Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html | mailing list third party advisory vendor advisory |
| http://www.securityfocus.com/bid/62773 | vdb entry third party advisory |
| http://article.gmane.org/gmane.comp.emulators.qemu/237191 | mailing list broken link |
| http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html | mailing list third party advisory vendor advisory |
| http://www.openwall.com/lists/oss-security/2013/10/02/2 | third party advisory mailing list |
| http://osvdb.org/98028 | vdb entry broken link |
| http://rhn.redhat.com/errata/RHSA-2013-1754.html | third party advisory vendor advisory |
| http://rhn.redhat.com/errata/RHSA-2013-1553.html | third party advisory vendor advisory |
| http://www.ubuntu.com/usn/USN-2092-1 | third party advisory vendor advisory |