Details of VAR-201506-0038

ID

VAR-201506-0038

CVE

CVE-2015-3209

TITLE

Xen QEMU PCNET Controller Heap Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2015-03820

DESCRIPTION

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Xen is a virtualization technology for the Linux kernel that allows multiple operating systems to run simultaneously. QEMU is prone to a heap-based buffer-overflow vulnerability. Failed attacks will cause denial-of-service conditions. QEMU (also known as Quick Emulator) is a set of analog processor software developed by French programmer Fabrice Bellard. The software has the characteristics of fast speed and cross-platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kvm security update Advisory ID: RHSA-2015:1189-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1189.html Issue date: 2015-06-25 CVE Names: CVE-2015-3209 ===================================================================== 1. Summary: Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. (CVE-2015-3209) Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (https://bugzilla.redhat.com/): 1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path 6. Package List: RHEL Desktop Multi OS (v. 5 client): Source: kvm-83-273.el5_11.src.rpm x86_64: kmod-kvm-83-273.el5_11.x86_64.rpm kmod-kvm-debug-83-273.el5_11.x86_64.rpm kvm-83-273.el5_11.x86_64.rpm kvm-debuginfo-83-273.el5_11.x86_64.rpm kvm-qemu-img-83-273.el5_11.x86_64.rpm kvm-tools-83-273.el5_11.x86_64.rpm RHEL Virtualization (v. 5 server): Source: kvm-83-273.el5_11.src.rpm x86_64: kmod-kvm-83-273.el5_11.x86_64.rpm kmod-kvm-debug-83-273.el5_11.x86_64.rpm kvm-83-273.el5_11.x86_64.rpm kvm-debuginfo-83-273.el5_11.x86_64.rpm kvm-qemu-img-83-273.el5_11.x86_64.rpm kvm-tools-83-273.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3209 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVjAbPXlSAg2UNWIIRAlgXAKCMoorgtYhIq9bFMVqEVZBNl4iqHwCguGTx SmIh0KT+gbe8ghRumo9UhyU= =3EVW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . CVE-2015-4037 Kurt Seifried of Red Hat Product Security discovered that QEMU's user mode networking stack uses predictable temporary file names when the -smb option is used. CVE-2015-4103 Jan Beulich discovered that the QEMU Xen code does not properly restrict write access to the host MSI message data field, allowing a malicious guest to cause a denial of service. CVE-2015-4104 Jan Beulich discovered that the QEMU Xen code does not properly restrict access to PCI MSI mask bits, allowing a malicious guest to cause a denial of service. CVE-2015-4105 Jan Beulich reported that the QEMU Xen code enables logging for PCI MSI-X pass-through error messages, allowing a malicious guest to cause a denial of service. CVE-2015-4106 Jan Beulich discovered that the QEMU Xen code does not properly restrict write access to the PCI config space for certain PCI pass-through devices, allowing a malicious guest to cause a denial of service, obtain sensitive information or potentially execute arbitrary code. CVE-2015-4163 Jan Beulich discovered that a missing version check in the GNTTABOP_swap_grant_ref hypercall handler may result in denial of service. This only applies to Debian stable/jessie. CVE-2015-4164 Andrew Cooper discovered a vulnerability in the iret hypercall handler, which may result in denial of service. For the oldstable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u8. For the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and CVE-2015-4106 don't affect the Xen package in stable jessie, it uses the standard qemu package and has already been fixed in DSA-3284-1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your xen packages. From: Yury German <blueknight@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <57035F2D.8090108@gentoo.org> Subject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201604-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: April 05, 2016 Bugs: #445254, #513832, #547202, #549200, #549950, #550658, #553664, #553718, #555532, #556304, #561110, #564472, #564932, #566798, #566838, #566842, #567962, #571552, #571556, #574012 ID: 201604-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.6.0-r9 >= 4.6.0-r9 *>= 4.5.2-r5 2 app-emulation/xen-pvgrub < 4.6.0 Vulnerable! 3 app-emulation/xen-tools < 4.6.0-r9 >= 4.6.0-r9 *>= 4.5.2-r5 4 app-emulation/pvgrub >= 4.6.0 *>= 4.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen 4.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5" All Xen 4.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9" All Xen tools 4.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.5.2-r5" All Xen tools 4.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.6.0-r9" All Xen pvgrub users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"= References ========== [ 1 ] CVE-2012-3494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494 [ 2 ] CVE-2012-3495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495 [ 3 ] CVE-2012-3496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496 [ 4 ] CVE-2012-3497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497 [ 5 ] CVE-2012-3498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498 [ 6 ] CVE-2012-3515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515 [ 7 ] CVE-2012-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411 [ 8 ] CVE-2012-4535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535 [ 9 ] CVE-2012-4536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536 [ 10 ] CVE-2012-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537 [ 11 ] CVE-2012-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538 [ 12 ] CVE-2012-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539 [ 13 ] CVE-2012-6030 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030 [ 14 ] CVE-2012-6031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031 [ 15 ] CVE-2012-6032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032 [ 16 ] CVE-2012-6033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033 [ 17 ] CVE-2012-6034 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034 [ 18 ] CVE-2012-6035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035 [ 19 ] CVE-2012-6036 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036 [ 20 ] CVE-2015-2151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151 [ 21 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 22 ] CVE-2015-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259 [ 23 ] CVE-2015-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340 [ 24 ] CVE-2015-3456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456 [ 25 ] CVE-2015-4103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103 [ 26 ] CVE-2015-4104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104 [ 27 ] CVE-2015-4105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105 [ 28 ] CVE-2015-4106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106 [ 29 ] CVE-2015-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163 [ 30 ] CVE-2015-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164 [ 31 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 32 ] CVE-2015-7311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311 [ 33 ] CVE-2015-7504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504 [ 34 ] CVE-2015-7812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812 [ 35 ] CVE-2015-7813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813 [ 36 ] CVE-2015-7814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814 [ 37 ] CVE-2015-7835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835 [ 38 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 39 ] CVE-2015-7969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969 [ 40 ] CVE-2015-7970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970 [ 41 ] CVE-2015-7971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971 [ 42 ] CVE-2015-7972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972 [ 43 ] CVE-2015-8339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339 [ 44 ] CVE-2015-8340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340 [ 45 ] CVE-2015-8341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341 [ 46 ] CVE-2015-8550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550 [ 47 ] CVE-2015-8551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551 [ 48 ] CVE-2015-8552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552 [ 49 ] CVE-2015-8554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554 [ 50 ] CVE-2015-8555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555 [ 51 ] CVE-2016-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270 [ 52 ] CVE-2016-2271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201604-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc . Relevant releases/architectures: RHEV Agents (vdsm) - x86_64 3. After installing this update, shut down all running virtual machines. Background ========== QEMU is a generic and open source machine emulator and virtualizer. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.43

