Could this be exploitable from within the guest vm? Eg could I execute commands on the hypervisor host as root by generating a malicious packet to attack the e1000 driver from within the guest?
On Tue, Jan 15, 2013 at 3:26 PM, Florian Weimer <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2607-1 [email protected] > http://www.debian.org/security/ Florian Weimer > January 15, 2013 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : qemu-kvm > Vulnerability : buffer overflow > Problem type : remote > Debian-specific: no > CVE ID : CVE-2012-6075 > Debian Bug : 696051 > > It was discovered that the e1000 emulation code in QEMU does not > enforce frame size limits in the same way as the real hardware does. > This could trigger buffer overflows in the guest operating system > driver for that network card, assuming that the host system does not > discard such frames (which it will by default). > > For the stable distribution (squeeze), this problem has been fixed in > version 0.12.5+dfsg-5+squeeze10. > > For the unstable distribution (sid), this problem has been fixed in > version 1.1.2+dfsg-4. > > We recommend that you upgrade your qemu-kvm packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQEcBAEBAgAGBQJQ9b8jAAoJEL97/wQC1SS+f4wH/iz8eghibcdy4bF2vqe0S4td > kL8pMjrFJHylOY66R9S9CQuHMGTNyvnbYtHRzI0bDnCEfzKjYubC/tCXqu44+Ks5 > aHlTl4ZdpxEySW5UwfotBhas9Rj0xs0Th7gLbWmZbq+kYvMcj+gnMtfM1vuWw4fC > WwQkqRIyoQnby2M4v5I+aQhxzzExNYxQIyTEZTOrxeOjykUdFIcQGLtd1jwiZY7A > Ik5SWIux8jVa0B1crWkdGGNGwx1xwV1oVfxoEFmhcxlsq4KHJM5Eyn7AHhX+LrAh > nTdinsdkYjOzB4RxYmaSW9YQYIr3+1jA/ditstdrM3ZagYXdvMbh1itSfXWnWFY= > =bcnn > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
