CVE-2010-0297 – kvm-userspace-rhel5: usb-linux.c: fix buffer overflow
https://notcve.org/view.php?id=CVE-2010-0297
Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. Desbordamiento de búfer en la función usb_host_handle_control en la implementación del manejo a través de usb-linux.c en QEMU anterior a 0.11.1, permite a invitados del SO provocar una denegación de servicio (caída o cuelgue del sistema) o posiblemente la ejecución de código de su elección a través de un paquete USB manipulado. • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f http://marc.info/?l=oss-security&m=126510479211473&w=2 http://marc.info/?l=oss-security&m=126527304127254&w=2 http://wiki.qemu.org/ChangeLog http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html http://www.securityfocus.com/bid/38158 https://bugzi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3616
https://notcve.org/view.php?id=CVE-2009-3616
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. Múltiples vulnerabilidades de uso anterior a la liberación en vnc.c del servidor VNC en QEMU v0.10.6 y anteriores, permite a usuarios del sistema anfitrión ejecutar código de su elección en el sistema hospedado, estableciendo una conexión desde el cliente VNC y a continuación (1) desconectando durante la transferencia de datos, (2) enviando un mensaje utilizando tipos de datos enteros incorrectos, o (3) utilizando el protocolo Fuzzy Screen Mode, relativo a una doble liberación de vulnerabilidades. • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331 http://marc.info/?l=qemu-devel&m=124324043812915 http://rhn.redhat.com/errata/RHEA-2009-1272.html http://www.openwall.com/lists/oss-security/2009/10/16/5 http://www.openwall.com/lists/oss-security/2009/10/16/8 http://www.securityfocus.com/bid/36716 https://bugzilla.redhat.com/show_bug.cgi?id=501131 https://bugzilla.redhat.com& • CWE-416: Use After Free •
CVE-2008-4539
https://notcve.org/view.php?id=CVE-2008-4539
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Desbordamiento de búfer basado en montículo en la implementación Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podría permitir a usuarios locales obtener privilegios mediante el uso de la consola VNC para realizar una conexión, también conocido como el desbordamiento LGD-54XX "bitblt". NOTA: esta cuestión existe por una incorrecta corrección del CVE-2007-1320. • http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/25073 http://secunia.com/advisories/29129 http://secunia.com/advisories/33350 http://secunia.com/advisories/34642 http://secunia.com/advisories/35031 http://secunia.com/advisories/35062 http://svn.savannah.gnu. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-5714
https://notcve.org/view.php?id=CVE-2008-5714
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. Error de superación de límite (off-by-one) en monitor.c en Qemu 0.9.1 podría facilitar a atacantes remotos adivinar la contraseña VNC, que está limitada a siete caracteres cuando se habrían previsto ocho. • http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/33568 http://secunia.com/advisories/34642 http://secunia.com/advisories/35062 http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966 http://svn.savannah • CWE-189: Numeric Errors •
CVE-2008-2382 – QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-2382
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. La función protocol_client_msg en vnc.c en el servidor VNC en (1) Qemu 0.9.1 y anteriores y (2) KVM kvm-79 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un cierto mensaje. • https://www.exploit-db.com/exploits/32675 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/33293 http://secunia.com/advisories/33303 http://secunia.com/advisories/33350 http://secunia.com/advisories/33568 http://secunia.com/advisories/34642 http://secunia.com/advisories/35062 http://securityreason.com/securityalert/4803 http://securitytracker.com/id?1021488 • CWE-399: Resource Management Errors •