Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 30 May 2016 19:14:11 -0400 (EDT)
From: cve-assign@...re.org
To: ppandit@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quick Emulator(Qemu) built with the Block driver for iSCSI images(virtio-blk)
> support is vulnerable to a heap buffer overflow flaw. It could occur while
> processing iSCSI asynchronous I/O ioctl(2) calls.

> A user inside guest could use this flaw to crash the Qemu process resulting in
> DoS OR potentially leverage it to execute arbitrary code with privileges of
> the Qemu process on the host.

> https://bugzilla.redhat.com/show_bug.cgi?id=1340924
> https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html

>> at least in the path via virtio-blk the maximum size is not
>> restricted.

Use CVE-2016-5126.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=block/iscsi.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXTMkCAAoJEHb/MwWLVhi24uQQAJ4N5kMcseYpiFJFYmP8Ytmy
itkiZjCmNUWkPJqyIcYXCPK4Ro50yVRVenEem/9sgD9gRIQ+3qfTzEHKSnOqBAd8
s4cVhhqse3hY9JIk4x+Bt/p75siub51ulE00X2joAdcJZJsWqZpzW/luYUjaiuV7
7tWJ7PMZONe49nsc5mOe4c04QusPDCLyLXcVLKVKdthqQVp3vdWT/0i8GnvuTtQg
2kNOCRogxxZMHQnp5MwfujZ+BnwiHhMNgbaaM+LBou0eNhmST8AVwFAjRL4s0zeK
MguYFDQLocCFgHKGFolNY6536Sdh4s3tj3omN3gniZMhxtqNkOrJGcPV1Mti8UUU
sbbDyPrt/d63GIvBYNUNNWlE9rRsmnFn5pIhG30sLIdXOKNnK2RZO0mnQBBlXbUr
IrE0WCe4r6sLjL9BDcJPqteODgpM+8MQIHwTdUuTKT9/NWy2DRw14msNph9QYZFa
BjQQ8XrdbOrPqNO6awSax8ooUp9ZbqI3Blb5CYPgDRTslBdR85G9qzziEs7Yb9m2
Eb0LpZAuvCuye8iC2Maa116MrNXigMTMFt0hTBCvkLDFmhLmSbtY3DbIckTMErJN
F1H3iTFAIHdN9bOc185TZIGyYOSgfnAIEMEAk77Miajy2I9daKb6h6jU/mGeSuLs
EtF3PrQSiMjrSTr6a52D
=ZB0r
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.