SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   QEMU Vendors:   QEMU.org
QEMU VMWARE VMXNET3 VLANSTRIP Bug Lets Remote Users Cause the Target Process to Crash
SecurityTracker Alert ID:  1037856
SecurityTracker URL:  http://securitytracker.com/id/1037856
CVE Reference:   CVE-2017-6058   (Links to External Site)
Date:  Feb 17 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in QEMU. A remote user can cause the target process to crash.

A remote user on the local network can send specially crafted data to trigger an out-of-bounds memory access error when stripping the VLAN header and cause the target Qemu process to crash.

Systems built with VMWARE VMXNET3 NIC device support and with the 'VLANSTRIP' feature enabled on the target VMXNET3 device are affected.

Impact:   A remote user can cause the target Qemu process to crash.
Solution:   A proposed patch is available at:

https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html

Vendor URL:  wiki.qemu.org/Main_Page (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Fri, 17 Feb 2017 13:03:11 +0530 (IST)
Subject:  [oss-security] CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping

   Hello,

Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is 
vulnerable to an out-of-bounds access issue. It could occur while stripping 
VLAN header from 'eth_buf' buffer in receiving packets.

A remote user/process could use this issue to crash Qemu process resulting in 
DoS.

Upstream patch:
---------------
   -> https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html

Reference:
----------
   -> https://bugzilla.redhat.com/show_bug.cgi?id=1423358

Note:- It requires 'VLANSTRIP' feature to be enabled on the vmxnet3 device.


'CVE-2017-6058' assigned via -> https://cveform.mitre.org/


Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC