Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703066 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3066-1 (qemu - security update) |
Zusammenfassung: | Several vulnerabilities were discovered in qemu, a fast processor;emulator.;;CVE-2014-3689;The Advanced Threat Research team at Intel Security reported that;guest provided parameter were insufficiently validated in;rectangle functions in the vmware-vga driver. A privileged guest;user could use this flaw to write into qemu address space on the;host, potentially escalating their privileges to those of the;qemu host process.;;CVE-2014-7815;James Spadaro of Cisco reported insufficiently sanitized;bits_per_pixel from the client in the QEMU VNC display driver. An;attacker having access to the guest's VNC console could use this;flaw to crash the guest. |
Beschreibung: | Summary: Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process. CVE-2014-7815 James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel from the client in the QEMU VNC display driver. An attacker having access to the guest's VNC console could use this flaw to crash the guest. Affected Software/OS: qemu on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u5. For the unstable distribution (sid), these problems have been fixed in version 2.1+dfsg-7. We recommend that you upgrade your qemu packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3689 Debian Security Information: DSA-3066 (Google Search) http://www.debian.org/security/2014/dsa-3066 Debian Security Information: DSA-3067 (Google Search) http://www.debian.org/security/2014/dsa-3067 https://www.mail-archive.com/qemu-devel@nongnu.org/msg261580.html http://www.osvdb.org/114397 http://secunia.com/advisories/60923 http://secunia.com/advisories/62143 http://secunia.com/advisories/62144 http://www.ubuntu.com/usn/USN-2409-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7815 RedHat Security Advisories: RHSA-2015:0349 http://rhn.redhat.com/errata/RHSA-2015-0349.html RedHat Security Advisories: RHSA-2015:0624 http://rhn.redhat.com/errata/RHSA-2015-0624.html http://secunia.com/advisories/61484 SuSE Security Announcement: SUSE-SU-2015:1782 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html |
Copyright | Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |