|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
QEMU: buffer overflow of AMD PC-Net II Loopback Mode
Synthesis of the vulnerability
A privileged attacker in a guest system can generate a buffer overflow in AMD PC-Net II in Loopback mode of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Vulnerable products: Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity of this weakness: 1/4.
Consequences of an attack: administrator access/rights, privileged access/rights, denial of service on server.
Hacker's origin: privileged shell.
Creation date: 30/11/2015.
Références of this bulletin: CERTFR-2015-AVI-511, CVE-2015-7504, DSA-3469-1, DSA-3470-1, DSA-3471-1, FEDORA-2015-08e4af5a20, FEDORA-2015-12a089920e, FEDORA-2015-2773b85b49, openSUSE-SU-2016:0123-1, openSUSE-SU-2016:0124-1, openSUSE-SU-2016:0126-1, RHSA-2015:2694-01, SOL63519101, SUSE-SU-2016:0658-1, USN-2828-1, VIGILANCE-VUL-18396, XSA-162.
Description of the vulnerability
The QEMU product implements the support of AMD PC-Net II Ethernet Controller.
However, in Loopback (local) mode, if the size of data is the same as the reception buffer size, an overflow of 4 bytes occurs when the CRC is appended.
A privileged attacker in a guest system can therefore generate a buffer overflow in AMD PC-Net II in Loopback mode of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a networks vulnerabilities alert. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.