7.2

CVE-2012-3515

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version < 1.2.0
XenXen Version4.0.0
XenXen Version4.1.0
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.1
OpensuseOpensuse Version12.2
SuseLinux Enterprise Desktop Version10 Updatesp4
SuseLinux Enterprise Desktop Version11 Updatesp2
SuseLinux Enterprise Server Version10 Updatesp2
SuseLinux Enterprise Server Version10 Updatesp3 SwEditionltss
SuseLinux Enterprise Server Version10 Updatesp4
SuseLinux Enterprise Server Version11 Updatesp1 SwEditionltss
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatform-
SuseLinux Enterprise Server Version11 Updatesp2 SwPlatformvmware
RedhatVirtualization Version3.0
   RedhatEnterprise Linux Version6.0
RedhatVirtualization Version5.0
RedhatVirtualization Version6.0
RedhatEnterprise Linux Eus Version6.3
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version11.04
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 SwEditionesm
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.404
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/51413
Third Party Advisory
http://secunia.com/advisories/55082
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201309-24.xml
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/50913
Third Party Advisory
http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/50689
Third Party Advisory
http://www.debian.org/security/2012/dsa-2545
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1262.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1325.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201604-03
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/50472
Third Party Advisory
http://secunia.com/advisories/50530
Third Party Advisory
http://support.citrix.com/article/CTX134708
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html
Third Party Advisory
Mailing List
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
Vendor Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2012-1233.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1234.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1235.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1236.html
Third Party Advisory
http://secunia.com/advisories/50528
Third Party Advisory
http://secunia.com/advisories/50632
Third Party Advisory
http://secunia.com/advisories/50860
Third Party Advisory
http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability
Vendor Advisory
http://www.debian.org/security/2012/dsa-2543
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/05/10
Third Party Advisory
Mailing List
Mitigation
http://www.securityfocus.com/bid/55413
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1590-1
Third Party Advisory