Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
Summary: CVE-2007-2894: bochs guest OS local user DoS Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: bochs AssignedTo: j.w.r.degoede@hhs.nl ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894
"The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2894: bochs guest OS local user DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
j.w.r.degoede@hhs.nl changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
------- Additional Comments From j.w.r.degoede@hhs.nl 2007-06-02 03:49 EST ------- I've contacted upstream about this, awaiting their response.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2894: bochs guest OS local user DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
bugzilla@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora
------- Additional Comments From j.w.r.degoede@hhs.nl 2007-07-18 13:37 EST ------- Since upstream isn't making any progress with regards to this, I've investigated this a bit further.
This CVS stems from someone doing virtual machine / pc research and the original report mentions not one but 2 vulnerabilities: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894
2893 is a reproducible, most likely exploitable, buffer overflow in the ne2000 driver. For which a fix is in CVS, I will issue a fixed package for this shortly
2894 is a report of a divide by zero error in the floppy, which the researcher managed to trigger once by feeding random bytes to the emulated floppy controller. This is not reproducable, and upstream has audited the code and can not find any divide by zero conditions, so I'm assuming this issue is moot.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2894: bochs guest OS local user DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
------- Additional Comments From updates@fedoraproject.org 2007-07-19 12:45 EST ------- bochs-2.3-5.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2894: bochs guest OS local user DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |2.3-5.fc7
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2894: bochs guest OS local user DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
lkundrak@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lkundrak@redhat.com
------- Additional Comments From lkundrak@redhat.com 2007-08-02 08:38 EST ------- Reopening this. Hans: this bug was reported against FC6. Could you please also update the FC6 version? Thanks.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2894: bochs guest OS local user DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
j.w.r.degoede@hhs.nl changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|ERRATA |CURRENTRELEASE Fixed In Version|2.3-5.fc7 |2.3-5
------- Additional Comments From j.w.r.degoede@hhs.nl 2007-08-02 18:13 EST ------- The FC-6 version was fixed at the same time as the F-7 version, but no bodhi, so no anouncement, closing again.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2894: bochs guest OS local user DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
------- Additional Comments From j.w.r.degoede@hhs.nl 2007-08-22 03:52 EST ------- Upstream wasn't happy about the report of a divide by zero error when feeding random data to the floppy driver (happened / reported only once). So they have investigated this issue again, and managed to find one divide by zero condition after all. That should explain and really fix: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894
See: https://sourceforge.net/tracker/?func=detail&atid=112580&aid=1729822...
A new version of bochs with a fix for this included is building for all 3 supported Fedora releases as I type this.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2894: bochs guest OS local user DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
------- Additional Comments From updates@fedoraproject.org 2007-08-24 01:41 EST ------- bochs-2.3-7.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2894: bochs guest OS local user DoS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799
updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |CLOSED Resolution|CURRENTRELEASE |ERRATA Fixed In Version|2.3-5 |2.3-7.fc7
security@lists.fedoraproject.org