
    released 2017-08-08
    severity Moderate
    title RHSA-2017:2445: qemu-kvm security update (Moderate)
  • rhsa
    id RHSA-2017:2390
  • rhsa
    id RHSA-2017:3466
  • rhsa
    id RHSA-2017:3470
  • rhsa
    id RHSA-2017:3471
  • rhsa
    id RHSA-2017:3472
  • rhsa
    id RHSA-2017:3473
  • rhsa
    id RHSA-2017:3474
rpms
  • qemu-img-rhev-10:2.9.0-16.el7_4.3
  • qemu-kvm-common-rhev-10:2.9.0-16.el7_4.3
  • qemu-kvm-rhev-10:2.9.0-16.el7_4.3
  • qemu-kvm-rhev-debuginfo-10:2.9.0-16.el7_4.3
  • qemu-kvm-tools-rhev-10:2.9.0-16.el7_4.3
  • qemu-img-10:1.5.3-141.el7_4.1
  • qemu-kvm-10:1.5.3-141.el7_4.1
  • qemu-kvm-common-10:1.5.3-141.el7_4.1
  • qemu-kvm-debuginfo-10:1.5.3-141.el7_4.1
  • qemu-kvm-tools-10:1.5.3-141.el7_4.1
  • qemu-img-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-common-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-debuginfo-10:2.9.0-16.el7_4.11
  • qemu-kvm-tools-rhev-10:2.9.0-16.el7_4.11
  • qemu-img-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-common-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-debuginfo-10:2.9.0-16.el7_4.11
  • qemu-kvm-tools-rhev-10:2.9.0-16.el7_4.11
  • qemu-img-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-common-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-debuginfo-10:2.9.0-16.el7_4.11
  • qemu-kvm-tools-rhev-10:2.9.0-16.el7_4.11
  • qemu-img-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-common-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-debuginfo-10:2.9.0-16.el7_4.11
  • qemu-kvm-tools-rhev-10:2.9.0-16.el7_4.11
  • qemu-img-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-common-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-debuginfo-10:2.9.0-16.el7_4.11
  • qemu-kvm-tools-rhev-10:2.9.0-16.el7_4.11
  • qemu-img-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-common-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-10:2.9.0-16.el7_4.11
  • qemu-kvm-rhev-debuginfo-10:2.9.0-16.el7_4.11
  • qemu-kvm-tools-rhev-10:2.9.0-16.el7_4.11
refmap via4
bid 99513
debian DSA-3920
misc https://bugzilla.redhat.com/show_bug.cgi?id=1466190
mlist
  • [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
  • [oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
  • [qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE
Last major update 03-10-2019 - 00:03
Published 02-08-2017 - 19:29
Back to Top