FreeBSD : qemu -- code execution on host machine (aea8d90e-b0c1-11e5-8d13-bc5ff45d0f28)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Petr Matousek of Red Hat Inc. reports :

Due converting PIO to the new memory read/write api we no longer
provide separate I/O region lenghts for read and write operations. As
a result, reading from PIT Mode/Command register will end with
accessing pit->channels with invalid index and potentially cause
memory corruption and/or minor information leak.

A privileged guest user in a guest with QEMU PIT emulation enabled
could potentially (tough unlikely) use this flaw to execute arbitrary
code on the host with the privileges of the hosting QEMU process.

Please note that by default QEMU/KVM guests use in-kernel (KVM) PIT
emulation and are thus not vulnerable to this issue.

See also :

http://openwall.com/lists/oss-security/2015/06/17/5
http://www.nessus.org/u?633553d7
http://www.nessus.org/u?485c66a4
http://www.nessus.org/u?878485df

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 87702 ()

Bugtraq ID:

CVE ID: CVE-2015-3214

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now