Details of VAR-201505-0417

ID

VAR-201505-0417

CVE

CVE-2015-3456

TITLE

Xen and KVM Used in QEMU Service disruption in floppy disk controllers in Japan (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002668

DESCRIPTION

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. QEMU is prone to a remote memory-corruption vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2015:1002-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1002.html Issue date: 2015-05-13 CVE Names: CVE-2015-3456 ===================================================================== 1. Summary: Updated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: xen-3.0.3-146.el5_11.src.rpm i386: xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-libs-3.0.3-146.el5_11.i386.rpm x86_64: xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.x86_64.rpm xen-libs-3.0.3-146.el5_11.i386.rpm xen-libs-3.0.3-146.el5_11.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): Source: xen-3.0.3-146.el5_11.src.rpm i386: xen-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-devel-3.0.3-146.el5_11.i386.rpm x86_64: xen-3.0.3-146.el5_11.x86_64.rpm xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.x86_64.rpm xen-devel-3.0.3-146.el5_11.i386.rpm xen-devel-3.0.3-146.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: xen-3.0.3-146.el5_11.src.rpm i386: xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-libs-3.0.3-146.el5_11.i386.rpm ia64: xen-debuginfo-3.0.3-146.el5_11.ia64.rpm xen-libs-3.0.3-146.el5_11.ia64.rpm x86_64: xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.x86_64.rpm xen-libs-3.0.3-146.el5_11.i386.rpm xen-libs-3.0.3-146.el5_11.x86_64.rpm RHEL Virtualization (v. 5 server): Source: xen-3.0.3-146.el5_11.src.rpm i386: xen-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-devel-3.0.3-146.el5_11.i386.rpm ia64: xen-3.0.3-146.el5_11.ia64.rpm xen-debuginfo-3.0.3-146.el5_11.ia64.rpm xen-devel-3.0.3-146.el5_11.ia64.rpm x86_64: xen-3.0.3-146.el5_11.x86_64.rpm xen-debuginfo-3.0.3-146.el5_11.i386.rpm xen-debuginfo-3.0.3-146.el5_11.x86_64.rpm xen-devel-3.0.3-146.el5_11.i386.rpm xen-devel-3.0.3-146.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU1nEXlSAg2UNWIIRAqUxAJ4/PAGie2atGBxiE9sxg6XvYfOdnwCghYMV N+LpzXLkVxe9V4a19FaVRjk= =UhFF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures: RHEV Agents (vdsm) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. Once all virtual machines have shut down, start them again for this update to take effect. Background ========== QEMU is a generic and open source machine emulator and virtualizer. http://creativecommons.org/licenses/by-sa/2.5 . From: Yury German <blueknight@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <57035F2D.8090108@gentoo.org> Subject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201604-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: April 05, 2016 Bugs: #445254, #513832, #547202, #549200, #549950, #550658, #553664, #553718, #555532, #556304, #561110, #564472, #564932, #566798, #566838, #566842, #567962, #571552, #571556, #574012 ID: 201604-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.6.0-r9 >= 4.6.0-r9 *>= 4.5.2-r5 2 app-emulation/xen-pvgrub < 4.6.0 Vulnerable! 3 app-emulation/xen-tools < 4.6.0-r9 >= 4.6.0-r9 *>= 4.5.2-r5 4 app-emulation/pvgrub >= 4.6.0 *>= 4.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen 4.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5" All Xen 4.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9" All Xen tools 4.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.5.2-r5" All Xen tools 4.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.6.0-r9" All Xen pvgrub users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"= References ========== [ 1 ] CVE-2012-3494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494 [ 2 ] CVE-2012-3495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495 [ 3 ] CVE-2012-3496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496 [ 4 ] CVE-2012-3497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497 [ 5 ] CVE-2012-3498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498 [ 6 ] CVE-2012-3515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515 [ 7 ] CVE-2012-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411 [ 8 ] CVE-2012-4535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535 [ 9 ] CVE-2012-4536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536 [ 10 ] CVE-2012-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537 [ 11 ] CVE-2012-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538 [ 12 ] CVE-2012-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539 [ 13 ] CVE-2012-6030 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030 [ 14 ] CVE-2012-6031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031 [ 15 ] CVE-2012-6032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032 [ 16 ] CVE-2012-6033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033 [ 17 ] CVE-2012-6034 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034 [ 18 ] CVE-2012-6035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035 [ 19 ] CVE-2012-6036 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036 [ 20 ] CVE-2015-2151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151 [ 21 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 22 ] CVE-2015-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259 [ 23 ] CVE-2015-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340 [ 24 ] CVE-2015-3456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456 [ 25 ] CVE-2015-4103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103 [ 26 ] CVE-2015-4104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104 [ 27 ] CVE-2015-4105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105 [ 28 ] CVE-2015-4106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106 [ 29 ] CVE-2015-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163 [ 30 ] CVE-2015-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164 [ 31 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 32 ] CVE-2015-7311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311 [ 33 ] CVE-2015-7504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504 [ 34 ] CVE-2015-7812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812 [ 35 ] CVE-2015-7813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813 [ 36 ] CVE-2015-7814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814 [ 37 ] CVE-2015-7835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835 [ 38 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 39 ] CVE-2015-7969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969 [ 40 ] CVE-2015-7970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970 [ 41 ] CVE-2015-7971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971 [ 42 ] CVE-2015-7972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972 [ 43 ] CVE-2015-8339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339 [ 44 ] CVE-2015-8340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340 [ 45 ] CVE-2015-8341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341 [ 46 ] CVE-2015-8550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550 [ 47 ] CVE-2015-8551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551 [ 48 ] CVE-2015-8552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552 [ 49 ] CVE-2015-8554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554 [ 50 ] CVE-2015-8555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555 [ 51 ] CVE-2016-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270 [ 52 ] CVE-2016-2271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201604-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc . CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. CVE-2015-2756 Jan Beulich discovered that unmediated PCI command register could result in denial of service. CVE-2015-3456 Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u7 of the qemu source package and in version 1.1.2+dfsg-6+deb7u7 of the qemu-kvm source package. Only CVE-2015-3456 affects oldstable. For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your qemu packages

