CVE-2017-7539 – Qemu: qemu-nbd crashes due to undefined I/O coroutine
https://notcve.org/view.php?id=CVE-2017-7539
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. Se ha detectado un fallo de aserción en Qemu en versiones anteriores a la 2.10.1 en la negociación de conexión inicial de los servidores de NBD (Network Block Device) en el que la corrutina I/O no estaba definida. Esto podría provocar el cierre inesperado del servidor qemu-nbd si un cliente envía datos no esperados durante la negociación de la conexión. • http://www.openwall.com/lists/oss-security/2017/07/21/4 http://www.securityfocus.com/bid/99944 https://access.redhat.com/errata/RHSA-2017:2628 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3474 https://bugzilla.redhat.com/show_b • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2016-6310
https://notcve.org/view.php?id=CVE-2016-6310
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. oVirt Engine divulga ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD en un archivo /var/log/ovirt-engine/engine.log en RHEV en versiones anteriores a la 4.0. • http://www.securityfocus.com/bid/92345 https://bugzilla.redhat.com/show_bug.cgi?id=1363738 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). • http://www.debian.org/security/2017/dsa-3920 http://www.openwall.com/lists/oss-security/2017/06/29/1 http://www.securityfocus.com/bid/99513 https://access.redhat.com/errata/RHSA-2017:2390 https://access.redhat.com/errata/RHSA-2017:2445 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RH • CWE-248: Uncaught Exception •
CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines
https://notcve.org/view.php?id=CVE-2017-7980
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoquen una denegación de servicio (DoS) mediante vectores relacionados con un cliente VNC que actualiza su display después de una operación VGA. An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://ubuntu.com/usn/usn-3289-1 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/97955 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2015-5160 – libvirt: Ceph id/key leaked in the process list
https://notcve.org/view.php?id=CVE-2015-5160
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. libvirt en versiones anteriores a la 2.2 incluye las credenciales de Ceph en la línea de comandos qemu cuando se utiliza RADOS Block Device (también conocido como RBD), lo que permite a los usuarios locales obtener información sensible mediante un listado de procesos. It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. • http://rhn.redhat.com/errata/RHSA-2016-2577.html http://www.openwall.com/lists/oss-security/2017/07/21/3 https://bugs.launchpad.net/ossn/+bug/1686743 https://bugzilla.redhat.com/show_bug.cgi?id=1245647 https://wiki.openstack.org/wiki/OSSN/OSSN-0079 https://access.redhat.com/security/cve/CVE-2015-5160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •