exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2014-0144

Status Candidate

Overview

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

Related Files

Mandriva Linux Security Advisory 2015-061
Posted Mar 16, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-061 - Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other issues have also been addressed.

tags | advisory, denial of service, overflow, arbitrary, local, code execution
systems | linux, mandriva
advisories | CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4377, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148
SHA-256 | efc025d8f78ef3f1361bcdb1317e0ecdf4463dd8790e6a8c095fd9e4a59acb0b
Mandriva Linux Security Advisory 2014-220
Posted Nov 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-220 - Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other security issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, local, code execution
systems | linux, mandriva
advisories | CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148, CVE-2014-0150
SHA-256 | 480666aecbbb024a07215735219c58b0e7f5a12a96b93245aa388fe716692f65
Debian Security Advisory 3045-1
Posted Oct 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3045-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223, CVE-2014-3615, CVE-2014-3640
SHA-256 | 70386335468c79a9bd2bd25b77c7a646092311f40b2f6b2d2f8c4b641e26f40f
Debian Security Advisory 3044-1
Posted Oct 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3044-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223, CVE-2014-3615, CVE-2014-3640
SHA-256 | e8599a5674fc1ceb3a5eeb1f77badb3c647eb985a9f21338ab517290856e4b31
Ubuntu Security Notice USN-2342-1
Posted Sep 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2342-1 - Michael S. Tsirkin, Anthony Liguori, and Michael Roth discovered multiple issues with QEMU state loading after migration. An attacker able to modify the state data could use these issues to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4526, CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4531, CVE-2013-4532, CVE-2013-4533, CVE-2013-4534, CVE-2013-4535, CVE-2013-4536, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2013-4540, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0182
SHA-256 | 5ffa3505d05ee8e3c4c8b580434d263c33d6ac7e8f2b62913fb8732e725391cb
Gentoo Linux Security Advisory 201408-17
Posted Sep 2, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-17 - Multiple vulnerabilities have been found in QEMU, worst of which allows local attackers to execute arbitrary code. Versions less than 2.0.0-r1 are affected.

tags | advisory, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2013-4544, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0150, CVE-2014-0222, CVE-2014-0223, CVE-2014-2894, CVE-2014-3461
SHA-256 | 9d6ef3512527b948060fb59c7854bf14c239e1401b4d23ee32f8ef1c70a86be4
Red Hat Security Advisory 2014-0435-01
Posted Apr 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0435-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148, CVE-2014-0150
SHA-256 | 65bcbea57d78d85c5b05751039889feb143cb53910b8e45ef7a82fd0655c3cad
Red Hat Security Advisory 2014-0434-01
Posted Apr 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0434-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148, CVE-2014-0150
SHA-256 | fb7001b7ad03be3d30a012695c3087eed9911c97c37beafb408f143bab5c00dd
Red Hat Security Advisory 2014-0421-01
Posted Apr 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0421-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148, CVE-2014-0150
SHA-256 | 6bb6017ff037f6088c5db07a13171259bd985f61435dcf170ba95439f45a61c8
Red Hat Security Advisory 2014-0420-01
Posted Apr 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0420-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148, CVE-2014-0150
SHA-256 | 5ff929048132cfe17cbd13f84dc1814a3f026c9794cbf817379cf915013f4b76
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close