Trust: 2.61

sources: NVD: CVE-2015-3456 // JVNDB: JVNDB-2015-002668 // BID: 74640 // VULMON: CVE-2015-3456 // PACKETSTORM: 131888 // PACKETSTORM: 131920 // PACKETSTORM: 131893 // PACKETSTORM: 131890 // PACKETSTORM: 135598 // PACKETSTORM: 136587 // PACKETSTORM: 131879

AFFECTED PRODUCTS

vendor:	xen	model:	xen	scope:	eq	version:	4.5.0	Trust: 1.3
vendor:	redhat	model:	openstack	scope:	eq	version:	4.0	Trust: 1.3
vendor:	redhat	model:	openstack	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	openstack	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 1.0
vendor:	qemu	model:	qemu	scope:	lte	version:	2.3.0	Trust: 1.0
vendor:	redhat	model:	openstack	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise virtualization	scope:	eq	version:	3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft products	scope:	eq	version:	of peoplesoft enterprise pt peopletools 8.53	Trust: 0.8
vendor:	oracle	model:	peoplesoft products	scope:	eq	version:	of peoplesoft enterprise pt peopletools 8.54	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	hewlett packard	model:	hp helion openstack	scope:	eq	version:	1.0.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	(v. 5 client)	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	4.0	Trust: 0.8
vendor:	fabrice bellard	model:	qemu	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	openstack	scope:	eq	version:	5.0 for rhel 6	Trust: 0.8
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	4.1	Trust: 0.8
vendor:	red hat	model:	enterprise virtualization	scope:	eq	version:	3	Trust: 0.8
vendor:	red hat	model:	enterprise linux server eus	scope:	eq	version:	(v. 6.6.z)	Trust: 0.8
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	4.3.28	Trust: 0.8
vendor:	red hat	model:	openstack	scope:	eq	version:	4.0	Trust: 0.8
vendor:	oracle	model:	linux	scope:	eq	version:	5	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	(v. 5 server)	Trust: 0.8
vendor:	red hat	model:	rhel virtualization	scope:	eq	version:	(v. 5 server)	Trust: 0.8
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	4.2	Trust: 0.8
vendor:	xen	model:	xen	scope:	lte	version:	4.5.x and earlier	Trust: 0.8
vendor:	oracle	model:	vm server	scope:	eq	version:	3.2	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	oracle	model:	vm virtualbox	scope:	lt	version:	4.3	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	oracle	model:	vm server	scope:	eq	version:	3.3	Trust: 0.8
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 0.8
vendor:	red hat	model:	openstack	scope:	eq	version:	6.0 for rhel 7	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 0.8
vendor:	oracle	model:	vm virtualbox	scope:	eq	version:	3.2	Trust: 0.8
vendor:	hewlett packard	model:	hp helion openstack	scope:	eq	version:	1.1.0	Trust: 0.8
vendor:	oracle	model:	vm server	scope:	eq	version:	2.2	Trust: 0.8
vendor:	red hat	model:	openstack	scope:	eq	version:	5.0 for rhel 7	Trust: 0.8
vendor:	red hat	model:	rhel desktop multi os	scope:	eq	version:	(v. 5 client)	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	qemu	model:	qemu	scope:	eq	version:	2.3.0	Trust: 0.6
vendor:	xen	model:	xen	scope:	eq	version:	4.4.1	Trust: 0.3
vendor:	xen	model:	rc1	scope:	eq	version:	4.4.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.4.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.0	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	15.04	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	14.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	suse	model:	linux enterprise software development kit sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp4 ltss	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2 ltss	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1 ltss	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise expanded support	scope:	eq	version:	7	Trust: 0.3
vendor:	suse	model:	linux enterprise expanded support	scope:	eq	version:	6	Trust: 0.3
vendor:	suse	model:	linux enterprise expanded support	scope:	eq	version:	5	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.2	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.1	Trust: 0.3
vendor:	redhat	model:	openstack for rhel	scope:	eq	version:	6.07	Trust: 0.3
vendor:	redhat	model:	openstack for rhel	scope:	eq	version:	5.07	Trust: 0.3
vendor:	redhat	model:	openstack for rhel	scope:	eq	version:	5.06	Trust: 0.3
vendor:	redhat	model:	enterprise virtualization	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux virtualization server	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server eus 6.5.z	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop multi os client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	qemu	model:	qemu	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.54	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.53	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	juniper	model:	northstar controller application	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	joyent	model:	smartdatacenter	scope:	eq	version:	0	Trust: 0.3
vendor:	joyent	model:	public cloud	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	pureapplication system	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	pureapplication system	scope:	eq	version:	2.0	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.20	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.3.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.1.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.0.1	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.0.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.2.1.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.2.0.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.1.0.0	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c00spc300	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c10spc600	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c10cp6001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c00spc300	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c00	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	helion openstack	scope:	eq	version:	1.1.0	Trust: 0.3
vendor:	hp	model:	helion openstack	scope:	eq	version:	1.0.0	Trust: 0.3
vendor:	hp	model:	helion cloudsystem	scope:	eq	version:	8.1	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortisandbox	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.5	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.2	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.1	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	7	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	5	Trust: 0.3
vendor:	juniper	model:	northstar controller application service pack	scope:	ne	version:	2.1.01	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c00cp3001	scope:	ne	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortisandbox	scope:	ne	version:	2.0.3	Trust: 0.3

sources: BID: 74640 // JVNDB: JVNDB-2015-002668 // CNNVD: CNNVD-201505-207 // NVD: CVE-2015-3456

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3456
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-3456
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201505-207
value:	HIGH
Trust: 0.6
VULMON:	CVE-2015-3456
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-3456
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

sources: VULMON: CVE-2015-3456 // JVNDB: JVNDB-2015-002668 // CNNVD: CNNVD-201505-207 // NVD: CVE-2015-3456

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2015-002668 // NVD: CVE-2015-3456

