ignore security and it'll go away
Showing 1 - 4 of 4 RSS Feed

CVE-2008-0928

Status Candidate

Overview

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Related Files

Mandriva Linux Security Advisory 2009-257
Posted Oct 6, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-257 - Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. The updated packages have been patched to prevent this.

tags | advisory, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-0928
MD5 | 2c7ef0e2875673741ea311fad20c80e8
Debian Linux Security Advisory 1799-1
Posted May 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1799-1 - Several vulnerabilities have been discovered in the QEMU processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2008-0928, CVE-2008-4539, CVE-2008-1945
MD5 | 40acb3103ce595efb3cc213cdc224e5c
Mandriva Linux Security Advisory 2009-016
Posted Jan 16, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-016 - Ian Jackson found a security issue in the QEMU block device drivers backend that could allow a guest operating system to issue a block device request and read or write arbitrary memory locations, which could then lead to privilege escalation. It was found that Xen allowed unprivileged DomU domains to overwrite xenstore values which should only be changeable by the privileged Dom0 domain. An attacker able to control a DomU domain could possibly use this flaw to kill arbitrary processes in Dom0 or trick a Dom0 user into accessing the text console of a different domain running on the same host. This update makes certain parts of xenstore tree read-only to unprivileged DomU domains. A vulnerability in the qemu-dm.debug script was found in how it created a temporary file in /tmp. A local attacker in Dom0 could potentially use this flaw to overwrite arbitrary files via a symlink attack. Since this script is not used in production, it has been removed from this update package. The updated packages have been patched to prevent these issues.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2008-0928, CVE-2008-4405, CVE-2008-4993
MD5 | e9c73b246e47300184396d91809aa67b
Mandriva Linux Security Advisory 2008-162
Posted Aug 8, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities have been found in Qemu. Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to attempting to mark non-existent regions as dirty, aka the bitblt heap overflow. Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 receive integer signedness error. QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by aam 0x0, which triggers a divide-by-zero error. The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 mtu heap overflow. Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the net socket listen option, aka QEMU net socket heap overflow. QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an overflow, via certain Windows executable programs, as demonstrated by qemu-dos.com. Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. Changing removable media in QEMU could trigger a bug similar to CVE-2008-2004, which would allow local guest users to read arbitrary files on the host by modifying the header of the image to identify a different format. the -usbdevice option. The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. The updated packages have been patched to fix these issues.

tags | advisory, overflow, arbitrary, local, root, vulnerability
systems | linux, windows, xp, mandriva
advisories | CVE-2007-1320, CVE-2007-1321, CVE-2007-1322, CVE-2007-1366, CVE-2007-5729, CVE-2007-5730, CVE-2007-6227, CVE-2008-0928, CVE-2008-1945, CVE-2008-2004
MD5 | ba2676a4e1bd86995d3d231aa78a7286
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close