The open source machine emulator QEMU is affected by a vulnerability that can lead to a denial-of-service (DoS) condition or arbitrary code execution, but developers say users should not be too concerned about its impact.
The vulnerability, tracked as CVE-2019-14378 with a CVSS score that puts it in the “high severity” category, was discovered by India-based researcher Vishnu Dev, who said he found the flaw through code auditing. Details of the vulnerability were made public recently, roughly four weeks after a patch was released.
The security hole, described as a heap-based buffer overflow that can lead to a virtual machine (VM) escape, is related to Slirp, an old tool that can be used to emulate PPP, SLIP and CSLIP connections via a shell account. According to Wikipedia, Slirp is still useful for connecting mobile devices via their serial ports, and for firewall piercing and port forwarding.
“This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat[] buffer. An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with privileges of the QEMU process,” Red Hat explained in an advisory.
QEMU, which is considered a free alternative to VMware, is available for several major Linux distributions and it’s used by Xen, Vi ..
Support the originator by clicking the read the rest link below.
