Heap-based buffer overflow in Xen

Published: 2012-01-27 | Updated: 2020-07-27

Risk	Medium
Patch available	NO
Number of vulnerabilities	1
CVE-ID	CVE-2012-0029
CWE-ID	CWE-122
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software	Xen Server applications / Virtualization software
Vendor	Xen Project

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Heap-based buffer overflow

EUVDB-ID: #VU31957

Risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-0029

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions,. A remote attacker can use crafted legacy mode packets. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Xen: 4.24

CPE2.3

cpe:2.3:a:xen_project:xen:4.24:*:*:*:*:*:*:*

External links

https://git.qemu.org/?p=qemu.git;a=log;h=refs/heads/stable-1.0
https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
https://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html
https://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
https://rhn.redhat.com/errata/RHSA-2012-0370.html
https://secunia.com/advisories/47740
https://secunia.com/advisories/47741
https://secunia.com/advisories/47992
https://secunia.com/advisories/48318
https://secunia.com/advisories/50913
https://www.redhat.com/support/errata/RHSA-2012-0050.html
https://www.securityfocus.com/bid/51642
https://www.ubuntu.com/usn/USN-1339-1
https://bugzilla.redhat.com/show_bug.cgi?id=772075
https://exchange.xforce.ibmcloud.com/vulnerabilities/72656

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.