201064 – emulators/qemu: Heap overflow in QEMU PCNET controller, allowing guest->host escape (CVE-2015-3209)

Bug 201064 - emulators/qemu: Heap overflow in QEMU PCNET controller, allowing guest->host escape (CVE-2015-3209)

Summary: emulators/qemu: Heap overflow in QEMU PCNET controller, allowing guest->host ...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Juergen Lock

URL:	http://xenbits.xen.org/xsa/advisory-1...
Keywords:	needs-patch, needs-qa, security

Depends on:
Blocks:

Reported:	2015-06-23 00:19 UTC by Kubilay Kocak
Modified:	2015-06-27 11:51 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	nox: maintainer-feedback+ koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kubilay Kocak freebsd_committer

2015-06-23 00:19:38 UTC

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3209

A guest which has access to an emulated PCNET network device
(e.g. with "model=pcnet" in their VIF configuration) can exploit this
vulnerability to take over the qemu process elevating its privilege to
that of the qemu process.

Check if it applies to

emulators/qemu
emulators/qemu-devel
emulators/qemu-sbruno
emulators/qemu-user-static

Comment 1 Sean Bruno freebsd_committer

2015-06-23 15:16:30 UTC

emulators/qemu-sbruno
emulators/qemu-user-static

These two port aren't used to generate qemu-system binaries.

The qemu-user-static is a slave port to qemu-sbruno, and the code in qemu-user-static does have this vulnerability if it is used to generate qemu-system binaries.

Comment 2 commit-hook freebsd_committer

2015-06-26 19:13:38 UTC

A commit references this bug:

Author: nox
Date: Fri Jun 26 19:13:32 UTC 2015
New revision: 390663
URL: https://svnweb.freebsd.org/changeset/ports/390663

Log:
  Document qemu pcnet guest to host escape vulnerability - CVE-2015-3209

  PR:		201064
  Submitted by:	koobs
  Security:	https://vuxml.FreeBSD.org/freebsd/acd5d037-1c33-11e5-be9c-6805ca1d3bb1.html

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2015-06-26 19:15:40 UTC

A commit references this bug:

Author: nox
Date: Fri Jun 26 19:14:43 UTC 2015
New revision: 390664
URL: https://svnweb.freebsd.org/changeset/ports/390664

Log:
  - Apply fixes for pcnet guest to host escape vulnerability - CVE-2015-3209.
  - Bump PORTREVISIONs.

  PR:		201064
  Submitted by:	koobs
  Security:	https://vuxml.FreeBSD.org/freebsd/acd5d037-1c33-11e5-be9c-6805ca
  1d3bb1.html

Changes:
  head/emulators/qemu/Makefile
  head/emulators/qemu/files/patch-CVE-2015-3209
  head/emulators/qemu-devel/Makefile
  head/emulators/qemu-devel/files/patch-CVE-2015-3209
  head/emulators/qemu-sbruno/Makefile
  head/emulators/qemu-sbruno/files/patch-CVE-2015-3209

Comment 4 Juergen Lock freebsd_committer

2015-06-27 11:51:06 UTC

Committed.  Thanks!

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.