CVE-2008-4539
CVE-2008-4539
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=sourcehttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=237342https://bugzilla.redhat.com/show_bug.cgi?id=448525https://bugzilla.redhat.com/show_bug.cgi?id=466890http://secunia.com/advisories/25073http://secunia.com/advisories/29129http://secunia.com/advisories/33350http://secunia.com/advisories/34642http://secunia.com/advisories/35031http://secunia.com/advisories/35062