Multiple vulnerabilities in QEMU



Published: 2017-09-06 | Updated: 2018-08-07
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2017-7539
CVE-2017-15118
CWE-ID CWE-20
CWE-121
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
QEMU
Client/Desktop applications / Virtualization software

Vendor
QEMU

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Denial of service

EUVDB-ID: #VU8113

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-7539

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on a targeted system.

The weakness exists due to an assertion failure when handling malicious input. A remote attacker can submit a specially crafted data during initial connection negotiation and cause the qemu-nbd server to stop functioning.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.
https://git.qemu.org/?p=qemu.git;a=patch;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b

Vulnerable software versions

QEMU: 2.7.0 - 2.9.0

CPE2.3 External links

http://git.qemu.org/?p=qemu.git;a=commit;h=ff82911cd3f69f028f2537825c9720ff78bc3f19


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Stack-based buffer overflow

EUVDB-ID: #VU14217

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-15118

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the network block device (NBD) server implementation due to stack-based buffer overflow when handling malicious input. A remote unauthenticated attacker can send a large export-name request, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Mitigation

Update to version 2.11 or later.

Vulnerable software versions

QEMU: 2.0 - 2.10.2

CPE2.3 External links

http://git.qemu.org/?p=qemu.git&a=commit&h=f37708f6b8


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###