Synopsis
The remote machine is affected by multiple vulnerabilities.
Description
The remote NewStart CGSL host, running version MAIN 4.06, has qemu-kvm packages installed that are affected by multiple vulnerabilities:
- m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
(CVE-2018-11806)
- Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. (CVE-2018-10839)
- Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. (CVE-2018-17962)
- In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap- based buffer overflow. (CVE-2019-6778)
- interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference. (CVE-2019-12155)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade the vulnerable CGSL qemu-kvm packages. Note that updated packages may not be available yet. Please contact ZTE for more information.