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201505-207

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201505-207

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002668

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2015-3456

PATCH

title:	HPSBMU03336	url:	http://marc.info/?l=bugtraq&m=143229451215900&w=2	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2015	url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html	Trust: 0.8
title:	Oracle Security Alert for CVE-2015-3456	url:	http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html	Trust: 0.8
title:	fdc: force the fifo access to be in bounds of the allocated buffer	url:	http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c	Trust: 0.8
title:	VENOM: QEMU vulnerability (CVE-2015-3456)	url:	https://access.redhat.com/articles/1444903	Trust: 0.8
title:	RHSA-2015:1002	url:	http://rhn.redhat.com/errata/RHSA-2015-1002.html	Trust: 0.8
title:	RHSA-2015:1003	url:	http://rhn.redhat.com/errata/RHSA-2015-1003.html	Trust: 0.8
title:	RHSA-2015:1004	url:	http://rhn.redhat.com/errata/RHSA-2015-1004.html	Trust: 0.8
title:	RHSA-2015:0998	url:	http://rhn.redhat.com/errata/RHSA-2015-0998.html	Trust: 0.8
title:	RHSA-2015:0999	url:	http://rhn.redhat.com/errata/RHSA-2015-0999.html	Trust: 0.8
title:	RHSA-2015:1000	url:	http://rhn.redhat.com/errata/RHSA-2015-1000.html	Trust: 0.8
title:	RHSA-2015:1001	url:	http://rhn.redhat.com/errata/RHSA-2015-1001.html	Trust: 0.8
title:	VENOM, don’t get bitten.	url:	http://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/	Trust: 0.8
title:	July 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/july_2015_critical_patch_update	Trust: 0.8
title:	CVE-2015-3456	url:	https://www.suse.com/security/cve/CVE-2015-3456.html	Trust: 0.8
title:	XSA-133	url:	http://xenbits.xen.org/xsa/advisory-133.html	Trust: 0.8
title:	xsa133-qemuu	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55519	Trust: 0.6
title:	xsa133-qemut	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55518	Trust: 0.6
title:	xsa133-qemuu-4.3-4.2	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55520	Trust: 0.6
title:	qemu.git-e907746266721f305d67bc0718795fedee2e824c	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55517	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2016/05/05/poc_exploit_tripled_2015_study/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2015/05/19/oracle_patches_venom/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2015/05/14/venom_analysis/	Trust: 0.2
title:	Debian CVElist Bug Report Logs: virtualbox: CVE-2015-3456: floppy driver host code execution	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1e9cefc84b9a72ae90225e9ff55d95b7	Trust: 0.1
title:	Debian Security Advisories: DSA-3262-1 xen -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=062e555c99e007ed070757c824f250eb	Trust: 0.1
title:	Debian Security Advisories: DSA-3274-1 virtualbox -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=13673fabccef0c794fd2bc2944597470	Trust: 0.1
title:	Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2608-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3259-1 qemu -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=57edcd554beef990c5db7c77e4410e91	Trust: 0.1
title:	Debian CVElist Bug Report Logs: qemu: CVE-2014-9718 CVE-2015-1779	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a8c61c5fbe108faa83788a9a61ccb677	Trust: 0.1
title:	Symantec Security Advisories: SA95 : VENOM Vulnerability in Virtualization Platforms	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=015b922e5570d0f4c9f66b103d8e694a	Trust: 0.1
title:	Oracle: Oracle Security Alert for CVE-2015-3456	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=222bdb74a04df3dae048eda54c80f9ea	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e	Trust: 0.1
title:	elysiumVM	url:	https://github.com/cyberlifetech/elysiumVM	Trust: 0.1
title:	cve-2015-3456	url:	https://github.com/vincentbernat/cve-2015-3456	Trust: 0.1
title:	-	url:	https://github.com/RUB-SysSec/Hypercube	Trust: 0.1
title:	laputa	url:	https://github.com/takuzoo3868/laputa	Trust: 0.1
title:	cookbook-xs-maintenance	url:	https://github.com/pigram86/cookbook-xs-maintenance	Trust: 0.1
title:	rhsecapi	url:	https://github.com/RedHatOfficial/rhsecapi	Trust: 0.1
title:	cve-pylib	url:	https://github.com/RedHatProductSecurity/cve-pylib	Trust: 0.1

