SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   QEMU Vendors:   QEMU.org
(CentOS Issues Fix) QEMU IDE Heap Overflow Lets Local Users on a Guest System Gain Elevated Privileges on the Host System
SecurityTracker Alert ID:  1033082
SecurityTracker URL:  http://securitytracker.com/id/1033082
CVE Reference:   CVE-2015-5154   (Links to External Site)
Date:  Jul 28 2015
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in QEMU. A local user on the guest system can gain elevated privileges on the host system.

A local privileged user on a guest system that has a CDROM drive enabled can issue specially crafted ATAPI commands to trigger a heap overflow in the IDE subsystem to execute arbitrary code on the host systems. The code will run on the host with the privileges of the QEMU process assigned to the guest system.

Kevin Wolf of Red Hat reported this vulnerability.

Impact:   A local privileged user on the guest system can gain elevated privileges on the host system.
Solution:   CentOS has issued a fix.

x86_64:
861d13528a31a1114727af715fee344d97163bd393928f76f51998e3f95360af libcacard-1.5.3-86.el7_1.5.i686.rpm
4dcf8e78916bf67ffad805b0dfcc4825bb74c88e5ee1dba3fa28a5944109fc08 libcacard-1.5.3-86.el7_1.5.x86_64.rpm
816d598531dccf3ad9d79ad5ec3af15299b9dd9edf2edbdf6935518ddf34eb99 libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
73f02219eb9cc9e4fa2f5e3a0fad38dbb93834fd66f70c18e68ab4736b3fb849 libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
d7861e184d938cb03a0ffbbbc8ba4c204504463faccea5acce1629331c85b64a libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
4d4519f0482f828a0629daa35df2feb77a2753a12bcddf0bf56f8629f6faf466 qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
2f5804453c5cc56665f76dcae66d24438f09a95ecebca811521a03be09f97287 qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
47b2fa087ce0b0ce1e35ed226a55b3b1dfe9d339acd12a5243f080d010e1622c qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
c347022a36db3f9a7a62d6a630628672f3091a15798d404501d92b4cf2d7c1db qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm

Source:
41c44588a8ea4cfb0183447609fac4ce5219192508cb37fcc0a8f816dd50809d qemu-kvm-1.5.3-86.el7_1.5.src.rpm

Vendor URL:  wiki.qemu.org/Main_Page (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Jul 27 2015 QEMU IDE Heap Overflow Lets Local Users on a Guest System Gain Elevated Privileges on the Host System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:1507 Important CentOS 7 qemu-kvm Security Update


CentOS Errata and Security Advisory 2015:1507 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1507.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
861d13528a31a1114727af715fee344d97163bd393928f76f51998e3f95360af  libcacard-1.5.3-86.el7_1.5.i686.rpm
4dcf8e78916bf67ffad805b0dfcc4825bb74c88e5ee1dba3fa28a5944109fc08  libcacard-1.5.3-86.el7_1.5.x86_64.rpm
816d598531dccf3ad9d79ad5ec3af15299b9dd9edf2edbdf6935518ddf34eb99  libcacard-devel-1.5.3-86.el7_1.5.i686.rpm
73f02219eb9cc9e4fa2f5e3a0fad38dbb93834fd66f70c18e68ab4736b3fb849  libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm
d7861e184d938cb03a0ffbbbc8ba4c204504463faccea5acce1629331c85b64a  libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm
4d4519f0482f828a0629daa35df2feb77a2753a12bcddf0bf56f8629f6faf466  qemu-img-1.5.3-86.el7_1.5.x86_64.rpm
2f5804453c5cc56665f76dcae66d24438f09a95ecebca811521a03be09f97287  qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm
47b2fa087ce0b0ce1e35ed226a55b3b1dfe9d339acd12a5243f080d010e1622c  qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm
c347022a36db3f9a7a62d6a630628672f3091a15798d404501d92b4cf2d7c1db  qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm

Source:
41c44588a8ea4cfb0183447609fac4ce5219192508cb37fcc0a8f816dd50809d  qemu-kvm-1.5.3-86.el7_1.5.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC