Detections
Analytics
FreeBSD : qemu -- denial of service vulnerabilities in eepro100 NIC support (b56fe6bb-b1b1-11e5-9728-002590263bf5)
medium Nessus Plugin ID 87704
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
Prasad J Pandit, Red Hat Product Security Team, reports :Qemu emulator built with the i8255x (PRO100) emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List (CBL). Each Command Block(CB) points to the next command in the list. An infinite loop unfolds if the link to the next CB points to the same block or there is a closed loop in the chain.
A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoS.
Solution
Update the affected packages.See Also
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205813
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205814
https://www.openwall.com/lists/oss-security/2015/11/25/3
https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
http://www.nessus.org/u?b0d6d8b2
Plugin Details
Severity: Medium
ID: 87704
File Name: freebsd_pkg_b56fe6bbb1b111e59728002590263bf5.nasl
Version: 2.8
Type: local
Family: FreeBSD Local Security Checks
Published: 1/4/2016
Updated: 1/4/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Low
Base Score: 2.1
Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:qemu, p-cpe:/a:freebsd:freebsd:qemu-devel, p-cpe:/a:freebsd:freebsd:qemu-sbruno, p-cpe:/a:freebsd:freebsd:qemu-user-static, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 1/3/2016
Vulnerability Publication Date: 10/16/2015
Reference Information
CVE: CVE-2015-8345