sources: VULMON: CVE-2015-3456 // JVNDB: JVNDB-2015-002668 // CNNVD: CNNVD-201505-207

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3456	Trust: 3.5
db:	BID	id:	74640	Trust: 2.0
db:	JUNIPER	id:	JSA10783	Trust: 2.0
db:	SECTRACK	id:	1032917	Trust: 1.7
db:	SECTRACK	id:	1032306	Trust: 1.7
db:	SECTRACK	id:	1032311	Trust: 1.7
db:	EXPLOIT-DB	id:	37053	Trust: 1.7
db:	JUNIPER	id:	JSA10693	Trust: 1.7
db:	MCAFEE	id:	SB10118	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-002668	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-207	Trust: 0.6
db:	VULMON	id:	CVE-2015-3456	Trust: 0.1
db:	PACKETSTORM	id:	131888	Trust: 0.1
db:	PACKETSTORM	id:	131920	Trust: 0.1
db:	PACKETSTORM	id:	131893	Trust: 0.1
db:	PACKETSTORM	id:	131890	Trust: 0.1
db:	PACKETSTORM	id:	135598	Trust: 0.1
db:	PACKETSTORM	id:	136587	Trust: 0.1
db:	PACKETSTORM	id:	131879	Trust: 0.1

sources: VULMON: CVE-2015-3456 // BID: 74640 // JVNDB: JVNDB-2015-002668 // PACKETSTORM: 131888 // PACKETSTORM: 131920 // PACKETSTORM: 131893 // PACKETSTORM: 131890 // PACKETSTORM: 135598 // PACKETSTORM: 136587 // PACKETSTORM: 131879 // CNNVD: CNNVD-201505-207 // NVD: CVE-2015-3456

REFERENCES

url:	http://venom.crowdstrike.com/	Trust: 2.8
url:	http://support.citrix.com/article/ctx201078	Trust: 2.6
url:	http://www.debian.org/security/2015/dsa-3274	Trust: 2.3
url:	http://www.securityfocus.com/bid/74640	Trust: 2.3
url:	http://www.debian.org/security/2015/dsa-3259	Trust: 2.3
url:	http://www.debian.org/security/2015/dsa-3262	Trust: 2.3
url:	http://rhn.redhat.com/errata/rhsa-2015-1000.html	Trust: 2.1
url:	http://rhn.redhat.com/errata/rhsa-2015-1001.html	Trust: 2.1
url:	http://rhn.redhat.com/errata/rhsa-2015-0999.html	Trust: 2.0
url:	http://xenbits.xen.org/xsa/advisory-133.html	Trust: 2.0
url:	https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/	Trust: 2.0
url:	http://rhn.redhat.com/errata/rhsa-2015-1004.html	Trust: 2.0
url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 2.0
url:	http://rhn.redhat.com/errata/rhsa-2015-1011.html	Trust: 2.0
url:	http://rhn.redhat.com/errata/rhsa-2015-1002.html	Trust: 1.8
url:	https://www.exploit-db.com/exploits/37053/	Trust: 1.8
url:	https://security.gentoo.org/glsa/201604-03	Trust: 1.8
url:	https://security.gentoo.org/glsa/201602-01	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2015-0998.html	Trust: 1.7
url:	https://access.redhat.com/articles/1444903	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-1003.html	Trust: 1.7
url:	https://www.suse.com/security/cve/cve-2015-3456.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=143229451215900&w=2	Trust: 1.7
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10118	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158072.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2608-1	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html	Trust: 1.7
url:	https://support.lenovo.com/us/en/product_security/venom	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=143387998230996&w=2	Trust: 1.7
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm	Trust: 1.7
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10693	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa95	Trust: 1.7
url:	http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html	Trust: 1.7
url:	http://www.securitytracker.com/id/1032311	Trust: 1.7
url:	http://www.securitytracker.com/id/1032306	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html	Trust: 1.7
url:	https://kb.juniper.net/jsa10783	Trust: 1.7
url:	https://security.gentoo.org/glsa/201612-27	Trust: 1.7
url:	http://www.securitytracker.com/id/1032917	Trust: 1.7
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10	Trust: 1.7
url:	http://git.qemu.org/?p=qemu.git%3ba=commitdiff%3bh=e907746266721f305d67bc0718795fedee2e824c	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3456	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3456	Trust: 0.8
url:	http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3456	Trust: 0.7
url:	http://www.debian.org/security/	Trust: 0.4
url:	http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c	Trust: 0.3
url:	http://wiki.qemu.org/main_page	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list	Trust: 0.3
url:	http://www.fortiguard.com/advisory/fg-ir-15-012/	Trust: 0.3
url:	http://seclists.org/bugtraq/2015/may/129	Trust: 0.3
url:	https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04706564	Trust: 0.3
url:	https://www.suse.com/support/kb/doc.php?id=7016497	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2015-1031.html	Trust: 0.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-438937.htm	Trust: 0.3
url:	https://help.joyent.com/entries/68099220-security-advisory-on-venom-cve-2015-3456-in-kvm-qemu	Trust: 0.3
url:	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098681	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21903743	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1022292	Trust: 0.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-428704.htm	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150889-1.html	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150943-1.html	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150896-1.html	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150889-2.html	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150944-1.html	Trust: 0.3
url:	https://www-304.ibm.com/connections/blogs/psirt/entry/venom_cve_2015_3456?lang=en_us	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-3456	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	http://www.debian.org/security/faq	Trust: 0.2
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7504	Trust: 0.2
url:	https://security.gentoo.org/	Trust: 0.2
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.2
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3456	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1779	Trust: 0.2
url:	https://bugs.gentoo.org.	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/cyberlifetech/elysiumvm	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38855	Trust: 0.1
url:	https://usn.ubuntu.com/2608-1/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1779	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8345	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5278	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8745	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5278	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8701	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5279	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8568	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6815	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8745	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7295	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5225	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8345	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8568	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8567	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7504	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8567	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6855	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5745	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8504	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8556	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8743	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1568	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1568	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5279	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8556	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5225	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6815	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7295	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8666	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8701	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8504	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7512	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8743	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8744	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5745	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6855	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8666	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8744	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4536	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4535	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4103	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4105	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4535	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6030	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7835	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4538	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6036	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6036	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7814	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4106	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7970	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8550	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3497	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4536	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3495	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6031	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4106	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4537	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6034	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3259	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3340	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2151	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4411	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7972	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4538	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6035	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3495	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4539	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3494	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6033	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6032	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4537	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6035	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6032	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3515	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3498	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2270	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3209	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6031	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6030	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3497	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3494	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4163	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8340	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4104	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7311	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3259	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2151	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8339	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6033	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4411	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6034	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4105	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8341	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4539	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3340	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4164	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3515	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4103	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3496	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3209	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7969	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4104	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3496	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2271	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7812	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2756	Trust: 0.1

