Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 30 Nov 2015 14:32:00 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: Qinghao Tang <luodalongde@...il.com>, Liu Ling <liuling-it@....cn>
Subject: CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in
 loopback mode

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Hello,

Qemu emulator built with the AMD PC-Net II Ethernet Controller support is 
vulnerable to a heap buffer overflow flaw. While receiving packets in the 
loopback mode, it appends CRC code to the receive buffer. If the data size 
given is same as the receive buffer size, the appended CRC code overwrites 4 
bytes beyond this 's->buffer' array.

A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the 
Qemu instance resulting in DoS or potentially execute arbitrary code with 
privileges of the Qemu process on the host.

Upstream fix:
- -------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html


CVE-2015-7504 has been assigned to this issue by Red Hat Inc.

This issue was independently discovered by Qinghao Tang of QIHU 360 Marvel 
Team and Ling Liu of Qihoo 360 Inc.


Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWXBCIAAoJEN0TPTL+WwQfFcAP/A1Avl24d0BptZ8jsmqXwhhl
GdG0cVnxkAgzoihwWcQykpOl/enXi7wsp1qC2WU6hzaqAZaKNSOmhlqwkztA+0tN
20+HEOItR96aHWzunRbGzZok9ypRD4MkicPkL53Cr0XiRWArzKKiSU7pcTlYkPQB
vrcOD8WZRFyRGGQxUDGsVnnCqwPwrubwBMDuebVkC6B2BdXi1fy3pVrgRwHPuKgP
2oIepF2lDM+RmdaMFcvyJBA75r9RnJSXUqiCsqLRWiY/UXzmXQqz32ywOAGhil7b
lfSZFehtqBESr4wdlzXHGjTHmdyFywVvLAr7cXyVT+l35hchKfKVZ/O+8PKa61Gc
09MXy+SeHE5NU1cmZHuB0CO+CbCpa2oCnDjifF5RTykItcP3o/NEjz/GeFXfjTKc
BWxB5vhhMZU+0Hsh3L/gN+5QwpH1bAyDh6zMGyX9cu2y6M1jGnNo0GIYx3hg94x3
Lc1N72n3VtVn1qFfok0QTDEK0futZQVKAw6uC4UaEcTWlQfBFQkq67KEBCSB2qRp
ddYdyzHTgxJkOQXz4vuV5hHxjtnJUXWc/S3MjyPZt1734dVi56yrVmAMnnWBVvR+
WF6ql8UjaCIYmOPnuzmi3iZad91iyzHREDEtjLzXs2R4VFI47sODmLas+3zjqHS8
kD76rYKh6VuhSafoveXJ
=niQP
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