FreeBSD : xen-tools -- QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks (e6ce6f50-4212-11e6-942d-bc5ff45d0f28)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

Qemu VGA module allows banked access to video memory using the window
at 0xa00000 and it supports different access modes with different
address calculations.

Qemu VGA module allows guest to edit certain registers in 'vbe' and
'vga' modes.

A privileged guest user could use CVE-2016-3710 to exceed the bank
address window and write beyond the said memory area, potentially
leading to arbitrary code execution with privileges of the Qemu
process. If the system is not using stubdomains, this will be in
domain 0.

A privileged guest user could use CVE-2016-3712 to cause potential
integer overflow or OOB read access issues in Qemu, resulting in a DoS
of the guest itself. More dangerous effect, such as data leakage or
code execution, are not known but cannot be ruled out.

See also :

http://xenbits.xen.org/xsa/advisory-179.html
http://www.nessus.org/u?c6af5b11

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91938 ()

Bugtraq ID:

CVE ID: CVE-2016-3710
CVE-2016-3712

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now