Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user with the CAPSYSRAWIO capability inside a guest could use this flaw to crash the host QEMU process resulting in denial of...

Qemu: net: pcnet: buffer overflow in non-loopback mode

A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Not...

Qemu: net: pcnet: buffer overflow in non-loopback mode

A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Not...

Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user with the CAPSYSRAWIO capability inside a guest could use this flaw to crash the host QEMU process resulting in denial of...

Qemu: net: pcnet: buffer overflow in non-loopback mode

A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Not...

Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user with the CAPSYSRAWIO capability inside a guest could use this flaw to crash the host QEMU process resulting in denial of...

QEMU AMD PC-Net II Ethernet Controller CRC Handling Buffer Overflow Vulnerability

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A buffer overflow vulnerability exists in the 'pcnettransmit' function in QEMU's hw/net/pcnet.c file, which originates from the program's failure to correctly validate...

QEMU AMD PC-Net II Ethernet Controller Packet Length Buffer Overflow Vulnerability

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A buffer overflow vulnerability exists in the 'pcnetreceive' function in the hw/net/pcnet.c file in QEMU version 2.5.0, which originates from the program failing to...

CVE-2015-7504

Heap-based buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service instance crash or possibly execute arbitrary code via a series of packets in loopback mode...

UBUNTU-CVE-2015-7504

Heap-based buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service instance crash or possibly execute arbitrary code via a series of packets in loopback mode...

ntp: drop packets with source address ::1

It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses...

RedHat Update for libreswan RHSA-2015:1979-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : libreswan (RHSA-2015:1979)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:1979 advisory. Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

CentOS 7 : libreswan (CESA-2015:1979)

Updated libreswan packages that fix one security issue, several bugs, and add several enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which give...

NTP ntpd Code Injection Vulnerability

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. A security vulnerability exists in the 'readnetworkpacket' function in the ntpio.c file in ntpd in versions 4.x prior to NTP 4.2.8p1...

DEBIAN-CVE-2014-9751

The readnetworkpacket function in ntpio.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by...

Authentication flaw

The readnetworkpacket function in ntpio.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by...

CVE-2014-9751

CVE-2014-9751 affects the Network Time Protocol daemon (ntpd) in Linux/OS X builds of NTP 4.x prior to 4.2.8p1. The read_network_packet function fails to correctly identify IPv6 loopback (::1) sources, allowing remote attackers to spoof restricted packets and potentially disrupt or manipulate ntp...

CVE-2014-9751

The readnetworkpacket function in ntpio.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by...

CVE-2014-9751

The readnetworkpacket function in ntpio.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by...