[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98250

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-776-1 -- kvm vulnerabilities

ID: oval:org.secpod.oval:def:700423Date: (C)2011-05-13   (M)2017-11-27
Class: PATCHFamily: unix




Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM"s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM"s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM"s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service

Platform:
Ubuntu 8.10
Ubuntu 8.04
Product:
kvm
Reference:
USN-776-1
CVE-2008-1945
CVE-2008-2004
CVE-2008-2382
CVE-2008-4539
CVE-2008-5714
CVE    5
CVE-2008-2382
CVE-2008-2004
CVE-2008-1945
CVE-2008-5714
...
CPE    2
cpe:/o:ubuntu:ubuntu_linux:8.04
cpe:/o:ubuntu:ubuntu_linux:8.10

© 2013 SecPod Technologies