On Thu, Oct 10, 2013 at 12:34:13PM +0400, Michael Tokarev wrote:
> Control: severity -1 minor
>
> 10.10.2013 11:33, Moritz Muehlenhoff wrote:
>> Package: qemu
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>
> Yes, this is a security hole, but it is a _configuration_ security hole.
> The administrator/user of qemu should configure more than 256 luns.
>
> In other, simpler words, qemu have to run with 256 -drive parameters for
> the guest to be able to trigger the overflow.  (Or this can be added
> dynamically using drive_add qemu monitor command - still not from within
> guest).
>
> Such configurations are EXTREMLY uncommon, actually I highly doubt they
> exist in practice at all.
>
> That's the reason I questioned validity of this CVE# assignment, and also
> why I didn't submit this bugreport to debian (I knew about it for quite
> some time already).
>
> Maybe I don't understand something, in this case the severity should be
> upped again.

I wasn't aware of that circumstances. If it can only be triggered by a
privileged user creating a malformed configuration we don't have a security
problem, but only a plain bug.

Cheers,
        Moritz


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to