Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 507796 (CVE-2014-0150) - <app-emulation/qemu-2.0.0: virtio-net "virtio_net_handle_mac()" Integer Overflow Vulnerability (CVE-2014-0150)
Summary: <app-emulation/qemu-2.0.0: virtio-net "virtio_net_handle_mac()" Integer Overf...
Status: RESOLVED FIXED
Alias: CVE-2014-0150
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/57878/
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks: CVE-2014-2894
  Show dependency tree
 
Reported: 2014-04-16 07:53 UTC by Agostino Sarubbo
Modified: 2014-08-31 11:31 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-04-16 07:53:01 UTC
From ${URL} :

Description

A vulnerability has been reported in Qemu, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to an integer overflow error in the "virtio_net_handle_mac()" function (hw/net/virtio-net.c), which can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 0.6 through 1.7.1.


Solution:
Fixed in the source code repository.

Further details available to Secunia VIM customers

Provided and/or discovered by:
Michael S. Tsirkin, Red Hat via the gmane.comp.emulators.qemu newsgroup.

Original Advisory:
Michael S. Tsirkin:
http://thread.gmane.org/gmane.comp.emulators.qemu/266713


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2014-04-24 17:30:58 UTC
I've verified that this is fixed in app-emulation/qemu-2.0.0.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2014-04-24 17:34:20 UTC
Qemu-Guys: is qemu-2.0.0 ready for stabilization?
Comment 3 SpanKY gentoo-dev 2014-04-30 21:03:47 UTC
let's give it ~30 days and stabilize it
Comment 4 SpanKY gentoo-dev 2014-05-31 15:34:04 UTC
ok, let's start stabilizing qemu-2.0.0
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-05-31 15:36:22 UTC
CVE-2014-0150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0150):
  Integer overflow in the virtio_net_handle_mac function in
  hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to
  execute arbitrary code via a MAC addresses table update request, which
  triggers a heap-based buffer overflow.
Comment 6 Agostino Sarubbo gentoo-dev 2014-06-04 16:04:38 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-06-04 16:05:00 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-06-05 15:21:49 UTC
ppc and ppc64 has no stable keyword.


Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 9 Yury German Gentoo Infrastructure gentoo-dev Security 2014-06-14 02:34:59 UTC
Arches, Thank you for your work
Maintainer(s), please drop the vulnerable version.

New GLSA Request filed.
Comment 10 Agostino Sarubbo gentoo-dev 2014-08-26 13:13:07 UTC
cleanup done
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:31:12 UTC
This issue was resolved and addressed in
 GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).