漏洞信息详情
QEMU 数字错误漏洞
漏洞简介
QEMU(又名Quick Emulator)是法国程序员法布里斯-贝拉(Fabrice Bellard)所研发的一套模拟处理器软件。该软件具有速度快、跨平台等特点。
QEMU 2.12.50及之前版本中的qemu-ga的qga/commands-posix.c和qga/commands-win32.c文件的qmp_guest_file_read例行程序存在整数溢出漏洞。攻击者可通过向代理发送特制的QMP命令利用该漏洞造成段错误。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:
https://www.qemu.org/
参考网址
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html
来源:MISC
链接:https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
来源:DEBIAN
链接:https://www.debian.org/security/2019/dsa-4454
来源:UBUNTU
链接:https://usn.ubuntu.com/3826-1/
来源:BUGTRAQ
链接:https://seclists.org/bugtraq/2019/May/76
来源:EXPLOIT-DB
链接:https://www.exploit-db.com/exploits/44925/
来源:BID
链接:http://www.securityfocus.com/bid/104531
来源:MISC
链接:https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
来源:BID
链接:https://www.securityfocus.com/bid/104531
来源:lists.debian.org
链接:https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html
来源:www.debian.org
链接:http://www.debian.org/security/2019/dsa-4454
来源:www.debian.org
链接:http://www.debian.org/security/2019/dsa-4454-2
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.1961/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.1944.2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/76274
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.1944/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153143/Debian-Security-Advisory-4454-1.html
受影响实体
- Qemu Qemu:2.12.50<!--2000-1-1-->
补丁
- QEMU 数字错误漏洞的修复措施<!--2018-6-22-->
还没有评论,来说两句吧...