sources: NVD: CVE-2015-3209 // CNVD: CNVD-2015-03820 // BID: 75123 // VULHUB: VHN-81170 // PACKETSTORM: 132447 // PACKETSTORM: 132289 // PACKETSTORM: 132290 // PACKETSTORM: 136587 // PACKETSTORM: 132241 // PACKETSTORM: 132240 // PACKETSTORM: 134165

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03820

AFFECTED PRODUCTS

vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	lte	version:	15.1	Trust: 1.0
vendor:	qemu	model:	qemu	scope:	lte	version:	2.3.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.14	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	21	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.15	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.10	Trust: 1.0
vendor:	redhat	model:	openstack	scope:	eq	version:	5.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	20	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	22	Trust: 1.0
vendor:	suse	model:	linux enterprise debuginfo	scope:	eq	version:	11	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.13	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 1.0
vendor:	redhat	model:	virtualization	scope:	eq	version:	3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	11	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	11	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.04	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.12	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	5.0	Trust: 1.0
vendor:	xensource	model:	xen	scope:	eq	version:	4.2.x	Trust: 0.6
vendor:	xensource	model:	xen	scope:	eq	version:	4.3.x	Trust: 0.6
vendor:	xensource	model:	xen	scope:	eq	version:	4.4.x	Trust: 0.6
vendor:	juniper	model:	junos space	scope:	eq	version:	15.1	Trust: 0.6
vendor:	xen	model:	xen	scope:	eq	version:	4.5.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.4.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.4.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.4	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.3	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.2	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2.0	Trust: 0.3
vendor:	xen	model:	xen	scope:	eq	version:	4.2	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	15.04	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	14.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	suse	model:	linux enterprise software development kit sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1 ltss	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp4 ltss	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2 ltss	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.2	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.1	Trust: 0.3
vendor:	redhat	model:	openstack for rhel	scope:	eq	version:	5.06	Trust: 0.3
vendor:	redhat	model:	enterprise virtualization	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux virtualization server	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server eus 6.6.z	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop multi os client	scope:	eq	version:	5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	qemu	model:	qemu	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	juniper	model:	northstar controller application	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	5	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.3	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.3.9.3	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.3.8.3	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.3.0.3	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0	Trust: 0.3
vendor:	juniper	model:	northstar controller application service pack	scope:	ne	version:	2.1.01	Trust: 0.3

sources: CNVD: CNVD-2015-03820 // BID: 75123 // CNNVD: CNNVD-201506-282 // NVD: CVE-2015-3209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3209
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2015-03820
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201506-282
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81170
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-3209
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2015-03820
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-81170
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03820 // VULHUB: VHN-81170 // CNNVD: CNNVD-201506-282 // NVD: CVE-2015-3209

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-81170 // NVD: CVE-2015-3209

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-282

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201506-282

PATCH

title:	Xen QEMU PCNET Controller Heap Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/59683	Trust: 0.6
title:	xsa135-qemut-1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56387	Trust: 0.6
title:	xsa135-qemuu-4.2-2	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56391	Trust: 0.6
title:	xsa135-qemuu-4.5-2	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56395	Trust: 0.6
title:	xsa135-qemuu-4.2-1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56390	Trust: 0.6
title:	xsa135-qemuu-4.5-1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56394	Trust: 0.6
title:	xsa135-qemuu-unstable	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56389	Trust: 0.6
title:	xsa135-qemuu-4.3-2	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56393	Trust: 0.6
title:	xsa135-qemut-2	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56388	Trust: 0.6
title:	xsa135-qemuu-4.3-1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=56392	Trust: 0.6

sources: CNVD: CNVD-2015-03820 // CNNVD: CNNVD-201506-282

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3209	Trust: 3.3
db:	BID	id:	75123	Trust: 2.6
db:	JUNIPER	id:	JSA10783	Trust: 2.0
db:	SECTRACK	id:	1032545	Trust: 1.7
db:	JUNIPER	id:	JSA10698	Trust: 1.7
db:	CNNVD	id:	CNNVD-201506-282	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03820	Trust: 0.6
db:	PACKETSTORM	id:	132290	Trust: 0.2
db:	PACKETSTORM	id:	134165	Trust: 0.2
db:	PACKETSTORM	id:	132240	Trust: 0.2
db:	PACKETSTORM	id:	132289	Trust: 0.2
db:	PACKETSTORM	id:	132447	Trust: 0.2
db:	PACKETSTORM	id:	132241	Trust: 0.2
db:	PACKETSTORM	id:	132242	Trust: 0.1
db:	PACKETSTORM	id:	132251	Trust: 0.1
db:	VULHUB	id:	VHN-81170	Trust: 0.1
db:	PACKETSTORM	id:	136587	Trust: 0.1

sources: CNVD: CNVD-2015-03820 // VULHUB: VHN-81170 // BID: 75123 // PACKETSTORM: 132447 // PACKETSTORM: 132289 // PACKETSTORM: 132290 // PACKETSTORM: 136587 // PACKETSTORM: 132241 // PACKETSTORM: 132240 // PACKETSTORM: 134165 // CNNVD: CNNVD-201506-282 // NVD: CVE-2015-3209

