QEMU 'vga.c' Information Disclosure Vulnerability
BID:69654
CVE-2014-3615 |Info
QEMU 'vga.c' Information Disclosure Vulnerability
| Bugtraq ID: | 69654 |
| Class: | Design Error |
| CVE: |
CVE-2014-3615 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 08 2014 12:00AM |
| Updated: | Nov 24 2016 09:03AM |
| Credit: | Prasad J Pandit |
| Vulnerable: |
SuSE Linux Enterprise Server 11 SP2 LTSS S.u.S.E. openSUSE 13.2 S.u.S.E. openSUSE 13.1 Redhat Enterprise Linux OpenStack Platform for RHEL 7 5.0 QEMU QEMU 0 Oracle Enterprise Linux 7 Mandriva Business Server 1 X86 64 Mandriva Business Server 1 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: | |
Discussion
QEMU 'vga.c' Information Disclosure Vulnerability
QEMU is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.
QEMU is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.
Exploit / POC
QEMU 'vga.c' Information Disclosure Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
QEMU 'vga.c' Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
-
Mandriva lib64usbredirhost-devel-0.7-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64usbredirhost1-0.7-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64usbredirparser-devel-0.7-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64usbredirparser1-0.7-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva qemu-1.6.2-1.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva qemu-img-1.6.2-1.1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva usbredir-0.7-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva usbredir-devel-0.7-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/
References
QEMU 'vga.c' Information Disclosure Vulnerability
References:
References:
- Bug 1139115 - (CVE-2014-3615) CVE-2014-3615 Qemu: information leakage when guest (Red Hat Bugzilla)
- CVE-2014-3615 Qemu: information leakage when guest sets high resolution (Prasad J Pandit)
- QEMU Homepage (QEMU)
- spice: make sure we don't overflow ssd->buf (Gerd Hoffmann)
- vbe: rework sanity checks (Gerd Hoffmann)