exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2012-6075

Status Candidate

Overview

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

Related Files

Mandriva Linux Security Advisory 2013-121
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-121 - A flaw was found in how qemu, in snapshot mode (-snapshot command line argument), handled the creation and opening of the temporary file used to store the difference of the virtualized guest's read-only image and the current state. In snapshot mode, bdrv_open() creates an empty temporary file without checking for any mkstemp() or close() failures; it also ignores the possibility of a buffer overrun given an exceptionally long /tmp. Because qemu re-opens that file after creation, it is possible to race qemu and insert a symbolic link with the same expected name as the temporary file, pointing to an attacker-chosen file. This can be used to either overwrite the destination file with the privileges of the user running qemu , or to point to an attacker-readable file that could expose data from the guest to the attacker. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-2652, CVE-2012-3515, CVE-2012-6075
SHA-256 | 0f5d0689948e74e63089abe6af1a0447a0fe343b5e6c2298fef30b4a9d5cf5b8
Red Hat Security Advisory 2013-0636-01
Posted Mar 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0636-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-4929, CVE-2012-6075, CVE-2013-0166, CVE-2013-0169, CVE-2013-1619
SHA-256 | b9a7ef0ff18dd828c5d57c86d14d909fe246d0a7a1f774fcff12bfc8e24254c1
Red Hat Security Advisory 2013-0639-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0639-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-6075
SHA-256 | bed4ca2ffa58ff464b22fe9153408f7383ab7e71c51b9b0765bcd70a4711c44c
Red Hat Security Advisory 2013-0610-01
Posted Mar 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0610-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of qemu-kvm-rhev are advised to upgrade to these updated packages, which correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-6075
SHA-256 | f9283d87e85e0d4f8a1880b89b72c5d932cd753099d7ea82160e3a865ca280ba
Red Hat Security Advisory 2013-0609-01
Posted Mar 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0609-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-6075
SHA-256 | 1b51b67d705de66bc4ced0edf093badfa1d4adcea70ebbf5ce1ddf20b5d9d3d1
Red Hat Security Advisory 2013-0608-01
Posted Mar 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0608-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.

tags | advisory, remote, arbitrary, kernel, root
systems | linux, redhat
advisories | CVE-2012-6075
SHA-256 | f2e010070aad2343f47b3e482e950b8c4228c64cb7b9aaf1697885a65a553a9c
Red Hat Security Advisory 2013-0599-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0599-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.

tags | advisory, remote, arbitrary, kernel, root
systems | linux, redhat
advisories | CVE-2012-6075
SHA-256 | 31d8e98927550d76b3d7d6cb471fa6adae45d950328f01261814a3f1063aa443
Debian Security Advisory 2619-1
Posted Feb 10, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2619-1 - A buffer overflow was found in the e1000e emulation, which could be triggered when processing jumbo frames.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-6075
SHA-256 | 81f2b591663f58be44958c5d035a4fa755f483e4d31f8221c130086accb53fb4
Ubuntu Security Notice USN-1692-1
Posted Jan 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1692-1 - It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw in combination with large packets to cause a denial of service or execute arbitrary code in the guest.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-6075
SHA-256 | 8f41cb5967f46e89cb5e11c2d7d0ee866691b393d0205ae5a844327a2cef2d94
Debian Security Advisory 2608-1
Posted Jan 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2608-1 - It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-6075
SHA-256 | 885c09b10b563f1d09f7b11e89fe4648ad65477609292a1caa73573351a389f0
Debian Security Advisory 2607-1
Posted Jan 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2607-1 - It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-6075
SHA-256 | cbc6fe2d8705fb44082076cf2f5b84f138b813ca49da1f70ef16a66238fc582d
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close