Vulnerabilities > CVE-2017-7539
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
Vulnerable Configurations
Nessus
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2017-2628.NASL |
description | An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es) : * An assertion-failure flaw was found in the Network Block Device (NBD) server |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 103040 |
published | 2017-09-08 |
reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/103040 |
title | RHEL 7 : qemu-kvm-rhev (RHSA-2017:2628) |
code |
|
Redhat
advisories |
| ||||||||||||||||||||||||||||
rpms |
|
References
- http://www.openwall.com/lists/oss-security/2017/07/21/4
- http://www.openwall.com/lists/oss-security/2017/07/21/4
- http://www.securityfocus.com/bid/99944
- http://www.securityfocus.com/bid/99944
- https://access.redhat.com/errata/RHSA-2017:2628
- https://access.redhat.com/errata/RHSA-2017:2628
- https://access.redhat.com/errata/RHSA-2017:3466
- https://access.redhat.com/errata/RHSA-2017:3466
- https://access.redhat.com/errata/RHSA-2017:3470
- https://access.redhat.com/errata/RHSA-2017:3470
- https://access.redhat.com/errata/RHSA-2017:3471
- https://access.redhat.com/errata/RHSA-2017:3471
- https://access.redhat.com/errata/RHSA-2017:3472
- https://access.redhat.com/errata/RHSA-2017:3472
- https://access.redhat.com/errata/RHSA-2017:3473
- https://access.redhat.com/errata/RHSA-2017:3473
- https://access.redhat.com/errata/RHSA-2017:3474
- https://access.redhat.com/errata/RHSA-2017:3474
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19