|
|
Qemu : Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2010-0297 |
119 |
|
DoS Exec Code Overflow |
2010-02-12 |
2010-08-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet. |
|
2 |
CVE-2009-3616 |
399 |
|
Exec Code |
2009-10-23 |
2009-12-19 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. |
|
3 |
CVE-2008-5714 |
189 |
|
|
2008-12-24 |
2009-05-16 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. |
|
4 |
CVE-2008-4553 |
59 |
|
|
2008-10-15 |
2009-08-20 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. |
|
5 |
CVE-2008-4539 |
119 |
|
Overflow +Priv |
2008-12-29 |
2009-05-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. |
|
6 |
CVE-2008-2382 |
399 |
|
DoS |
2008-12-24 |
2009-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. |
|
7 |
CVE-2008-2004 |
200 |
|
+Info |
2008-05-12 |
2010-08-21 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. |
|
8 |
CVE-2008-0928 |
264 |
|
|
2008-03-03 |
2010-08-21 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. |
|
9 |
CVE-2007-6227 |
119 |
|
Overflow |
2007-12-04 |
2008-12-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. |
Total number of vulnerabilities : 9
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
