Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : qemu, qemu-kvm vulnerabilities (USN-2630-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Matt Tait discovered that QEMU incorrectly handled the virtual PCNET
driver. A malicious guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user
running the QEMU process. In the default installation, when QEMU is
used with libvirt, attackers would be isolated by the libvirt AppArmor
profile. (CVE-2015-3209)

Kurt Seifried discovered that QEMU incorrectly handled certain
temporary files. A local attacker could use this issue to cause a
denial of service. (CVE-2015-4037)

Jan Beulich discovered that the QEMU Xen code incorrectly restricted
write access to the host MSI message data field. A malicious guest
could use this issue to cause a denial of service. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04.
(CVE-2015-4103)

Jan Beulich discovered that the QEMU Xen code incorrectly restricted
access to the PCI MSI mask bits. A malicious guest could use this
issue to cause a denial of service. This issue only applied to Ubuntu
14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4104)

Jan Beulich discovered that the QEMU Xen code incorrectly handled
MSI-X error messages. A malicious guest could use this issue to cause
a denial of service. This issue only applied to Ubuntu 14.04 LTS,
Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4105)

Jan Beulich discovered that the QEMU Xen code incorrectly restricted
write access to the PCI config space. A malicious guest could use this
issue to cause a denial of service, obtain sensitive information, or
possibly execute arbitrary code. This issue only applied to Ubuntu
14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4106).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 84118 ()

Bugtraq ID: 74809
74947
74948
74949
74950
75123

CVE ID: CVE-2015-3209
CVE-2015-4037
CVE-2015-4103
CVE-2015-4104
CVE-2015-4105
CVE-2015-4106

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now