Mandriva Linux Security Advisory : qemu (MDVSA-2009:257)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Qemu 0.9.1 and earlier does not perform range checks for block device
read or write requests, which allows guest host users with root
privileges to access arbitrary memory and escape the virtual machine.
(CVE-2008-0928)

The updated packages have been patched to prevent this.

Solution :

Update the affected dkms-kqemu, qemu and / or qemu-img packages.

Risk factor :

Medium / CVSS Base Score : 4.7
(CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 42047 (mandriva_MDVSA-2009-257.nasl)

Bugtraq ID: 23731

CVE ID: CVE-2008-0928

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now