CREDITS

Jason Geffner, CrowdStrike Senior Security Researcher

Trust: 0.3

sources: BID: 74640

SOURCES

db:	VULMON	id:	CVE-2015-3456
db:	BID	id:	74640
db:	JVNDB	id:	JVNDB-2015-002668
db:	PACKETSTORM	id:	131888
db:	PACKETSTORM	id:	131920
db:	PACKETSTORM	id:	131893
db:	PACKETSTORM	id:	131890
db:	PACKETSTORM	id:	135598
db:	PACKETSTORM	id:	136587
db:	PACKETSTORM	id:	131879
db:	CNNVD	id:	CNNVD-201505-207
db:	NVD	id:	CVE-2015-3456

LAST UPDATE DATE

2024-09-15T19:52:17.263000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2015-3456	date:	2021-11-17T00:00:00
db:	BID	id:	74640	date:	2017-04-18T00:05:00
db:	JVNDB	id:	JVNDB-2015-002668	date:	2015-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201505-207	date:	2021-11-08T00:00:00
db:	NVD	id:	CVE-2015-3456	date:	2023-11-07T02:25:38.537

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2015-3456	date:	2015-05-13T00:00:00
db:	BID	id:	74640	date:	2015-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-002668	date:	2015-05-15T00:00:00
db:	PACKETSTORM	id:	131888	date:	2015-05-13T19:44:50
db:	PACKETSTORM	id:	131920	date:	2015-05-19T14:48:58
db:	PACKETSTORM	id:	131893	date:	2015-05-13T19:45:32
db:	PACKETSTORM	id:	131890	date:	2015-05-13T19:45:08
db:	PACKETSTORM	id:	135598	date:	2016-02-04T21:45:16
db:	PACKETSTORM	id:	136587	date:	2016-04-06T13:30:13
db:	PACKETSTORM	id:	131879	date:	2015-05-13T17:43:32
db:	CNNVD	id:	CNNVD-201505-207	date:	2015-05-14T00:00:00
db:	NVD	id:	CVE-2015-3456	date:	2015-05-13T18:59:00.157