Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-3616

Published: 23 October 2009

Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.

Notes

AuthorNote
jdstrand 
versions 0.9.1 and earlier are not affected. Need the following
commit to be affected:
http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331. This came in
0.10.0 (from ChangeLog: 'Multiple VNC clients are now supported')
kvm-84 as included in Ubuntu 9.04 does not contain the affected
code (it has a pre-release version of qemu 0.10.0)
kvm-84 in hardy-backports and intrepid-backports are not affected
(they are based on kvm-84 from Ubuntu 9.04)
simply search for VncDisplay in vnc.c to see if might be affected

Priority

High

Cvss 3 Severity Score

9.9

Score breakdown

Status

Package Release Status
kvm
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable
(code not present)
karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream Needs triage

qemu
Launchpad, Ubuntu, Debian 		dapper Not vulnerable

hardy Not vulnerable

intrepid Not vulnerable
(code not present)
jaunty Ignored
(end of life)
karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream
Released (0.10.7)
Patches:
upstream: http://git.savannah.gnu.org/cgit/qemu.git/commit/?h=stable-0.10&id=c2723a9606

qemu-kvm
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Not vulnerable
(0.11.0-0ubuntu1)
lucid Not vulnerable
(0.11.0-0ubuntu1)
maverick Not vulnerable
(0.11.0-0ubuntu1)
upstream
Released (0.11.0)
Patches:

vendor: http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5

Severity score breakdown

Parameter Value
Base score 9.9
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading