Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Dec 2015 01:48:09 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
cc: Ling Liu <liuling-it@....cn>
Subject: CVE request Qemu: hmp: stack based OOB write in hmp_sendkey
 routine

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Hello,

Qemu emulator built with the Human Monitor Interface(HMP) support is 
vulnerable to an OOB write issue. It occurs while processing 'sendkey' command 
in hmp_sendkey routine, if the command argument is longer than the 
'keyname_buf' buffer size.

A user/process could use this flaw to crash the Qemu process instance 
resulting in DoS.

Upstream fix:
- -------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html

Reference:
- ----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1283926

This issue was discovered by Mr Ling Liu of Qihoo 360 Inc.

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWebACAAoJEN0TPTL+WwQfKkEP/R/yWa0pC7a1nky6EWrcuuKC
d4Sd9cN0q4LjOGAZB+Csfb33HWWbnRZWKiBQuc9v0Ivh4xE7rP605Hh+it+mYzA6
YCt5vnT0tmwSf6Uq4gS+Ap1G1L7e0aVq/8SaPkaIT59nFfDRRVMPD6xBMy/ZBftT
ilKmR7O4aE8xK5IvZY2Q857ywrp0FkLzH5MFKrU9aFqSWshtEl+E27cQZoaNPY6q
B39m1ZY0mW5d0JBJiq5RZbz9qBqKNqTFumQ9femE6uzPlxwVDvWEt8QAhl6EuxXh
QU+zVoD+nrA7EFZL96cdKHcZEgyF+tCOkyA80wF/fHzPM+wRpWWbydgFCXS13ChN
L8jGvMIRAhx+leIinpXj/fDDtXrcCFxf8XoE+G0THYoF6SCw2ukh5FBXUWKL1Wsi
VL1tsVgZdemdGX/PifZ7WrZHyvjb9xJg1uLZctCuXRLNZe5f/EZlXrdSAdc6HsJH
a/+i3o1SSJ8RHFBLn1Ve+bldEmJFA7cEJPB9nz8lRj77A8Pivy10+38Nfuuo9kXy
dEL6mlfq2JrMp7pgGgIVtJChjH0+mwETrkUd/yYPgp1AmTBLkum7M76Jxwli7AVX
OFRfGAmEUxnzXs6cJSP4tW1QXidUHsSwOCInZpiRNweU/azBtsrK6EexQIx0IceJ
egafyYsnZIEpcKyeGrld
=j7pK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