PT-2014-1867 · Qemu+5 · Qemu+8

Laszlo Ersek

·

Publicado

2014-10-20

·

Atualizado

2020-08-11

·

CVE-2014-3615

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions libcacard-devel versions 1.5.3 libcacard versions 1.5.3 libcacard-tools versions 1.5.3 QEMU (affected versions not specified)
Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. In QEMU, the VGA emulator allows local guest users to read host memory by setting the display to a high resolution.
Recommendations For libcacard-devel version 1.5.3, update to a version that contains a fix for this issue. For libcacard version 1.5.3, update to a version that contains a fix for this issue. For libcacard-tools version 1.5.3, update to a version that contains a fix for this issue. For QEMU, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2014-2465
BDU:2015-07328
BDU:2015-07329
BDU:2015-07330
CESA-2014_1669
CVE-2014-3615
DSA-3044-1
DSA-3045-1
MGASA-2014-0426
OPENSUSE-SU-2015_0732-1
OPENSUSE-SU-2015_1092-1
OPENSUSE-SU-2016_2494-1
OPENSUSE-SU-2016_2497-1
RHSA-2014:1669
RHSA-2014:1670
RHSA-2014:1941
RHSA-2014_1669
SUSE-SU-2015:0613-1
SUSE-SU-2015_0613-1
SUSE-SU-2016:1560-1
SUSE-SU-2016:1698-1
SUSE-SU-2016:1785-1
SUSE-SU-2016:2528-1
SUSE-SU-2016:2533-1
SUSE-SU-2016:2725-1
SUSE-SU-2016_1560-1
SUSE-SU-2016_1698-1
SUSE-SU-2016_1785-1
SUSE-SU-2016_2528-1
SUSE-SU-2016_2533-1
SUSE-SU-2016_2725-1
USN-2409-1

Produtos afetados

Alt Linux
Centos
Qemu
Red Hat
Suse
Ubuntu
Libcacard
Libcacard-Devel
Libcacard-Tools