Twenty Year Anniversary
Showing 1 - 6 of 6 RSS Feed

CVE-2015-1779

Status Candidate

Overview

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

Related Files

Gentoo Linux Security Advisory 201602-01
Posted Feb 4, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201602-1 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.5.0-r1 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-1779, CVE-2015-3456, CVE-2015-5225, CVE-2015-5278, CVE-2015-5279, CVE-2015-5745, CVE-2015-6815, CVE-2015-6855, CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8556, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8666, CVE-2015-8701, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2016-1568
MD5 | 67096bdf144ff6c9151c0a1e23646b9f
Red Hat Security Advisory 2015-1943-01
Posted Oct 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1943-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. This issue was discovered by Daniel P. Berrange of Red Hat.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2015-1779
MD5 | ac3a5a46f2a973f578a75a88247c20bb
Red Hat Security Advisory 2015-1931-01
Posted Oct 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1931-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. This issue was discovered by Daniel P. Berrange of Red Hat.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2015-1779
MD5 | e4912b5ee4c9efe598023e8801892f8c
Ubuntu Security Notice USN-2608-1
Posted May 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2608-1 - Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1779, CVE-2015-2756, CVE-2015-3456
MD5 | c210ebea1630f018b99d313f2ba37c6b
Debian Security Advisory 3259-1
Posted May 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3259-1 - Several vulnerabilities were discovered in the qemu virtualisation solution.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-9718, CVE-2015-1779, CVE-2015-2756, CVE-2015-3456
MD5 | 269397f9bafc8b793716390647e328b4
Mandriva Linux Security Advisory 2015-210
Posted Apr 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-210 - A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2015-1779
MD5 | 6ec0b19e4dc7cfc8ec41a92df9f2fd1c
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close