The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of QEMU: buffer overflow of AMD PC-Net II Loopback Mode

Synthesis of the vulnerability 

A privileged attacker in a guest system can generate a buffer overflow in AMD PC-Net II in Loopback mode of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Vulnerable products: Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity of this weakness: 1/4.
Creation date: 30/11/2015.
Références of this bulletin: CERTFR-2015-AVI-511, CVE-2015-7504, DSA-3469-1, DSA-3470-1, DSA-3471-1, FEDORA-2015-08e4af5a20, FEDORA-2015-12a089920e, FEDORA-2015-2773b85b49, openSUSE-SU-2016:0123-1, openSUSE-SU-2016:0124-1, openSUSE-SU-2016:0126-1, RHSA-2015:2694-01, SOL63519101, SUSE-SU-2016:0658-1, USN-2828-1, VIGILANCE-VUL-18396, XSA-162.

Description of the vulnerability 

The QEMU product implements the support of AMD PC-Net II Ethernet Controller.

However, in Loopback (local) mode, if the size of data is the same as the reception buffer size, an overflow of 4 bytes occurs when the CRC is appended.

A privileged attacker in a guest system can therefore generate a buffer overflow in AMD PC-Net II in Loopback mode of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability bulletin impacts software or systems such as Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.

Our Vigil@nce team determined that the severity of this security note is low.

The trust level is of type confirmed by the editor, with an origin of privileged shell.

An attacker with a expert ability can exploit this cybersecurity note.

Solutions for this threat 

QEMU: version 2.5.0.
The version 2.5.0 is fixed:
  http://wiki.qemu.org/Download

QEMU: patch for AMD PC-Net II Loopback Mode.
A patch is indicated in information sources.

Xen: patch for AMD PC-Net II Loopback Mode.
A patch is indicated in information sources.

Debian 7: new qemu packages.
New packages are available:
  Debian 7: qemu 1.1.2+dfsg-6a+deb7u12, qemu-kvm 1.1.2+dfsg-6+deb7u12

Debian 8: new qemu packages.
New packages are available:
  Debian 8: qemu 1:2.1+dfsg-12+deb8u5a

F5 BIG-IP: solution for QEMU.
The solution is indicated in information sources.

Fedora 22: new xen packages.
New packages are available:
  Fedora 22: xen 4.5.2-5.fc22

Fedora 23: new qemu packages.
New packages are available:
  Fedora 23: qemu 2.4.1-2.fc23

Fedora 23: new xen packages.
New packages are available:
  Fedora 23: xen 4.5.2-5.fc23

openSUSE 13.1: new xen packages (15/01/2016).
New packages are available:
  openSUSE 13.1: xen 4.3.4_10-53.1

openSUSE 13.2: new xen packages (15/01/2016).
New packages are available:
  openSUSE 13.2: xen 4.4.3_08-36.1

openSUSE Leap 42.1: new xen packages (15/01/2016).
New packages are available:
  openSUSE Leap 42.1: xen 4.5.2_04-9.2

RHEL 6.7: new qemu-kvm packages.
New packages are available:
  RHEL 6: qemu-kvm 0.12.1.2-2.479.el6_7.3

SUSE LE 10: new xen packages (07/03/2016).
New packages are available:
  SUSE LE 10 SP4: xen 3.2.3_17040_46-0.23.2

Ubuntu: new qemu packages.
New packages are available:
  Ubuntu 15.10: qemu-system 1:2.3+dfsg-5ubuntu9.1
  Ubuntu 15.04: qemu-system 1:2.2+dfsg-5expubuntu9.7
  Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.21
  Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.26
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability alert. The technology watch team tracks security threats targeting the computer system.