Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4539

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-4539
Last Modified 16 May 2009 01:24:33
Published 29 Dec 2008 10:24:23
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4539

Summary

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.

Vulnerable Systems

Application

  • Kvm Qumranet Kvm 1

  • Kvm Qumranet Kvm 10

  • Kvm Qumranet Kvm 11

  • Kvm Qumranet Kvm 12

  • Kvm Qumranet Kvm 13

  • Kvm Qumranet Kvm 14

  • Kvm Qumranet Kvm 15

  • Kvm Qumranet Kvm 16

  • Kvm Qumranet Kvm 17

  • Kvm Qumranet Kvm 18

  • Kvm Qumranet Kvm 19

  • Kvm Qumranet Kvm 2

  • Kvm Qumranet Kvm 20

  • Kvm Qumranet Kvm 21

  • Kvm Qumranet Kvm 22

  • Kvm Qumranet Kvm 23

  • Kvm Qumranet Kvm 24

  • Kvm Qumranet Kvm 25

  • Kvm Qumranet Kvm 26

  • Kvm Qumranet Kvm 27

  • Kvm Qumranet Kvm 28

  • Kvm Qumranet Kvm 29

  • Kvm Qumranet Kvm 3

  • Kvm Qumranet Kvm 30

  • Kvm Qumranet Kvm 31

  • Kvm Qumranet Kvm 32

  • Kvm Qumranet Kvm 33

  • Kvm Qumranet Kvm 34

  • Kvm Qumranet Kvm 35

  • Kvm Qumranet Kvm 36

  • Kvm Qumranet Kvm 37

  • Kvm Qumranet Kvm 38

  • Kvm Qumranet Kvm 39

  • Kvm Qumranet Kvm 4

  • Kvm Qumranet Kvm 40

  • Kvm Qumranet Kvm 41

  • Kvm Qumranet Kvm 42

  • Kvm Qumranet Kvm 43

  • Kvm Qumranet Kvm 44

  • Kvm Qumranet Kvm 45

  • Kvm Qumranet Kvm 46

  • Kvm Qumranet Kvm 47

  • Kvm Qumranet Kvm 48

  • Kvm Qumranet Kvm 49

  • Kvm Qumranet Kvm 5

  • Kvm Qumranet Kvm 50

  • Kvm Qumranet Kvm 51

  • Kvm Qumranet Kvm 52

  • Kvm Qumranet Kvm 53

  • Kvm Qumranet Kvm 54

  • Kvm Qumranet Kvm 55

  • Kvm Qumranet Kvm 56

  • Kvm Qumranet Kvm 57

  • Kvm Qumranet Kvm 58

  • Kvm Qumranet Kvm 59

  • Kvm Qumranet Kvm 6

  • Kvm Qumranet Kvm 60

  • Kvm Qumranet Kvm 61

  • Kvm Qumranet Kvm 62

  • Kvm Qumranet Kvm 63

  • Kvm Qumranet Kvm 64

  • Kvm Qumranet Kvm 65

  • Kvm Qumranet Kvm 66

  • Kvm Qumranet Kvm 67

  • Kvm Qumranet Kvm 68

  • Kvm Qumranet Kvm 69

  • Kvm Qumranet Kvm 7

  • Kvm Qumranet Kvm 70

  • Kvm Qumranet Kvm 71

  • Kvm Qumranet Kvm 72

  • Kvm Qumranet Kvm 73

  • Kvm Qumranet Kvm 74

  • Kvm Qumranet Kvm 75

  • Kvm Qumranet Kvm 76

  • Kvm Qumranet Kvm 77

  • Kvm Qumranet Kvm 78

  • Kvm Qumranet Kvm 79

  • Kvm Qumranet Kvm 80

  • Kvm Qumranet Kvm 81

  • Qemu


References

FEDORA - FEDORA-2008-11705

CONFIRM - https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=466890

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=448525

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=237342

XF - qemu-kvm-cirrusvga-bo(47736)

UBUNTU - USN-776-1

MLIST - [secure-testing-commits] 20081103 r10251 - data/CVE

MLIST - [cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539

DEBIAN - DSA-1799

CONFIRM - http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587

SECUNIA - 35062

SECUNIA - 35031

SECUNIA - 34642

SECUNIA - 33350

SECUNIA - 29129

SECUNIA - 25073

SUSE - SUSE-SR:2009:008

MLIST - [debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)

CONFIRM - http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069


Last Updated: 27 May 2016 10:48:32