CVE-2017-2637 – rhosp-director: libvirtd is deployed with no authentication
https://notcve.org/view.php?id=CVE-2017-2637
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host. Se ha detectado un fallo de diseño en el director de Red Hat OpenStack Platform que utiliza TripleO para permitir migraciones live basadas en libvirtd. Libvirtd se implementa por defecto (por el director) escuchando en 0.0.0.0 (todas las interfaces) sin ninguna autenticación o cifrado. • http://www.securityfocus.com/bid/98576 https://access.redhat.com/errata/RHSA-2017:1242 https://access.redhat.com/errata/RHSA-2017:1504 https://access.redhat.com/errata/RHSA-2017:1537 https://access.redhat.com/errata/RHSA-2017:1546 https://access.redhat.com/solutions/3022771 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637 https://wiki.openstack.org/wiki/OSSN/OSSN-0007 https://access.redhat.com/security/cve/CVE-2017-2637 https://bugzilla.redhat.com/show_bug • CWE-306: Missing Authentication for Critical Function •
CVE-2017-8309 – Qemu: audio: host memory leakage via capture buffer
https://notcve.org/view.php?id=CVE-2017-8309
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. La pérdida de memoria en el audio/audio.c en QEMU (también conocido como Quick Emulator) permite a los atacantes remotos causar una denegación de servicio (consumo de memoria) al iniciar y detener repetidamente la captura de audio. • http://www.securityfocus.com/bid/98302 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html https://security.gentoo.org/glsa/201706-03 https://access.redhat.com/security/cve/CVE-2017-8309 https://bugzilla.redhat.com/show_bug.cgi?id=1446517 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-8379 – Qemu: input: host memory lekage via keyboard events
https://notcve.org/view.php?id=CVE-2017-8379
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. La pérdida de memoria en el soporte de controladores de eventos de entrada de teclado en QEMU (también conocido como Quick Emulator) permite a los usuarios privilegiados locales de SO invitados causar una denegación de servicio (consumo de memoria del host) al generar rápidamente eventos de teclado grandes. • http://www.openwall.com/lists/oss-security/2017/05/03/2 http://www.securityfocus.com/bid/98277 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html https://security.gentoo.org/glsa/201706-03 https://access.redhat.com/security/cve/CVE-2017-8379 https://bugzilla.redhat.com/show_bug.cgi?id=1446547 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines
https://notcve.org/view.php?id=CVE-2017-7980
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoquen una denegación de servicio (DoS) mediante vectores relacionados con un cliente VNC que actualiza su display después de una operación VGA. An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://ubuntu.com/usn/usn-3289-1 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/97955 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2016-9603 – Qemu: cirrus: heap buffer overflow via vnc connection
https://notcve.org/view.php?id=CVE-2016-9603
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el soporte del controlador de pantalla VNC del emulador Cirrus CLGD 54xx VGA de QEMU en versiones anteriores a la 2.9. El problema podía ocurrir cuando un cliente VNC intentaba actualizar su pantalla después de que un invitado realizara una operación VGA. Un usuario/proceso privilegiado dentro de un guest podría usar esta vulnerabilidad para provocar que el proceso de QEMU se cierre inesperadamente o, potencialmente, ejecutar código arbitrario en el host con privilegios del proceso de QEMU. • http://www.securityfocus.com/bid/96893 http://www.securitytracker.com/id/1038023 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0985 https://access.redhat.com/errata/RHSA-2017:0987 https://access.redhat.com/errata/RHSA-2017:0988 https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •