Large Packet Buffer Overflow Vulnerability after QEMU systolic pressure and LPE flag are disabled

Large Packet Buffer Overflow Vulnerability after QEMU systolic pressure and LPE flag are disabled

Release date:
Updated on:

Affected Systems:
QEMU
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57420
CVE (CAN) ID: CVE-2012-6075
 
QEMU is an open source simulator software.
 
This vulnerability is caused by the e1000_receive function in (! LPE and! The buffer overflow vulnerability caused by messages exceeding a fixed length. The prerequisite for successful exploits is that the network is configured to allow jumbo packets. Remote attackers can exploit this vulnerability to cause the QEMU client system to crash, or execute arbitrary code with the core permissions of the client system.
 
The network is configured to allow jumbo packets not the default QEMU configuration of the affected version. This vulnerability has a small impact scope.
 
<* Source: Michael Contreras

Link: http://seclists.org/oss-sec/2013/q1/97
Https://bugzilla.RedHat.com/show_bug.cgi? Id = 889301
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://fabrice.bellard.free.fr/qemu/

Http://git.qemu.org /? P = qemu. git; a = commitdiff; h = b0d9ffcd0251_1c7c92f94804dcf599dfa3edeb