FreeBSD : qemu, xen-tools -- use-after-free in QEMU/Xen block unplug protocol (ee99899d-4347-11e5-93ad-002590263bf5)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Xen Project reports :

When unplugging an emulated block device the device was not fully
unplugged, meaning a second unplug attempt would attempt to unplug the
device a second time using a previously freed pointer.

An HVM guest which has access to an emulated IDE disk device may be
able to exploit this vulnerability in order to take over the qemu
process elevating its privilege to that of the qemu process.

See also :

http://xenbits.xen.org/xsa/advisory-139.html
http://www.nessus.org/u?94b2f7b2
http://www.nessus.org/u?a3c24825

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 85485 ()

Bugtraq ID:

CVE ID: CVE-2015-5166

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now