CVE-2012-6075: Buffer Overflow
First published: Thu Dec 20 2012(Updated: )
A buffer overflow flaw was found in the way e1000 emulated device driver of QEMU, a FAST! processor emulator, processed received large e1000 packets, when the SBP and LPE flags were disabled. If the underlying network was configured to allow large (jumbo) packets, a remote attacker could use this flaw to cause relevant guest in question to crash (DoS) or, potentially, the attacker could use this flaw to execute arbitrary code on the guest system with the kernel level privilege. References: [1] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051</a> [2] <a href="http://www.openwall.com/lists/oss-security/2012/12/19/9">http://www.openwall.com/lists/oss-security/2012/12/19/9</a> [3] <a href="http://thread.gmane.org/gmane.comp.emulators.qemu/182666">http://thread.gmane.org/gmane.comp.emulators.qemu/182666</a> [4] <a href="http://www.openwall.com/lists/oss-security/2013/01/17/12">http://www.openwall.com/lists/oss-security/2013/01/17/12</a> Relevant upstream patches: [5] <a href="http://git.qemu.org/?p=qemu.git;a=commitdiff;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb">http://git.qemu.org/?p=qemu.git;a=commitdiff;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb</a> <a href="http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c0331f4f7d241995452b99afaf0aab00493334a">http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c0331f4f7d241995452b99afaf0aab00493334a</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | <1.3.0 | |
| Fedoraproject Fedora | =16 | |
| Fedoraproject Fedora | =17 | |
| Fedoraproject Fedora | =18 | |
| openSUSE openSUSE | =12.1 | |
| openSUSE openSUSE | =12.2 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| Redhat Enterprise Linux Desktop | =5.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Eus | =5.9 | |
| Redhat Enterprise Linux Eus | =6.4 | |
| Redhat Enterprise Linux Server | =5.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server Aus | =5.9 | |
| Redhat Enterprise Linux Server Aus | =6.4 | |
| Redhat Enterprise Linux Workstation | =5.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Virtualization | =3.0 | |
| Redhat Enterprise Linux | =6.0 | |
| Debian Debian Linux | =6.0 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =11.10 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =12.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051
- http://www.openwall.com/lists/oss-security/2012/12/19/9
- http://thread.gmane.org/gmane.comp.emulators.qemu/182666
- http://www.openwall.com/lists/oss-security/2013/01/17/12
- http://git.qemu.org/?p=qemu.git;a=commitdiff;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb
- http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c0331f4f7d241995452b99afaf0aab00493334a
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=889304
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=889305
- https://access.redhat.com/security/cve/CVE-2012-6075
- http://www.openwall.com/lists/oss-security/2012/12/30/1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=910845
- https://rhn.redhat.com/errata/RHSA-2013-0599.html
- https://rhn.redhat.com/errata/RHSA-2013-0610.html
- https://rhn.redhat.com/errata/RHSA-2013-0608.html
- https://rhn.redhat.com/errata/RHSA-2013-0609.html
- https://rhn.redhat.com/errata/RHSA-2013-0639.html
- https://rhn.redhat.com/errata/RHSA-2013-0636.html
- https://bugzilla.redhat.com/show_bug.cgi?id=889301
- http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html
- http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
- http://rhn.redhat.com/errata/RHSA-2013-0599.html
- http://rhn.redhat.com/errata/RHSA-2013-0608.html
- http://rhn.redhat.com/errata/RHSA-2013-0609.html
- http://rhn.redhat.com/errata/RHSA-2013-0610.html
- http://rhn.redhat.com/errata/RHSA-2013-0639.html
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.debian.org/security/2013/dsa-2607
- http://www.debian.org/security/2013/dsa-2608
- http://www.debian.org/security/2013/dsa-2619
- http://www.securityfocus.com/bid/57420
- http://www.ubuntu.com/usn/USN-1692-1
- agent/references
- agent/first-publish-date
- agent/type
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-6075
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- vendor/qemu
- canonical/qemu qemu
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/16
- version/fedoraproject fedora/17
- version/fedoraproject fedora/18
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/12.1
- version/opensuse opensuse/12.2
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp1
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5.9
- version/redhat enterprise linux eus/6.4
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/5.0
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/5.9
- version/redhat enterprise linux server aus/6.4
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/5.0
- version/redhat enterprise linux workstation/6.0
- canonical/redhat virtualization
- version/redhat virtualization/3.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/6.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/11.10
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/12.10