Fedora 23 update for xen
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2015-5239 CVE-2015-6815 CVE-2015-5279 CVE-2015-5278 CVE-2015-5745 |
| CWE-ID | CWE-190 CWE-835 CWE-122 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system xen Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU33993
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-5239
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the VNC display driver in QEMU. A remote attacker can pass specially crafted CLIENT_CUT_TEXT message to the application, trigger integer overflow and perform a denial of service attack via infinite loop.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 23
xen: before 4.5.1-9.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2015-28cfce6702
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Infinite loop
EUVDB-ID: #VU33992
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-6815
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the process_tx_desc() function in hw/net/e1000.c in QEMU. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 23
xen: before 4.5.1-9.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2015-28cfce6702
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU33997
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-5279
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1. A remote attacker can use vectors related to receiving packets. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 23
xen: before 4.5.1-9.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2015-28cfce6702
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU33991
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-5278
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ne2000_receive() function in hw/net/ne2000.c in QEMU. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 23
xen: before 4.5.1-9.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2015-28cfce6702
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU33994
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-5745
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the hypervisor system.
The vulnerability exists due to a boundary error in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU. A remote user can pass a specially crafted virtio control message, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 23
xen: before 4.5.1-9.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2015-28cfce6702
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
