[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-3209

Date: (C)2015-06-15   (M)2018-01-05 


Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1032545
BID-75123
DSA-3284
DSA-3285
DSA-3286
FEDORA-2015-10001
FEDORA-2015-9965
FEDORA-2015-9978
GLSA-201510-02
GLSA-201604-03
RHSA-2015:1087
RHSA-2015:1088
RHSA-2015:1089
RHSA-2015:1189
SUSE-SU-2015:1042
SUSE-SU-2015:1045
SUSE-SU-2015:1152
SUSE-SU-2015:1156
SUSE-SU-2015:1157
SUSE-SU-2015:1206
SUSE-SU-2015:1426
SUSE-SU-2015:1519
SUSE-SU-2015:1643
USN-2630-1
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
http://xenbits.xen.org/xsa/advisory-135.html
https://kb.juniper.net/JSA10783

CPE    2
cpe:/a:qemu:qemu:-
cpe:/o:xen:xen:4.5.0
CWE    1
CWE-119
OVAL    18
oval:org.secpod.oval:def:109347
oval:org.secpod.oval:def:109402
oval:org.secpod.oval:def:109225
oval:org.secpod.oval:def:602139
...

© 2013 SecPod Technologies