CVE-2011-1750 – virtio-blk: heap buffer overflow caused by unaligned requests
https://notcve.org/view.php?id=CVE-2011-1750
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. Múltiples desbordamientos de bufer basado en memoria dinámica en el controlador virtio-BLK (hw/virtio-blk.c) en qemu-kvm v0.14.0 permiten causar una denegación de servicio y posiblemente obtener privilegios a los usuarios locales invitados a través de (1) una petición de escritura a la función virtio_blk_handle_write o (2) una solicitud de lectura a la función virtio_blk_handle_read que no está correctamente alineada. • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html http://rhn.redhat.com/errata/RHSA-2011-0534.html http://secunia.com/advisories/44132 http://secunia.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2011-0011 – qemu-kvm: Setting VNC password to empty string silently disables all authentication
https://notcve.org/view.php?id=CVE-2011-0011
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. qemu-kvm antes de v0.11.0 deshabilita la autenticación VNC cuando la contraseña es eliminada, lo que permite a atacantes remotos eludir la autenticación y establecer sesiones VNC. • http://rhn.redhat.com/errata/RHSA-2011-0345.html http://secunia.com/advisories/42830 http://secunia.com/advisories/43272 http://secunia.com/advisories/43733 http://secunia.com/advisories/44393 http://ubuntu.com/usn/usn-1063-1 http://www.openwall.com/lists/oss-security/2011/01/10/3 http://www.openwall.com/lists/oss-security/2011/01/11/1 http://www.openwall.com/lists/oss-security/2011/01/12/2 http://www.osvdb.org/70992 https://bugs.launchpad.net • CWE-287: Improper Authentication •
CVE-2010-0741 – qemu: Improper handling of erroneous data provided by Linux virtio-net driver
https://notcve.org/view.php?id=CVE-2010-0741
The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO). La funcion virtio_net_bad_features en hw/virtio-net.c en el driver virtio-net en el kernel de Linux anterior a v2.6.26, cuando utiliza un sistema operativo invitado en conjunción con qemu-kvm 0.11.0 o KVM 83, permite a atacantes remotos producir una denegación de servicio (caída del sistema operativo invitado, y una salida del proceso de asociación qemu-kvm) mediante el envío de una gran cantidad de trafico TCP al puerto del sistema operativo invitado, relacionado con la lista blanca de virtio-net que incluye una implementación inadecuada de TCP Segment Offloading (TSO). • http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9 http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02480.html http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02495.html http://openwall.com/lists/oss-security/2010/03/29/4 http://securitytracker.com/id?1023798 http://www.redhat.com/support/errata/RHSA-2010-0271.html http://www.vupen.com/english/advisories/2010/0760 https://bugs.edge.launchpad.net/ubuntu/+s • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0297 – kvm-userspace-rhel5: usb-linux.c: fix buffer overflow
https://notcve.org/view.php?id=CVE-2010-0297
Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. Desbordamiento de búfer en la función usb_host_handle_control en la implementación del manejo a través de usb-linux.c en QEMU anterior a 0.11.1, permite a invitados del SO provocar una denegación de servicio (caída o cuelgue del sistema) o posiblemente la ejecución de código de su elección a través de un paquete USB manipulado. • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f http://marc.info/?l=oss-security&m=126510479211473&w=2 http://marc.info/?l=oss-security&m=126527304127254&w=2 http://wiki.qemu.org/ChangeLog http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html http://www.securityfocus.com/bid/38158 https://bugzi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3616
https://notcve.org/view.php?id=CVE-2009-3616
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. Múltiples vulnerabilidades de uso anterior a la liberación en vnc.c del servidor VNC en QEMU v0.10.6 y anteriores, permite a usuarios del sistema anfitrión ejecutar código de su elección en el sistema hospedado, estableciendo una conexión desde el cliente VNC y a continuación (1) desconectando durante la transferencia de datos, (2) enviando un mensaje utilizando tipos de datos enteros incorrectos, o (3) utilizando el protocolo Fuzzy Screen Mode, relativo a una doble liberación de vulnerabilidades. • http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331 http://marc.info/?l=qemu-devel&m=124324043812915 http://rhn.redhat.com/errata/RHEA-2009-1272.html http://www.openwall.com/lists/oss-security/2009/10/16/5 http://www.openwall.com/lists/oss-security/2009/10/16/8 http://www.securityfocus.com/bid/36716 https://bugzilla.redhat.com/show_bug.cgi?id=501131 https://bugzilla.redhat.com& • CWE-416: Use After Free •