exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2016-9603

Status Candidate

Overview

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Related Files

Red Hat Security Advisory 2017-1441-01
Posted Jun 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1441-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980
SHA-256 | 3ad4644b24e8b2f79fa8d2b135c9f45efcda5f214c0ef67d158a2e9a2e3c9fdf
Gentoo Linux Security Advisory 201706-03
Posted Jun 6, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201706-3 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow a remote attacker to cause a Denial of Service or gain elevated privileges from a guest VM. Versions less than 2.9.0-r2 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2016-9603, CVE-2017-7377, CVE-2017-7471, CVE-2017-7493, CVE-2017-7718, CVE-2017-7980, CVE-2017-8086, CVE-2017-8112, CVE-2017-8309, CVE-2017-8379, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330
SHA-256 | 084bb95086af0e33f54d877ff53d4043785b466e5629aaad50cc72dceafea3dc
Red Hat Security Advisory 2017-1206-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1206-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980
SHA-256 | b02b7173440f427f717685ada5dc95c4b660786f94efef1453ce77af5eac1c51
Red Hat Security Advisory 2017-1205-01
Posted May 10, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1205-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980
SHA-256 | 402bb60cbd271f30307359df59a64ca74bc2ac977bcc7313118c66cbb1746a97
Ubuntu Security Notice USN-3268-1
Posted Apr 25, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3268-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10028, CVE-2016-8667, CVE-2016-9602, CVE-2016-9603, CVE-2016-9908, CVE-2016-9912, CVE-2016-9914, CVE-2017-5552, CVE-2017-5578, CVE-2017-5987, CVE-2017-6505
SHA-256 | 55219cd93a67e26cc2c98285217c82a6a4c4a415f32a2bc50c406be0dfd12705
Ubuntu Security Notice USN-3261-1
Posted Apr 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3261-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. Li Qiang discovered that QEMU incorrectly handled the 6300esb watchdog. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10028, CVE-2016-10029, CVE-2016-10155, CVE-2016-7907, CVE-2016-8667, CVE-2016-8669, CVE-2016-9381, CVE-2016-9602, CVE-2016-9603, CVE-2016-9776, CVE-2016-9845, CVE-2016-9846, CVE-2016-9907, CVE-2016-9908, CVE-2016-9911, CVE-2016-9912, CVE-2016-9913, CVE-2016-9914, CVE-2016-9915, CVE-2016-9916, CVE-2016-9921, CVE-2016-9922, CVE-2017-2615, CVE-2017-2620, CVE-2017-2633, CVE-2017-5525, CVE-2017-5526, CVE-2017-5552
SHA-256 | 59e4c93cf0110c0dfbf04c8437a5671ce02bce5e5d84b925280c13d41fc38a3b
Red Hat Security Advisory 2017-0988-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0988-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | ebcca6155666f270a5597b98c7f537ba5ae9df4825a50bc8efbf6d0ff9163a4e
Red Hat Security Advisory 2017-0987-01
Posted Apr 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0987-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | 644727d84aca416d3dd02e5d12fd3896099ec52380e4c5ba4156e4de68fa4cd4
Red Hat Security Advisory 2017-0985-01
Posted Apr 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0985-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages provide the user-space component for running virtual machines using KVM in environments managed by Red Hat Virtualization Manager. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | db1b72066944db0bdf0ce1bc4ba19551ab3c507b266953b66566a09e79f75fd1
Red Hat Security Advisory 2017-0984-01
Posted Apr 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0984-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | 868c4643c5f00ba072aab4d83758fbebdf1cf27b532f4e2af07fd1455a52a1b7
Red Hat Security Advisory 2017-0983-01
Posted Apr 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0983-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | 89e446bb5c5343cd809309dec01c83fbdf4a0b0c4a5891ef6eea9b3299f6212a
Red Hat Security Advisory 2017-0980-01
Posted Apr 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0980-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | 439d394b0a5ab965220d35c8ae8f0895aedee38ce7a96952273cce9e485f984d
Red Hat Security Advisory 2017-0981-01
Posted Apr 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0981-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | 98ece6f9a2db1938937a03a2eba4815fa519f336179b11459c1f35fcca867829
Red Hat Security Advisory 2017-0982-01
Posted Apr 18, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0982-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, built with the Cirrus CLGD 54xx VGA Emulator and the VNC display driver support, is vulnerable to a heap buffer overflow issue. The issue could occur when a VNC client attempts to update its display after a VGA operation is performed by a guest. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or, potentially, leverage it to execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-9603
SHA-256 | ff73c4c88ba0cc9a1275e7ea05d32d435c6cfca3c09625b067006adb2f04070c
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close