FreeBSD : qemu -- several vulnerabilities (0ac89b39-f829-11db-b55c-000e0c6d38a9)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Debian Security Team reports :

Several vulnerabilities have been discovered in the QEMU processor
emulator, which may lead to the execution of arbitrary code or denial
of service. The Common Vulnerabilities and Exposures project
identifies the following problems :

CVE-2007-1320Tavis Ormandy discovered that a memory management routine
of the Cirrus video driver performs insufficient bounds checking,
which might allow the execution of arbitrary code through a heap
overflow.

CVE-2007-1321Tavis Ormandy discovered that the NE2000 network driver
and the socket code perform insufficient input validation, which might
allow the execution of arbitrary code through a heap overflow.

CVE-2007-1322Tavis Ormandy discovered that the 'icebp' instruction can
be abused to terminate the emulation, resulting in denial of service.

CVE-2007-1323Tavis Ormandy discovered that the NE2000 network driver
and the socket code perform insufficient input validation, which might
allow the execution of arbitrary code through a heap overflow.

CVE-2007-1366Tavis Ormandy discovered that the 'aam' instruction can
be abused to crash qemu through a division by zero, resulting in
denial of service.

See also :

http://www.nessus.org/u?b656ca08
http://www.nessus.org/u?fbea46f7

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25129 (freebsd_pkg_0ac89b39f82911dbb55c000e0c6d38a9.nasl)

Bugtraq ID:

CVE ID: CVE-2007-1320
CVE-2007-1321
CVE-2007-1322
CVE-2007-1366
CVE-2007-2893

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now