QEMU VNC Server Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

This host is running QEMU and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will let the attacker cause memory or CPU consumption, resulting in Denial of Service condition. Impact level: Application/System

Solution

Apply the available patches. http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331 http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 ***** NOTE: Ignore this warning if the above mentioned patches is already applied. *****

Insight

Multiple use-after-free errors occur in 'vnc.c' in VNC server while processing malicious 'SetEncodings' messages sent via VNC client.

Affected

QEMU version 0.10.6 and prior on Linux.

References

http://www.openwall.com/lists/oss-security/2009/10/16/8
https://bugzilla.redhat.com/show_bug.cgi?id=505641

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3616
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
Cscope putstring Multiple Buffer Overflow vulnerability
Anzio Web Print Object ActiveX Control Remote BOF Vulnerability
ClamAV 'find_stream_bounds()' function Buffer Overflow Vulnerability
Buffer Overflow Vulnerability in Adobe Reader (Linux)

QEMU VNC Server Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities