[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC
Re: [Qemu-devel] [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets
Tue, 31 Mar 2015 10:17:29 +0100
On 24 March 2015 at 15:51, Gerd Hoffmann <address@hidden> wrote:
> On Mo, 2015-03-23 at 22:58 +0000, Daniel P. Berrange wrote:
>> The VNC websockets protocol decoder has two places where it did
>> not correctly limit its resource usage when processing data from
>> the client. This can be abused by a malicious client to cause QEMU
>> to consume all system memory, unless it is otherwise limited by
>> ulimits and/or cgroups. These problems can be triggered in the
>> websockets layer before the VNC protocol actually starts, so no
>> client authentication will have taken place at this point.
> Hmm, with patch 1/2 applied novnc disconnects frequently. Boot messages
> on the text (framebuffer) console seems to work fine. But after logging
> in via gdm and trying to do stuff in gnome shell problems are starting.
Any further progress here? Ideally I'd like to get a fix for
this CVE into rc2...