QEMU 'hw/block/fdc.c' VENOM Remote Memory Corruption Vulnerability



QEMU is prone to a remote memory-corruption vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.

Information

Bugtraq ID: 74640
Class: Boundary Condition Error
CVE: CVE-2015-3456

Remote: Yes
Local: No
Published: May 13 2015 12:00AM
Updated: Apr 13 2017 03:05PM
Credit: Jason Geffner, CrowdStrike Senior Security Researcher
Vulnerable: Xen Xen 4.5.0
Xen Xen 4.4.1
Xen Xen 4.4.0 Rc1
Xen Xen 4.4.0
Xen Xen 4.3.1
Xen Xen 4.3.0
Xen Xen 4.2.3
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.2.0
Ubuntu Ubuntu Linux 15.04
Ubuntu Ubuntu Linux 14.10
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
SuSE SUSE Linux Enterprise Software Development Kit 11 SP3
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 11 SP3
SuSE SUSE Linux Enterprise Server 11 SP2
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 11 SP1
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 10 SP4 LTSS
SuSE SUSE Linux Enterprise Server 10 SP4
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 10 SP3
SuSE Linux Enterprise Software Development Kit 12
SuSE Linux Enterprise Server 12
SuSE Linux Enterprise Server 11 SP2 LTSS
SuSE Linux Enterprise Server 11 SP1 LTSS
SuSE Linux Enterprise Expanded Support 7
SuSE Linux Enterprise Expanded Support 6
SuSE Linux Enterprise Expanded Support 5
SuSE Linux Enterprise Desktop 12
SuSE Linux Enterprise Desktop 11 SP3
S.u.S.E. openSUSE 13.2
S.u.S.E. openSUSE 13.1
Redhat OpenStack 6.0 for RHEL 7
Redhat OpenStack 5.0 for RHEL 7
Redhat OpenStack 5.0 for RHEL 6
Redhat OpenStack 4.0
Redhat Enterprise Virtualization 3
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Virtualization 5 Server
Redhat Enterprise Linux Server EUS 6.5.z
Redhat Enterprise Linux Server AUS 6.5
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Multi OS 5 client
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
QEMU QEMU 0
Oracle PeopleSoft Enterprise PeopleTools 8.54
Oracle PeopleSoft Enterprise PeopleTools 8.53
Oracle Enterprise Linux 7
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Oracle Enterprise Linux 5
Juniper NorthStar Controller Application 2.1.0
Joyent SmartDataCenter (SDC) 0
Joyent Public Cloud (JPC) 0
IBM PureApplication System 2.1
IBM PureApplication System 2.0
IBM PowerKVM 2.1
IBM Flex System Manager 1.3.2 0
IBM Flex System Manager 1.3.3.0
IBM Flex System Manager 1.3.1.0
IBM Flex System Manager 1.3.0.1
IBM Flex System Manager 1.3.0.0
IBM Flex System Manager 1.2.1.0
IBM Flex System Manager 1.2.0.0
IBM Flex System Manager 1.1.0.0
Huawei FusionCompute V100R005C10
Huawei FusionCompute V100R005C00SPC300
Huawei FusionCompute V100R005C00
Huawei FusionCompute V100R003C10SPC600
Huawei FusionCompute V100R003C10CP6001
Huawei FusionCompute V100R003C10
Huawei FusionCompute V100R003C00SPC300
Huawei FusionCompute V100R003C00
HP Helion OpenStack 1.1.0
HP Helion OpenStack 1.0.0
HP Helion CloudSystem 8.1
Gentoo Linux
Fortinet FortiSandbox 2.0.2
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Citrix XenServer 6.0.2
Citrix XenServer 6.5
Citrix XenServer 6.2
Citrix XenServer 6.1
Citrix XenServer 6.0
CentOS CentOS 7
CentOS CentOS 6
CentOS CentOS 5


Not Vulnerable: Juniper NorthStar Controller Application 2.1.0 Service Pack 1
Huawei FusionCompute V100R005C00CP3001
Fortinet FortiSandbox 2.0.3


Exploit


Reportedly, this issue is being exploited in the wild.


References:

Related Posts

Comments