Summary
This host is running QEMU and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will let the attacker cause memory or CPU consumption, resulting in Denial of Service condition.
Impact level: Application/System
Solution
Apply the available patches.
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331 http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5
*****
NOTE: Ignore this warning if the above mentioned patches is already applied.
*****
Insight
Multiple use-after-free errors occur in 'vnc.c' in VNC server while processing malicious 'SetEncodings' messages sent via VNC client.
Affected
QEMU version 0.10.6 and prior on Linux.
References
Severity
Classification
-
CVE CVE-2009-3616 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
- Cscope putstring Multiple Buffer Overflow vulnerability
- Anzio Web Print Object ActiveX Control Remote BOF Vulnerability
- ClamAV 'find_stream_bounds()' function Buffer Overflow Vulnerability
- Buffer Overflow Vulnerability in Adobe Reader (Linux)