SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   KVM Vendors:   kvm.qumranet.com
KVM E1000 NIC Emulation Heap Overflow Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1026558
SecurityTracker URL:  http://securitytracker.com/id/1026558
CVE Reference:   CVE-2012-0029   (Links to External Site)
Updated:  Feb 2 2012
Original Entry Date:  Jan 23 2012
Impact:   Denial of service via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in KVM. A local privileged user on the guest system can obtain elevated privileges on the target host system.

A local privileged user on the guest operating system can send specially crafted legacy mode packets to trigger a heap overflow in the E1000 network interface card (NIC) emulation and cause the host system to crash.

A local privileged user may be able to exploit this to obtain privileges on the host system.

Nicolae Mogoreanu reported this vulnerability.

Impact:   A local privileged user on the guest system can cause denial of service conditions on the target host system.

A local privileged user on the guest system can obtain elevated privileges on the target host system.

Solution:   The vendor has issued a fix in the following changesets:

qemu-xen-unstable.git ebe37b2a3f844bad02dcc30d081f39eda06118f8
qemu-xen-4.1-testing.git 3cf61880403b4e484539596a95937cc066243388
qemu-xen-4.0-testing.git 36984c285a765541b04f378bfa84d2c850c167d3

Vendor URL:  linux-kvm.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 23 2012 (Red Hat Issues Fix) KVM E1000 NIC Emulation Heap Overflow Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Jan 24 2012 (Red Hat Issues Fix) KVM E1000 NIC Emulation Heap Overflow Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Jan 24 2012 (Ubuntu Issues Fix) KVM E1000 NIC Emulation Heap Overflow Lets Local Users Gain Elevated Privileges
Ubuntu has issued a fix for Ubuntu 10.04 LTS, 10.10, 11.04, and 11.10.
Feb 21 2012 (Red Hat Issues Fix) KVM E1000 NIC Emulation Heap Overflow Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for rhev-hypervisor5 for RHEL 5.
Mar 7 2012 (Red Hat Issues Fix for Xen) KVM E1000 NIC Emulation Heap Overflow Lets Local Users Gain Elevated Privileges
Red Hat has issued a fix for Xen for Red Hat Enterprise Linux 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC