English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Xen Qemu "e1000_receive()" Buffer Overflow Vulnerability


Secunia ID

SA51798

CVE-ID

CVE-2012-6075

Release Date

17 Jan 2013

Criticality

Moderately Critical

Solution Status

Vendor Workaround

Software

Xen 4.x

Where

From local network

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

A vulnerability has been reported in Xen, which can be exploited by malicious people to compromise a vulnerable system.

For more information see vulnerability #2 in:
SA47740

The vulnerability is reported in versions 4.1.x.

Solution

Fixed in the GIT repository.
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c0331f4f7d241995452b99afaf0aab00493334a

Original Advisory

XSA-41:
http://www.openwall.com/lists/oss-security/2013/01/16/9