Description
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- QEMU / QEMU0.10.6
- RedHat / enterprise_linux_server5.0 – 5.0
- RedHat / enterprise_linux_workstation5.0 – 5.0
References
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=501131
- MISChttp://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/10/16/8
- MISChttp://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5
- MAILING_LISThttp://marc.info/?l=qemu-devel&m=124324043812915
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=508567
- MISChttp://www.securityfocus.com/bid/36716
- MISChttp://rhn.redhat.com/errata/RHEA-2009-1272.html
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/10/16/5
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=505641