QEMU VNC Server Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

This host is running QEMU and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will let the attacker cause memory or CPU consumption, resulting in Denial of Service condition. Impact level: Application/System

Solution

Apply the available patches. http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331 http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 ***** NOTE: Ignore this warning if the above mentioned patches is already applied. *****

Insight

Multiple use-after-free errors occur in 'vnc.c' in VNC server while processing malicious 'SetEncodings' messages sent via VNC client.

Affected

QEMU version 0.10.6 and prior on Linux.

References

http://www.openwall.com/lists/oss-security/2009/10/16/8
https://bugzilla.redhat.com/show_bug.cgi?id=505641

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3616

CVSS	Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
Bopup Communication Server Remote Buffer Overflow Vulnerability
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
avast! Multiple Vulnerabilities - Oct09 (Win)

QEMU VNC Server Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities