[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets |
|
Date: |
Tue, 24 Mar 2015 16:51:00 +0100 |
On Mo, 2015-03-23 at 22:58 +0000, Daniel P. Berrange wrote:
> The VNC websockets protocol decoder has two places where it did
> not correctly limit its resource usage when processing data from
> the client. This can be abused by a malicious client to cause QEMU
> to consume all system memory, unless it is otherwise limited by
> ulimits and/or cgroups. These problems can be triggered in the
> websockets layer before the VNC protocol actually starts, so no
> client authentication will have taken place at this point.
Hmm, with patch 1/2 applied novnc disconnects frequently. Boot messages
on the text (framebuffer) console seems to work fine. But after logging
in via gdm and trying to do stuff in gnome shell problems are starting.
cheers,
Gerd