exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2015-5225

Status Candidate

Overview

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.

Related Files

Gentoo Linux Security Advisory 201602-01
Posted Feb 4, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201602-1 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.5.0-r1 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-1779, CVE-2015-3456, CVE-2015-5225, CVE-2015-5278, CVE-2015-5279, CVE-2015-5745, CVE-2015-6815, CVE-2015-6855, CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8556, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8666, CVE-2015-8701, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2016-1568
SHA-256 | cae04eed58ae8cd630be1884c1bb0f33cd229432b115814282bbffc1e4740738
Red Hat Security Advisory 2015-1837-01
Posted Sep 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1837-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-5225
SHA-256 | 25a986a69f69dfb4207b40a2147c13f035bbe0b10e30563935730b794dd67a88
Red Hat Security Advisory 2015-1772-01
Posted Sep 15, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1772-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-5225
SHA-256 | d8888c492f070c1a8971b9494b040b6a9998fbdaff29040fb9aa63f5e800db26
Debian Security Advisory 3348-1
Posted Sep 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3348-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-3214, CVE-2015-5154, CVE-2015-5165, CVE-2015-5225, CVE-2015-5745
SHA-256 | d4caecd611d7206d6b576bd6b6ffb531a65be402acb6ce80027292d74d548c49
Ubuntu Security Notice USN-2724-1
Posted Aug 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2724-1 - It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver. A malicious guest could possibly use this issue to read sensitive information from arbitrary host memory. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9718, CVE-2015-5165, CVE-2015-5166, CVE-2015-5225, CVE-2015-5745
SHA-256 | 80b79018159461f757b7f8b7bcd9805650ddf859a2e27b6be0a84adade307939
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    0 Files
  • 6
    Sep 6th
    0 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close