Buffer overflow in xen (Alpine package)
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2015-3456 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | This vulnerability is being exploited in the wild. |
| Vulnerable software |
IBM Systems Director Server applications / Other server solutions xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor |
IBM Corporation Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one critical risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU5580
Risk: Critical
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2015-3456
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the Floppy Disk Controller (FDC) emulation. A remote attacker can send specially crafted FDC commands, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in full control of the vulnerable system.
Note: the vulnerability was being actively exploited.
Mitigation
Install update from vendor's website.
Vulnerable software versionsIBM Systems Director: 6.3.2.2
xen (Alpine package): 0.2 - 0.9
xen (Alpine package): 0.4
xen (Alpine package): 2.6.2 - 2.17.5ubuntu1
xen (Alpine package): 3.4.0-1
xen (Alpine package): 0.14-1 - 0.15-2
xen (Alpine package): 2014.1-3
xen (Alpine package): 24.0-0ubuntu1
xen (Alpine package): 0.5.2-0ubuntu1 - 1.2.5ubuntu1daily13.06.14-0ubuntu1
xen (Alpine package): 3.0-0ubuntu1
xen (Alpine package): 1.5.2 - 1.6.2
xen (Alpine package): 0.1.8 - 1.0.75
xen (Alpine package): 1.20.0 - 2.18.2
xen (Alpine package): 20101020ubuntu323 - 20101020ubuntu468
xen (Alpine package): 2.4.2-16
xen (Alpine package): 1.13ubuntu10 - 1.35
xen (Alpine package): 1:0.8.6-0ubuntu4 - 1:0.9.7.6-0ubuntu2
xen (Alpine package): 0.3ubuntu7 - 0.3ubuntu15.2
xen (Alpine package): 1.2.12-1ubuntu1 - 1.2.12-1
xen (Alpine package): 0.7-svn20050721 - 1.4.29-1
xen (Alpine package): 2.8.12.1-1.6 - 3.9.0-1
xen (Alpine package): 1.0.5-2 - 1.0.8-3
xen (Alpine package): 0.25-0ubuntu1 - 0.25-0ubuntu3
xen (Alpine package): 0.9-0ubuntu1 - 0.12-0ubuntu1
xen (Alpine package):
xen (Alpine package): before 4.4.2-r1
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_systems_director:6.3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.8:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.9:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:2.6.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:2.8.12:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:2.10.1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:3.4.0-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.14-1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:2014.1-3:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:24.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.5.2-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:3.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:1.5.2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.1.8:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:1.20.0:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:20101020ubuntu323:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:2.4.2-16:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:1.13ubuntu10:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:1:0.8.6-0ubuntu4:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.3ubuntu7:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:1.2.12-1ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.7-svn20050721:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:2.8.12.1-1.6:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:1.0.5-2:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.25-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:0.9-0ubuntu1:*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package::*:*:*:*:alpine_linux:*:*
- cpe:2.3:a:alpine:xen_alpine_package:*:*:*:*:*:alpine_linux:*:3.1
https://git.alpinelinux.org/aports/commit/?id=3f9dc4f4288ebdbcf2680465617abcdafbe010b8
https://git.alpinelinux.org/aports/commit/?id=0affe33dcd2b871de43750519c7304b8b84a56c0
https://git.alpinelinux.org/aports/commit/?id=786a06d135bec56c5f93b9b5a0099cb34957f1da
https://git.alpinelinux.org/aports/commit/?id=3397c7cce9410a6c2e244bfd6727eac84eca7d8a
https://git.alpinelinux.org/aports/commit/?id=850840a2934c957dceba8fddf438d070edce71a4
https://git.alpinelinux.org/aports/commit/?id=a75142b6e60188174caf895273d93c318d218f6a
https://git.alpinelinux.org/aports/commit/?id=b63d47262633c4ab56e2b87d407546717351b264
https://git.alpinelinux.org/aports/commit/?id=5a3a4662b456649d728752bf2df642f5da6ed6e6
https://git.alpinelinux.org/aports/commit/?id=d747647a7b688aa7ca9caa4a715a8bbb67617a9e
https://git.alpinelinux.org/aports/commit/?id=4a71dbe0005e8ac83b4339fe7b394d31cce644e1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
