Mandriva Linux Security Advisory : qemu (MDVSA-2014:249)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated qemu packages fix security vulnerabilities :

During migration, the values read from migration stream during ram
load are not validated. Especially offset in host_from_stream_offset()
and also the length of the writes in the callers of the said function.
A user able to alter the savevm data (either on the disk or over the
wire during migration) could use either of these flaws to corrupt QEMU
process memory on the (destination) host, which could potentially
result in arbitrary code execution on the host with the privileges of
the QEMU process (CVE-2014-7840).

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu. A privileged guest
user could use this flaw to write into qemu address space on the host,
potentially escalating their privileges to those of the qemu host
process (CVE-2014-8106).

See also :

http://advisories.mageia.org/MGASA-2014-0525.html

Solution :

Update the affected qemu and / or qemu-img packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 79994 ()

Bugtraq ID: 71477
71658

CVE ID: CVE-2014-7840
CVE-2014-8106

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now