Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0029

Overview

Vulnerability Score 7.4 7.4
CVE Id CVE-2012-0029
Last Modified 05 Mar 2014 11:34:35
Published 27 Jan 2012 10:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-0029

Summary

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

Vulnerable Systems

Application

  • Kvm Group Qemu-kvm 0.12


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=772075

XF - qemu-processtxdesc-bo(72656)

UBUNTU - USN-1339-1

BID - 51642

REDHAT - RHSA-2012:0050

SECUNIA - 47741

SECUNIA - 47740

SECUNIA - 47992

SUSE - openSUSE-SU-2012:0207

FEDORA - FEDORA-2012-8604

SECUNIA - 48318

REDHAT - RHSA-2012:0370

SUSE - SUSE-SU-2012:1320

SECUNIA - 50913

CONFIRM - http://git.qemu.org/?p=qemu.git;a=log;h=refs/heads/stable-1.0

Related Patches

Red Hat 2012:0370-01 RHSA Important: xen security and bug fix update for RHEL 5 x86

Red Hat 2012:0370-01 RHSA Important: xen security and bug fix update for RHEL 5 x86_64

Novell SUSE 2012:5655 kvm security update for SLE 11 SP1 i586

Novell SUSE 2012:5655 kvm security update for SLE 11 SP1 x86_64

Novell SUSE 2012:5796 xen-201202 security update for SLE 11 SP1 i586

Novell SUSE 2012:5796 xen-201202 security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:56:27