Security Advisory

1) Heap-based buffer overflow

Severity: Medium

CVSSv3:
6.9 [CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]

CVE-ID:
CVE-2019-14378

CWE-ID:
CWE-122 – Heap-based Buffer Overflow

Exploit availability:
No

Description


The vulnerability allows a remote attacker to execute arbitrary code on the target system.


The vulnerability exists due to a boundary error within the ip_reass() function in ip_input.c in libslirp. A remote authenticated attacker can send a large packet, trigger heap-based buffer overflow and execute arbitrary code on the target system.


Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor’s website.

Vulnerable software versions

qemu-kvm-rhev (Red Hat package):
2.12.0-18.el7_6

Red Hat Virtualization Manager:
4.2

CPE

External links

https://access.redhat.com/errata/RHSA-2020:2342

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

Severity: Low

CVSSv3:
6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-7039

CWE-ID:
CWE-122 – Heap-based Buffer Overflow

Exploit availability:
No

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the tcp_emu() function in tcp_subr.c in libslirp. An attacker can issue specially crafted IRC DCC commands in EMU_IRC, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Install updates from vendor’s website.

Vulnerable software versions

qemu-kvm-rhev (Red Hat package):
2.12.0-18.el7_6

Red Hat Virtualization Manager:
4.2

CPE

External links

https://access.redhat.com/errata/RHSA-2020:2342

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

Severity: Low

CVSSv3:
6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-8608

CWE-ID:
CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability:
No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within tcp_subr.c file in libslirp. A local user can pass specially crafted data to the application that is using the affected version of library, trigger memory corruption and execute arbitrary code on the system.

Mitigation

Install updates from vendor’s website.

Vulnerable software versions

qemu-kvm-rhev (Red Hat package):
2.12.0-18.el7_6

Red Hat Virtualization Manager:
4.2

CPE

External links

https://access.redhat.com/errata/RHSA-2020:2342

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.





Source link

Write a comment:
*

Your email address will not be published.