libslirp»º³åÇøÃýÎó·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-08-28

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-14378£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º8.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


libslirp 4.0.0°æ±¾


·ì϶¸ÅÊö


libslirpÊÇÒ»¿îÓÃÓÚÔÚÐé¹¹»úÖÎÀí·¨Ê½ÖÐÖÎÀíÐé¹¹ÍøÂç·þÎñµÄͨÓÃTCP-IP·ÂÕÕÆ÷¡£


libslirp 4.0.0°æ±¾ÖеÄip_input.cÎļþµÄ¡®ip_reass¡¯º¯Êý´æÔÚ»º³åÇøÃýÎó·ì϶¡£¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÄÚ´æÉÏÖ´ÐвÙ×÷ʱ£¬Î´ÕýÈ·ÑéÖ¤Êý¾ÝÌìǵ£¬µ¼ÖÂÏò¹ØÁªµÄÆäËûÄÚ´æµØλÉÏÖ´ÐÐÁËÃýÎóµÄ¶Áд²Ù×÷¡£


¹¥»÷ÕßÄܹ»Ê¹Óô˷ì϶ʹÖ÷»úÉϵÄQEMU¹ý³Ì±ÀÀ££¬´Ó¶øµ¼Ö»ؾø·þÎñ»ò¿ÉÄÜÒÔQEMU¹ý³ÌµÄȨÏÞÖ´ÐÐËÁÒâ´úÂ룬QEMU±»ÒÔΪÊÇVMwareµÄÃâ·Ñ´úÌæÆ·£¬¿ÉÓÃÓÚ¼¸¸öÖØÒªµÄLinux¿¯Ðа棬Ëü±»Xen£¬VirtualBoxºÍKVMʹÓá£


·ì϶ÑéÖ¤


EXPÊÓƵ£ºhttps://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬²¹¶¡»ñÈ¡Á´½Ó£ºhttps://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210¡£


ÒÔϳ§É̱ðÀë·¢Á˲¼¸æ»òÕß²¹¶¡£º


RedHat: https://access.redhat.com/security/cve/cve-2019-14378


SUSE: https://www.suse.com/support/update/announcement/2019/suse-su-201914151-1/


Fedora:ttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/


Debian: https://security-tracker.debian.org/tracker/CVE-2019-14378


Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14378.html


²Î¿¼Á´½Ó


https://www.securityweek.com/code-execution-flaw-qemu-mostly-impacts-development-test-vms