Lucene search

[email protected]CVE-2013-4344

HistoryOct 04, 2013 - 5:55 p.m.

CVE-2013-4344

2013-10-0417:55:09

CWE-120

[email protected]

web.nvd.nist.gov

cve-2013-4344

buffer overflow

qemu

scsi

xen

local privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

Affected configurations

NVD

Node

qemuqemuRange≤1.6.2

Node

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

Node

redhatvirtualizationMatch3.0

AND

redhatenterprise_linuxMatch6.0

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

CPENameOperatorVersion
qemu:qemuqemule1.6.2

CPE	Name	Operator	Version
qemu:qemu	qemu	le	1.6.2

References

article.gmane.org/gmane.comp.emulators.qemu/237191

lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html

lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html

osvdb.org/98028

rhn.redhat.com/errata/RHSA-2013-1553.html

rhn.redhat.com/errata/RHSA-2013-1754.html

www.openwall.com/lists/oss-security/2013/10/02/2

www.securityfocus.com/bid/62773

www.ubuntu.com/usn/USN-2092-1

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-4344

mageia1 nessus16 cvelist1 ubuntucve1 oraclelinux1 prion1 openvas17 nvd1 redhat3 fedora3 centos1 xen1 veracode1 debiancve1 osv2 debian4 securityvulns2 ubuntu1 suse3