what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

CVE-2012-6075

Status Candidate

Overview

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

Related Files

Mandriva Linux Security Advisory 2013-121
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-121 - A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest's read-only image and the current state. In snapshot mode, bdrv_open() creates an empty temporary file without checking for any mkstemp() or close() failures; it also ignores the possibility of a buffer overrun given an exceptionally long /tmp. Because qemu re-opens that file after creation, it is possible to race qemu and insert a symbolic link with the same expected name as the temporary file, pointing to an attacker-chosen file. This can be used to either overwrite the destination file with the privileges of the user running qemu , or to point to an attacker-readable file that could expose data from the guest to the attacker. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-2652, CVE-2012-3515, CVE-2012-6075
MD5 | dc80e38113d5c83dac3106eadce20bbe
Red Hat Security Advisory 2013-0636-01
Posted Mar 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0636-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-4929, CVE-2012-6075, CVE-2013-0166, CVE-2013-0169, CVE-2013-1619
MD5 | 88beca4dd1c8934b33bc0e3bb7709c10
Red Hat Security Advisory 2013-0639-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0639-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-6075
MD5 | d82076eb1ec08e28e6f8be4526fdfdb0
Red Hat Security Advisory 2013-0610-01
Posted Mar 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0610-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-6075
MD5 | d3d45a135556f40a52ce5daaabe660ff
Red Hat Security Advisory 2013-0609-01
Posted Mar 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0609-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-6075
MD5 | 06251bb3f0b3ab4349b93f9841bf2eaf
Red Hat Security Advisory 2013-0608-01
Posted Mar 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0608-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.

tags | advisory, remote, arbitrary, kernel, root
systems | linux, redhat
advisories | CVE-2012-6075
MD5 | 8c6fc3d5e7859daf2936c0ac941f6b71
Red Hat Security Advisory 2013-0599-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0599-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.

tags | advisory, remote, arbitrary, kernel, root
systems | linux, redhat
advisories | CVE-2012-6075
MD5 | 2a41530a4acf33cbff02138b0f6b6e63
Debian Security Advisory 2619-1
Posted Feb 10, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2619-1 - A buffer overflow was found in the e1000e emulation, which could be triggered when processing jumbo frames.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-6075
MD5 | d3cca747c82c360a421126c912befa74
Ubuntu Security Notice USN-1692-1
Posted Jan 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1692-1 - It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw in combination with large packets to cause a denial of service or execute arbitrary code in the guest.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-6075
MD5 | 0da195476d1106a977e90d59353d460e
Debian Security Advisory 2608-1
Posted Jan 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2608-1 - It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-6075
MD5 | a8dac3a8d60e977631f6e168c53c0766
Debian Security Advisory 2607-1
Posted Jan 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2607-1 - It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-6075
MD5 | 2dd064816421d8cc3143429742c22386
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    14 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close