#VU31957 Heap-based buffer overflow in Xen - CVE-2012-0029

Cybersecurity Help s.r.o.

Published: 2012-01-27 | Updated: 2020-07-27

Vulnerability identifier: #VU31957

Vulnerability risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-0029

CWE-ID: CWE-122

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions,. A remote attacker can use crafted legacy mode packets. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Xen: 4.24

External links
https://git.qemu.org/?p=qemu.git;a=log;h=refs/heads/stable-1.0
https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
https://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html
https://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
https://rhn.redhat.com/errata/RHSA-2012-0370.html
https://secunia.com/advisories/47740
https://secunia.com/advisories/47741
https://secunia.com/advisories/47992
https://secunia.com/advisories/48318
https://secunia.com/advisories/50913
https://www.redhat.com/support/errata/RHSA-2012-0050.html
https://www.securityfocus.com/bid/51642
https://www.ubuntu.com/usn/USN-1339-1
https://bugzilla.redhat.com/show_bug.cgi?id=772075
https://exchange.xforce.ibmcloud.com/vulnerabilities/72656

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Heap-based buffer overflow in xen (Alpine package)

Heap-based buffer overflow in Xen