Lucene search

[email protected]NVD:CVE-2013-4344

HistoryOct 04, 2013 - 5:55 p.m.

CVE-2013-4344

2013-10-0417:55:09

CWE-120

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

Affected configurations

NVD

Node

qemuqemuRange≤1.6.2

Node

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

Node

redhatvirtualizationMatch3.0

AND

redhatenterprise_linuxMatch6.0

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

References

article.gmane.org/gmane.comp.emulators.qemu/237191

lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html

lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html

osvdb.org/98028

rhn.redhat.com/errata/RHSA-2013-1553.html

rhn.redhat.com/errata/RHSA-2013-1754.html

www.openwall.com/lists/oss-security/2013/10/02/2

www.securityfocus.com/bid/62773

www.ubuntu.com/usn/USN-2092-1

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2013-4344

mageia1 nessus16 xen1 fedora3 veracode1 debiancve1 openvas17 cve1 redhat3 centos1 cvelist1 oraclelinux1 prion1 ubuntucve1 debian4 osv2 securityvulns2 ubuntu1 suse3