CVE-2015-3209: Buffer Overflow
First published: Mon Jun 15 2015(Updated: )
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU KVM | <=2.3.1 | |
| Juniper Networks Junos Space | <=15.1 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =14.10 | |
| Ubuntu | =15.04 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =6.6 | |
| redhat enterprise Linux server | =5.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server aus | =6.6 | |
| redhat enterprise Linux server tus | =6.6 | |
| redhat enterprise Linux workstation | =5.0 | |
| redhat enterprise Linux workstation | =6.0 | |
| redhat openstack | =5.0 | |
| Red Hat Enterprise Virtualization | =3.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| Fedora | =20 | |
| Fedora | =21 | |
| Fedora | =22 | |
| SUSE Linux Enterprise Debuginfo | =11-sp2 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp3 | |
| SUSE Linux Enterprise Desktop with Beagle | =12 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =12 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp3 | |
| SUSE Linux Enterprise Software Development Kit | =12 | |
| Arista EOS | =4.12 | |
| Arista EOS | =4.13 | |
| Arista EOS | =4.14 | |
| Arista EOS | =4.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
- http://rhn.redhat.com/errata/RHSA-2015-1087.html
- http://rhn.redhat.com/errata/RHSA-2015-1088.html
- http://rhn.redhat.com/errata/RHSA-2015-1089.html
- http://rhn.redhat.com/errata/RHSA-2015-1189.html
- http://www.debian.org/security/2015/dsa-3284
- http://www.debian.org/security/2015/dsa-3285
- http://www.debian.org/security/2015/dsa-3286
- http://www.securityfocus.com/bid/75123
- http://www.securitytracker.com/id/1032545
- http://www.ubuntu.com/usn/USN-2630-1
- http://xenbits.xen.org/xsa/advisory-135.html
- https://kb.juniper.net/JSA10783
- https://security.gentoo.org/glsa/201510-02
- https://security.gentoo.org/glsa/201604-03
- https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
Frequently Asked Questions
What is the severity of CVE-2015-3209?
CVE-2015-3209 has a high severity level due to the heap-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code.
How do I fix CVE-2015-3209?
To fix CVE-2015-3209, update QEMU to version 2.3.2 or later and ensure all affected systems are patched.
Which versions of software are affected by CVE-2015-3209?
CVE-2015-3209 affects QEMU versions up to 2.3.1, Juniper Networks Junos Space up to version 15.1, and several versions of Ubuntu and Red Hat Enterprise Linux.
Can CVE-2015-3209 be exploited remotely?
Yes, CVE-2015-3209 can be exploited remotely by attackers sending specially crafted packets to the vulnerable systems.
What types of systems are vulnerable to CVE-2015-3209?
Vulnerable systems include various distributions of Linux such as Ubuntu, Debian, and Red Hat Enterprise Linux, as well as certain network devices running affected versions of Juniper and QEMU.
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/qemu
- canonical/qemu kvm
- version/qemu kvm/2.3.1
- vendor/juniper
- canonical/juniper networks junos space
- version/juniper networks junos space/15.1
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/14.10
- version/ubuntu/15.04
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/6.6
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/5.0
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/6.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/6.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/5.0
- version/redhat enterprise linux workstation/6.0
- canonical/redhat openstack
- version/redhat openstack/5.0
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/3.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/20
- version/fedora/21
- version/fedora/22
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11-sp2
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/11-sp3
- version/suse linux enterprise desktop with beagle/12
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp1
- version/suse linux enterprise server/11-sp2
- version/suse linux enterprise server/11-sp3
- version/suse linux enterprise server/12
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp3
- version/suse linux enterprise software development kit/12
- vendor/arista
- canonical/arista eos
- version/arista eos/4.12
- version/arista eos/4.13
- version/arista eos/4.14
- version/arista eos/4.15