REFERENCES

url:	http://xenbits.xen.org/xsa/advisory-135.html	Trust: 2.6
url:	http://rhn.redhat.com/errata/rhsa-2015-1088.html	Trust: 2.1
url:	http://rhn.redhat.com/errata/rhsa-2015-1089.html	Trust: 2.1
url:	http://rhn.redhat.com/errata/rhsa-2015-1087.html	Trust: 2.0
url:	https://security.gentoo.org/glsa/201510-02	Trust: 1.8
url:	https://security.gentoo.org/glsa/201604-03	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2015-1189.html	Trust: 1.8
url:	http://www.securitytracker.com/id/1032545	Trust: 1.7
url:	http://www.securityfocus.com/bid/75123	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3284	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3285	Trust: 1.7
url:	http://www.debian.org/security/2015/dsa-3286	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160669.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160685.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160677.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2630-1	Trust: 1.7
url:	https://kb.juniper.net/jsa10783	Trust: 1.7
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13	Trust: 1.7
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 1.6
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1225882	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2015-3209	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3209	Trust: 0.7
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3209	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1189	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1088	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1089	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1087	Trust: 0.6
url:	https://www.mail-archive.com/qemu-devel@nongnu.org/msg302403.html	Trust: 0.3
url:	http://wiki.qemu.org/main_page	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10783&cat=sirt_1&actp=list	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/101011972	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4105	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4103	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4106	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4104	Trust: 0.2
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5154	Trust: 0.2
url:	https://security.gentoo.org/	Trust: 0.2
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.2
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3209	Trust: 0.2
url:	https://bugs.gentoo.org.	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4037	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4164	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4163	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4536	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7504	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4535	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4105	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4535	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6030	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7835	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4538	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6036	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6036	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7814	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4106	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7970	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8550	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3456	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3497	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4536	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3495	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6031	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4537	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6034	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3259	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3340	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2151	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4411	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7972	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4538	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6035	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3495	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4539	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3494	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6033	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6032	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4537	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6035	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6032	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3515	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3498	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2270	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6031	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6030	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3497	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3494	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4163	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8340	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7311	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3259	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2151	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8339	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6033	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4411	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6034	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8341	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-4539	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3340	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4164	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3515	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4103	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3496	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3456	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7969	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4104	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-3496	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2271	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7812	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3214	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3214	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5158	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5158	Trust: 0.1

CREDITS

Matt Tait of Google's Project Zero security team.

Trust: 0.3

sources: BID: 75123

SOURCES

db:	CNVD	id:	CNVD-2015-03820
db:	VULHUB	id:	VHN-81170
db:	BID	id:	75123
db:	PACKETSTORM	id:	132447
db:	PACKETSTORM	id:	132289
db:	PACKETSTORM	id:	132290
db:	PACKETSTORM	id:	136587
db:	PACKETSTORM	id:	132241
db:	PACKETSTORM	id:	132240
db:	PACKETSTORM	id:	134165
db:	CNNVD	id:	CNNVD-201506-282
db:	NVD	id:	CVE-2015-3209

LAST UPDATE DATE

2025-02-20T20:36:54.680000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03820	date:	2015-06-17T00:00:00
db:	VULHUB	id:	VHN-81170	date:	2023-02-13T00:00:00
db:	BID	id:	75123	date:	2017-04-18T00:05:00
db:	CNNVD	id:	CNNVD-201506-282	date:	2023-04-10T00:00:00
db:	NVD	id:	CVE-2015-3209	date:	2024-11-21T02:28:54.573

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03820	date:	2015-06-17T00:00:00
db:	VULHUB	id:	VHN-81170	date:	2015-06-15T00:00:00
db:	BID	id:	75123	date:	2015-06-10T00:00:00
db:	PACKETSTORM	id:	132447	date:	2015-06-25T14:19:06
db:	PACKETSTORM	id:	132289	date:	2015-06-15T15:43:00
db:	PACKETSTORM	id:	132290	date:	2015-06-15T15:43:07
db:	PACKETSTORM	id:	136587	date:	2016-04-06T13:30:13
db:	PACKETSTORM	id:	132241	date:	2015-06-10T23:39:14
db:	PACKETSTORM	id:	132240	date:	2015-06-10T23:36:31
db:	PACKETSTORM	id:	134165	date:	2015-11-02T16:49:11
db:	CNNVD	id:	CNNVD-201506-282	date:	2015-06-16T00:00:00
db:	NVD	id:	CVE-2015-3209	date:	2015-06-15T15:59:00.070