Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 2404-1 (xen-qemu-dm-4.0)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.4

CVSSv2 Vector

CVSSv2 Vector

AV:A/AC:M/Au:S/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

3 years ago

Summary

The remote host is missing an update to xen-qemu-dm-4.0 announced via advisory DSA 2404-1.

Insight

Insight

Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges. The old stable distribution (lenny) does not contain the xen-qemu-dm-4.0 package. For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-2+squeeze1. The testing distribution (wheezy) and the unstable distribution (sid) will be fixed soon.

Common Vulnerabilities and Exposures (CVE)