Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.2.2019.1444 |
Kategorie: | Huawei EulerOS Local Security Checks |
Titel: | Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2019-1444) |
Zusammenfassung: | The remote host is missing an update for the Huawei EulerOS 'qemu' package(s) announced via the EulerOS-SA-2019-1444 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the Huawei EulerOS 'qemu' package(s) announced via the EulerOS-SA-2019-1444 advisory. Vulnerability Insight: An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the size value was greater than INT_MAX. Such overflow would lead to stack buffer overflow issue. A user inside guest could use this flaw to crash the QEMU process, resulting in DoS scenario. (CVE-2018-10839) qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.(CVE-2018-12617) Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. (CVE-2016-9602) Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.(CVE-2018-7550) An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672) An assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service. (CVE-2017-13673) The Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.(CVE-2017-15119) QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.(CVE-2017-9330) Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). (CVE-2017-18043) VNC server ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'qemu' package(s) on Huawei EulerOS Virtualization 3.0.1.0. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-9602 BugTraq ID: 95461 http://www.securityfocus.com/bid/95461 https://security.gentoo.org/glsa/201704-01 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://www.openwall.com/lists/oss-security/2017/01/17/12 https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html http://www.securitytracker.com/id/1037604 Common Vulnerability Exposure (CVE) ID: CVE-2017-5579 BugTraq ID: 95780 http://www.securityfocus.com/bid/95780 https://security.gentoo.org/glsa/201702-28 http://www.openwall.com/lists/oss-security/2017/01/24/8 http://www.openwall.com/lists/oss-security/2017/01/25/3 RedHat Security Advisories: RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2392 RedHat Security Advisories: RHSA-2017:2408 https://access.redhat.com/errata/RHSA-2017:2408 Common Vulnerability Exposure (CVE) ID: CVE-2017-8284 https://bugs.chromium.org/p/project-zero/issues/detail?id=1122 https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14 Common Vulnerability Exposure (CVE) ID: CVE-2017-8379 BugTraq ID: 98277 http://www.securityfocus.com/bid/98277 https://security.gentoo.org/glsa/201706-03 http://www.openwall.com/lists/oss-security/2017/05/03/2 https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html Common Vulnerability Exposure (CVE) ID: CVE-2017-9330 BugTraq ID: 98779 http://www.securityfocus.com/bid/98779 Debian Security Information: DSA-3920 (Google Search) http://www.debian.org/security/2017/dsa-3920 http://www.openwall.com/lists/oss-security/2017/06/01/3 Common Vulnerability Exposure (CVE) ID: CVE-2017-9373 BugTraq ID: 98921 http://www.securityfocus.com/bid/98921 http://www.openwall.com/lists/oss-security/2017/06/05/1 Common Vulnerability Exposure (CVE) ID: CVE-2018-7550 BugTraq ID: 103181 http://www.securityfocus.com/bid/103181 Debian Security Information: DSA-4213 (Google Search) https://www.debian.org/security/2018/dsa-4213 https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html RedHat Security Advisories: RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:1369 RedHat Security Advisories: RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2462 https://usn.ubuntu.com/3649-1/ |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |