Details of VAR-201505-0417

ID

VAR-201505-0417

CVE

CVE-2015-3456

TITLE

QEMU Floppy Disk Controller Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201505-207

DESCRIPTION

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. QEMU is prone to a remote memory-corruption vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. 6) - i386, x86_64 3. This only affects HVM guests. For the oldstable distribution (wheezy), this problem has been fixed in version 4.1.4-3+deb7u6. The stable distribution (jessie) is already fixed through the qemu update provided as DSA-3259-1. We recommend that you upgrade your xen packages. Relevant releases/architectures: RHEV Agents (vdsm) - x86_64 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VirtualBox: Multiple vulnerabilities [REVIEW] Date: December 11, 2016 Bugs: #505274, #537218, #550964 ID: 201612-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in VirtualBox, the worst of which allows local users to escalate privileges. Background ========== VirtualBox is a powerful virtualization product from Oracle. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/virtualbox < 4.3.28 >= 4.3.28 2 app-emulation/virtualbox-bin < 4.3.28 >= 4.3.28 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All VirtualBox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/virtualbox-4.3.28" All VirtualBox-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/virtualbox-bin-4.3.28" References ========== [ 1 ] CVE-2014-0981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0981 [ 2 ] CVE-2014-0983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0983 [ 3 ] CVE-2014-6588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6588 [ 4 ] CVE-2014-6589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6589 [ 5 ] CVE-2014-6590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6590 [ 6 ] CVE-2014-6595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6595 [ 7 ] CVE-2015-0377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0377 [ 8 ] CVE-2015-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0418 [ 9 ] CVE-2015-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0427 [ 10 ] CVE-2015-3456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456 [ 11 ] CVE-2016-5608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5608 [ 12 ] CVE-2016-5610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5610 [ 13 ] CVE-2016-5611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5611 [ 14 ] CVE-2016-5613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5613 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-27 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2015:0999-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0999.html Issue date: 2015-05-13 CVE Names: CVE-2015-3456 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.2.src.rpm x86_64: libcacard-1.5.3-86.el7_1.2.i686.rpm libcacard-1.5.3-86.el7_1.2.x86_64.rpm qemu-img-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.2.i686.rpm libcacard-devel-1.5.3-86.el7_1.2.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.2.src.rpm x86_64: libcacard-1.5.3-86.el7_1.2.i686.rpm libcacard-1.5.3-86.el7_1.2.x86_64.rpm libcacard-devel-1.5.3-86.el7_1.2.i686.rpm libcacard-devel-1.5.3-86.el7_1.2.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.2.x86_64.rpm qemu-img-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.2.src.rpm ppc64: qemu-img-1.5.3-86.el7_1.2.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.ppc64.rpm x86_64: libcacard-1.5.3-86.el7_1.2.i686.rpm libcacard-1.5.3-86.el7_1.2.x86_64.rpm qemu-img-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libcacard-1.5.3-86.el7_1.2.ppc.rpm libcacard-1.5.3-86.el7_1.2.ppc64.rpm libcacard-devel-1.5.3-86.el7_1.2.ppc.rpm libcacard-devel-1.5.3-86.el7_1.2.ppc64.rpm libcacard-tools-1.5.3-86.el7_1.2.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.ppc.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.ppc64.rpm x86_64: libcacard-devel-1.5.3-86.el7_1.2.i686.rpm libcacard-devel-1.5.3-86.el7_1.2.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.2.src.rpm x86_64: libcacard-1.5.3-86.el7_1.2.i686.rpm libcacard-1.5.3-86.el7_1.2.x86_64.rpm qemu-img-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.2.i686.rpm libcacard-devel-1.5.3-86.el7_1.2.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.2.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVU1swXlSAg2UNWIIRAshIAKCZWkFNWcyvUBOx0PV9ta8YOtLgbgCdFbuw V78Qd9SnhHVz0MTvjdFcFu0= =+Vrr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2608-1 May 13, 2015 qemu, qemu-kvm vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in QEMU. Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Details: Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3456) Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-1779) Jan Beulich discovered that QEMU, when used with Xen, didn't properly restrict access to PCI command registers. A malicious guest could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2756) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: qemu-system 1:2.2+dfsg-5expubuntu9.1 qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.1 qemu-system-arm 1:2.2+dfsg-5expubuntu9.1 qemu-system-mips 1:2.2+dfsg-5expubuntu9.1 qemu-system-misc 1:2.2+dfsg-5expubuntu9.1 qemu-system-ppc 1:2.2+dfsg-5expubuntu9.1 qemu-system-sparc 1:2.2+dfsg-5expubuntu9.1 qemu-system-x86 1:2.2+dfsg-5expubuntu9.1 Ubuntu 14.10: qemu-system 2.1+dfsg-4ubuntu6.6 qemu-system-aarch64 2.1+dfsg-4ubuntu6.6 qemu-system-arm 2.1+dfsg-4ubuntu6.6 qemu-system-mips 2.1+dfsg-4ubuntu6.6 qemu-system-misc 2.1+dfsg-4ubuntu6.6 qemu-system-ppc 2.1+dfsg-4ubuntu6.6 qemu-system-sparc 2.1+dfsg-4ubuntu6.6 qemu-system-x86 2.1+dfsg-4ubuntu6.6 Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.11 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.11 qemu-system-arm 2.0.0+dfsg-2ubuntu1.11 qemu-system-mips 2.0.0+dfsg-2ubuntu1.11 qemu-system-misc 2.0.0+dfsg-2ubuntu1.11 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.11 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.11 qemu-system-x86 2.0.0+dfsg-2ubuntu1.11 Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.22 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes

Trust: 1.98

sources: NVD: CVE-2015-3456 // BID: 74640 // VULMON: CVE-2015-3456 // PACKETSTORM: 131887 // PACKETSTORM: 131920 // PACKETSTORM: 131890 // PACKETSTORM: 131912 // PACKETSTORM: 140113 // PACKETSTORM: 132083 // PACKETSTORM: 131892 // PACKETSTORM: 131899

AFFECTED PRODUCTS

vendor:	xen	model:	xen	scope:	eq	version:	4.5.0	Trust: 1.3
vendor:	redhat	model:	openstack	scope:	eq	version:	4.0	Trust: 1.3
vendor:	redhat	model:	openstack	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	openstack	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 1.0
vendor:	qemu	model:	qemu	scope:	lte	version:	2.3.0	Trust: 1.0
vendor:	redhat	model:	openstack	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise virtualization	scope:	eq	version:	3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	qemu	model:	qemu	scope:	eq	version:	2.3.0	Trust: 0.6
vendor:	xen	model:	xen	scope:	eq	version:	4.4.1	Trust: 0.3
vendor:	xen	model:	rc1	scope:	eq	version:	4.4.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.4.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.0	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	15.04	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	14.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	suse	model:	linux enterprise software development kit sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp4 ltss	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2 ltss	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1 ltss	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise expanded support	scope:	eq	version:	7	Trust: 0.3
vendor:	suse	model:	linux enterprise expanded support	scope:	eq	version:	6	Trust: 0.3
vendor:	suse	model:	linux enterprise expanded support	scope:	eq	version:	5	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.2	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.1	Trust: 0.3
vendor:	redhat	model:	openstack for rhel	scope:	eq	version:	6.07	Trust: 0.3
vendor:	redhat	model:	openstack for rhel	scope:	eq	version:	5.07	Trust: 0.3
vendor:	redhat	model:	openstack for rhel	scope:	eq	version:	5.06	Trust: 0.3
vendor:	redhat	model:	enterprise virtualization	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux virtualization server	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server eus 6.5.z	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop multi os client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	qemu	model:	qemu	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.54	Trust: 0.3
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.53	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	juniper	model:	northstar controller application	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	joyent	model:	smartdatacenter	scope:	eq	version:	0	Trust: 0.3
vendor:	joyent	model:	public cloud	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	pureapplication system	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	pureapplication system	scope:	eq	version:	2.0	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.20	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.3.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.1.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.0.1	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.3.0.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.2.1.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.2.0.0	Trust: 0.3
vendor:	ibm	model:	flex system manager	scope:	eq	version:	1.1.0.0	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c00spc300	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c10spc600	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c10cp6001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c00spc300	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r003c00	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	helion openstack	scope:	eq	version:	1.1.0	Trust: 0.3
vendor:	hp	model:	helion openstack	scope:	eq	version:	1.0.0	Trust: 0.3
vendor:	hp	model:	helion cloudsystem	scope:	eq	version:	8.1	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortisandbox	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.5	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.2	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.1	Trust: 0.3
vendor:	citrix	model:	xenserver	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	7	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	5	Trust: 0.3
vendor:	juniper	model:	northstar controller application service pack	scope:	ne	version:	2.1.01	Trust: 0.3
vendor:	huawei	model:	fusioncompute v100r005c00cp3001	scope:	ne	version:	-	Trust: 0.3
vendor:	fortinet	model:	fortisandbox	scope:	ne	version:	2.0.3	Trust: 0.3

sources: BID: 74640 // CNNVD: CNNVD-201505-207 // NVD: CVE-2015-3456

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3456
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201505-207
value:	HIGH
Trust: 0.6
VULMON:	CVE-2015-3456
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-3456
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

sources: VULMON: CVE-2015-3456 // CNNVD: CNNVD-201505-207 // NVD: CVE-2015-3456

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2015-3456

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201505-207

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201505-207

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2015-3456

PATCH

title:	xsa133-qemuu	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55519	Trust: 0.6
title:	xsa133-qemut	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55518	Trust: 0.6
title:	xsa133-qemuu-4.3-4.2	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55520	Trust: 0.6
title:	qemu.git-e907746266721f305d67bc0718795fedee2e824c	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55517	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2016/05/05/poc_exploit_tripled_2015_study/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2015/05/19/oracle_patches_venom/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2015/05/14/venom_analysis/	Trust: 0.2
title:	Debian CVElist Bug Report Logs: virtualbox: CVE-2015-3456: floppy driver host code execution	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1e9cefc84b9a72ae90225e9ff55d95b7	Trust: 0.1
title:	Debian Security Advisories: DSA-3262-1 xen -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=062e555c99e007ed070757c824f250eb	Trust: 0.1
title:	Debian Security Advisories: DSA-3274-1 virtualbox -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=13673fabccef0c794fd2bc2944597470	Trust: 0.1
title:	Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2608-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3259-1 qemu -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=57edcd554beef990c5db7c77e4410e91	Trust: 0.1
title:	Debian CVElist Bug Report Logs: qemu: CVE-2014-9718 CVE-2015-1779	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a8c61c5fbe108faa83788a9a61ccb677	Trust: 0.1
title:	Symantec Security Advisories: SA95 : VENOM Vulnerability in Virtualization Platforms	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=015b922e5570d0f4c9f66b103d8e694a	Trust: 0.1
title:	Oracle: Oracle Security Alert for CVE-2015-3456	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=222bdb74a04df3dae048eda54c80f9ea	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2015	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=459961024c4bdce7bb3a1a40a65a6f2e	Trust: 0.1
title:	elysiumVM	url:	https://github.com/cyberlifetech/elysiumVM	Trust: 0.1
title:	cve-2015-3456	url:	https://github.com/vincentbernat/cve-2015-3456	Trust: 0.1
title:	-	url:	https://github.com/RUB-SysSec/Hypercube	Trust: 0.1
title:	laputa	url:	https://github.com/takuzoo3868/laputa	Trust: 0.1
title:	cookbook-xs-maintenance	url:	https://github.com/pigram86/cookbook-xs-maintenance	Trust: 0.1
title:	rhsecapi	url:	https://github.com/RedHatOfficial/rhsecapi	Trust: 0.1
title:	cve-pylib	url:	https://github.com/RedHatProductSecurity/cve-pylib	Trust: 0.1

sources: VULMON: CVE-2015-3456 // CNNVD: CNNVD-201505-207

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3456	Trust: 2.8
db:	BID	id:	74640	Trust: 2.0
db:	JUNIPER	id:	JSA10783	Trust: 2.0
db:	SECTRACK	id:	1032917	Trust: 1.7
db:	SECTRACK	id:	1032306	Trust: 1.7
db:	SECTRACK	id:	1032311	Trust: 1.7
db:	EXPLOIT-DB	id:	37053	Trust: 1.7
db:	JUNIPER	id:	JSA10693	Trust: 1.7
db:	MCAFEE	id:	SB10118	Trust: 1.7
db:	CNNVD	id:	CNNVD-201505-207	Trust: 0.6
db:	VULMON	id:	CVE-2015-3456	Trust: 0.1
db:	PACKETSTORM	id:	131887	Trust: 0.1
db:	PACKETSTORM	id:	131920	Trust: 0.1
db:	PACKETSTORM	id:	131890	Trust: 0.1
db:	PACKETSTORM	id:	131912	Trust: 0.1
db:	PACKETSTORM	id:	140113	Trust: 0.1
db:	PACKETSTORM	id:	132083	Trust: 0.1
db:	PACKETSTORM	id:	131892	Trust: 0.1
db:	PACKETSTORM	id:	131899	Trust: 0.1

sources: VULMON: CVE-2015-3456 // BID: 74640 // PACKETSTORM: 131887 // PACKETSTORM: 131920 // PACKETSTORM: 131890 // PACKETSTORM: 131912 // PACKETSTORM: 140113 // PACKETSTORM: 132083 // PACKETSTORM: 131892 // PACKETSTORM: 131899 // CNNVD: CNNVD-201505-207 // NVD: CVE-2015-3456

REFERENCES

url:	http://support.citrix.com/article/ctx201078	Trust: 2.6
url:	http://www.debian.org/security/2015/dsa-3274	Trust: 2.3
url:	http://www.securityfocus.com/bid/74640	Trust: 2.3
url:	http://www.debian.org/security/2015/dsa-3259	Trust: 2.3
url:	http://www.debian.org/security/2015/dsa-3262	Trust: 2.3
url:	http://rhn.redhat.com/errata/rhsa-2015-0999.html	Trust: 2.1
url:	http://rhn.redhat.com/errata/rhsa-2015-1001.html	Trust: 2.1
url:	http://rhn.redhat.com/errata/rhsa-2015-1011.html	Trust: 2.1
url:	http://rhn.redhat.com/errata/rhsa-2015-1000.html	Trust: 2.0
url:	http://xenbits.xen.org/xsa/advisory-133.html	Trust: 2.0
url:	https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/	Trust: 2.0
url:	http://venom.crowdstrike.com/	Trust: 2.0
url:	http://rhn.redhat.com/errata/rhsa-2015-1004.html	Trust: 2.0
url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 2.0
url:	http://rhn.redhat.com/errata/rhsa-2015-0998.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2608-1	Trust: 1.8
url:	https://www.exploit-db.com/exploits/37053/	Trust: 1.8
url:	https://security.gentoo.org/glsa/201612-27	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2015-1002.html	Trust: 1.7
url:	https://access.redhat.com/articles/1444903	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2015-1003.html	Trust: 1.7
url:	https://www.suse.com/security/cve/cve-2015-3456.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=143229451215900&w=2	Trust: 1.7
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10118	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158072.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html	Trust: 1.7
url:	https://support.lenovo.com/us/en/product_security/venom	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=143387998230996&w=2	Trust: 1.7
url:	http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm	Trust: 1.7
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10693	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa95	Trust: 1.7
url:	http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html	Trust: 1.7
url:	http://www.securitytracker.com/id/1032311	Trust: 1.7
url:	http://www.securitytracker.com/id/1032306	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html	Trust: 1.7
url:	https://kb.juniper.net/jsa10783	Trust: 1.7
url:	https://security.gentoo.org/glsa/201604-03	Trust: 1.7
url:	https://security.gentoo.org/glsa/201602-01	Trust: 1.7
url:	http://www.securitytracker.com/id/1032917	Trust: 1.7
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10	Trust: 1.7
url:	http://git.qemu.org/?p=qemu.git%3ba=commitdiff%3bh=e907746266721f305d67bc0718795fedee2e824c	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3456	Trust: 0.8
url:	http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2015-3456	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	http://www.debian.org/security/	Trust: 0.4
url:	http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c	Trust: 0.3
url:	http://wiki.qemu.org/main_page	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list	Trust: 0.3
url:	http://www.fortiguard.com/advisory/fg-ir-15-012/	Trust: 0.3
url:	http://seclists.org/bugtraq/2015/may/129	Trust: 0.3
url:	https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04706564	Trust: 0.3
url:	https://www.suse.com/support/kb/doc.php?id=7016497	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2015-1031.html	Trust: 0.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-438937.htm	Trust: 0.3
url:	https://help.joyent.com/entries/68099220-security-advisory-on-venom-cve-2015-3456-in-kvm-qemu	Trust: 0.3
url:	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098681	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21903743	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1022292	Trust: 0.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-428704.htm	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150889-1.html	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150943-1.html	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150896-1.html	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150889-2.html	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2015/suse-su-20150944-1.html	Trust: 0.3
url:	https://www-304.ibm.com/connections/blogs/psirt/entry/venom_cve_2015_3456?lang=en_us	Trust: 0.3
url:	http://www.debian.org/security/faq	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/cyberlifetech/elysiumvm	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38855	Trust: 0.1
url:	https://usn.ubuntu.com/2608-1/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5611	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5610	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0981	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0418	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6590	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0983	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5608	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0981	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0377	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0377	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0427	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5613	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6588	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6595	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0427	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6589	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0983	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3456	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5610	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5608	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0418	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6588	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6590	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5613	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5611	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6589	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.11	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu9.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-4ubuntu6.6	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1779	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2756	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.22	Trust: 0.1

