exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2012-0029

Status Candidate

Overview

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

Related Files

Gentoo Linux Security Advisory 201210-04
Posted Oct 18, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201210-4 - Multiple vulnerabilities were found in qemu-kvm, allowing attackers to execute arbitrary code. Versions less than 1.1.1-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-1750, CVE-2011-1751, CVE-2011-2212, CVE-2011-2512, CVE-2012-0029, CVE-2012-2652
SHA-256 | 06a3dcc607829516f85c54a5f5e6c417bc1c799c5779cfc55ea88d07821757e1
Red Hat Security Advisory 2012-0370-01
Posted Mar 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0370-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw was found in the way QEMU emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash QEMU or, possibly, escalate their privileges on the host.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2012-0029
SHA-256 | 34beca2ea83efb46a5f87f92ce8b4275cf49f57036de0e7d9c3f569248566573
Red Hat Security Advisory 2012-0168-01
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0168-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0029, CVE-2012-0207
SHA-256 | bb1c7d2fa41c5e43267b70421481368a0747bc20aa8aecdd962ffe916076e965
Red Hat Security Advisory 2012-0109-01
Posted Feb 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0109-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0029
SHA-256 | 8da6bc236f0922d833448e86579690e72584546abfdf7d9e503f684883a37b08
Debian Security Advisory 2404-1
Posted Feb 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2404-1 - Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-0029
SHA-256 | 4e58ccc81ad0baf672d6236c04572e7d50276f23c9a83e8e7d36c414bf73adc0
Debian Security Advisory 2396-1
Posted Jan 27, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2396-1 - Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.

tags | advisory, denial of service, overflow, x86
systems | linux, debian
advisories | CVE-2012-0029
SHA-256 | e1c64876866c54ec12cca4a32694484ec81d3e3006e2a8241ae30bb609a58057
Ubuntu Security Notice USN-1339-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1339-1 - Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode packets in the e1000 network driver. A remote attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. When using QEMU with libvirt or virtualization management software based on libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated by an AppArmor profile by default in Ubuntu. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0029
SHA-256 | 99fca1d35176132983e4d6faefd19e4889e531993a958786ee9369ae610afe78
Red Hat Security Advisory 2012-0051-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0051-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT IRQs when there was no virtual interrupt controller set up. A malicious user in the kvm group on the host could force this situation to occur, resulting in the host crashing.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2011-4622, CVE-2012-0029
SHA-256 | af8fd4be7e42bf124fb681cde41eac8c1e8720966aaaa8352148ac44a7f78499
Red Hat Security Advisory 2012-0050-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0050-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2012-0029
SHA-256 | ce73b66e824e61ff1bf3fb0a2cb446e6c9f12a33b93affe61893723c8a11f002
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close