Executive Summary
| Summary | |
|---|---|
| Title | qspice security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2010:0633 | First vendor Publication | 2010-08-19 |
| Vendor | RedHat | Last vendor Modification | 2010-08-19 |
| Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.6 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 2.7 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated qspice packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428) It was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429) All qspice users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 568699 - CVE-2010-0428 libspice: Insufficient guest provided pointers validation 568701 - CVE-2010-0429 libspice: Relying on guest provided data structures to indicate memory allocation |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2010-0633.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:22045 | |||
| Oval ID: | oval:org.mitre.oval:def:22045 | ||
| Title: | RHSA-2010:0633: qspice security update (Important) | ||
| Description: | libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0633-01 CESA-2010:0633 CVE-2010-0428 CVE-2010-0429 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | qspice |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22924 | |||
| Oval ID: | oval:org.mitre.oval:def:22924 | ||
| Title: | ELSA-2010:0633: qspice security update (Important) | ||
| Description: | libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0633-01 CVE-2010-0428 CVE-2010-0429 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | qspice |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27950 | |||
| Oval ID: | oval:org.mitre.oval:def:27950 | ||
| Title: | DEPRECATED: ELSA-2010-0633 -- qspice security update (important) | ||
| Description: | [0.3.0-54.el5_5.2] - Fix unsafe accesses + spice: drop libpng from windows components (537849) + libspice: fix unsafe guest data accessing Resolves: #568719 + fix unsafe free() call. Resolves: #568723 + spice server: fix unsafe cursor items handling. Resolves: #568719 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0633 CVE-2010-0428 CVE-2010-0429 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | qspice |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 67477 | QEMU-KVM Hypervisor libspice Guest QXL Driver Pointer Validation Weakness Gue... |
| 67476 | QEMU-KVM Hypervisor libspice Memory Management Address Restriction Bypass Gue... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0622.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0633.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0633.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100819_qspice_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2010-08-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0633.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:53:46 |
|