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 131887 // PACKETSTORM: 131890 // PACKETSTORM: 131912 // PACKETSTORM: 131892

SOURCES

db:	VULMON	id:	CVE-2015-3456
db:	BID	id:	74640
db:	PACKETSTORM	id:	131887
db:	PACKETSTORM	id:	131920
db:	PACKETSTORM	id:	131890
db:	PACKETSTORM	id:	131912
db:	PACKETSTORM	id:	140113
db:	PACKETSTORM	id:	132083
db:	PACKETSTORM	id:	131892
db:	PACKETSTORM	id:	131899
db:	CNNVD	id:	CNNVD-201505-207
db:	NVD	id:	CVE-2015-3456

LAST UPDATE DATE

2024-11-19T22:20:08.752000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2015-3456	date:	2021-11-17T00:00:00
db:	BID	id:	74640	date:	2017-04-18T00:05:00
db:	CNNVD	id:	CNNVD-201505-207	date:	2021-11-08T00:00:00
db:	NVD	id:	CVE-2015-3456	date:	2023-11-07T02:25:38.537

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2015-3456	date:	2015-05-13T00:00:00
db:	BID	id:	74640	date:	2015-05-13T00:00:00
db:	PACKETSTORM	id:	131887	date:	2015-05-13T19:44:44
db:	PACKETSTORM	id:	131920	date:	2015-05-19T14:48:58
db:	PACKETSTORM	id:	131890	date:	2015-05-13T19:45:08
db:	PACKETSTORM	id:	131912	date:	2015-05-17T02:42:42
db:	PACKETSTORM	id:	140113	date:	2016-12-12T04:22:22
db:	PACKETSTORM	id:	132083	date:	2015-05-29T23:37:29
db:	PACKETSTORM	id:	131892	date:	2015-05-13T19:45:24
db:	PACKETSTORM	id:	131899	date:	2015-05-13T19:17:35
db:	CNNVD	id:	CNNVD-201505-207	date:	2015-05-14T00:00:00
db:	NVD	id:	CVE-2015-3456	date:	2015-05-13T18:59:00.157