libslirp»º³åÇø¹ýʧÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-08-28

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-14378 £¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬CVSS·ÖÖµ£º8.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


libslirp 4.0.0°æ±¾


Îó²î¸ÅÊö


libslirpÊÇÒ»¿îÓÃÓÚÔÚÐéÄâ»úÖÎÀí³ÌÐòÖÐÖÎÀíÐéÄâÍøÂçЧÀ͵ÄͨÓÃTCP-IPÄ£ÄâÆ÷¡£¡£¡£


libslirp 4.0.0°æ±¾ÖеÄip_input.cÎļþµÄ¡®ip_reass¡¯º¯Êý±£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÄÚ´æÉÏÖ´ÐвÙ×÷ʱ £¬£¬£¬Î´×¼È·ÑéÖ¤Êý¾Ý½çÏß £¬£¬£¬µ¼ÖÂÏò¹ØÁªµÄÆäËûÄÚ´æλÖÃÉÏÖ´ÐÐÁ˹ýʧµÄ¶Áд²Ù×÷¡£¡£¡£


¹¥»÷Õß¿ÉÒÔʹÓôËÎó²îʹÖ÷»úÉϵÄQEMUÀú³ÌÍ߽⠣¬£¬£¬´Ó¶øµ¼Ö¾ܾøЧÀÍ»ò¿ÉÄÜÒÔQEMUÀú³ÌµÄȨÏÞÖ´ÐÐí§Òâ´úÂë £¬£¬£¬QEMU±»ÒÔΪÊÇVMwareµÄÃâ·ÑÌ滻Ʒ £¬£¬£¬¿ÉÓÃÓÚ¼¸¸öÖ÷ÒªµÄLinux¿¯ÐÐ°æ £¬£¬£¬Ëü±»Xen £¬£¬£¬VirtualBoxºÍKVMʹÓᣡ£¡£


Îó²îÑéÖ¤


EXPÊÓƵ£ºhttps://blog.bi0s.in/2019/08/24/Pwn/VM-Escape/2019-07-29-qemu-vm-escape-cve-2019-14378/¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î £¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£ºhttps://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210¡£¡£¡£


ÒÔϳ§ÉÌ»®·Ö·¢ÁËͨ¸æ»òÕß²¹¶¡£¡£¡£º


RedHat: https://access.redhat.com/security/cve/cve-2019-14378


SUSE: https://www.suse.com/support/update/announcement/2019/suse-su-201914151-1/


Fedora:ttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPLHB2AN663OXAWUQURF7J2X5LHD4VD3/


Debian: https://security-tracker.debian.org/tracker/CVE-2019-14378


Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14378.html


²Î¿¼Á´½Ó


https://www.securityweek.com/code-execution-flaw-qemu-mostly-impacts-development-test-vms