ID CVE-2010-2223 Type cve Reporter cve@mitre.org Modified 2010-06-25T04:00:00
Description
Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
{"id": "CVE-2010-2223", "bulletinFamily": "NVD", "title": "CVE-2010-2223", "description": "Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.", "published": "2010-06-24T17:30:00", "modified": "2010-06-25T04:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2223", "reporter": "cve@mitre.org", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0476.html", "http://www.securityfocus.com/bid/41044", "https://rhn.redhat.com/errata/RHSA-2010-0473.html", "http://securitytracker.com/id?1024137", "https://bugzilla.redhat.com/show_bug.cgi?id=604752"], "cvelist": ["CVE-2010-2223"], "type": "cve", "lastseen": "2020-10-03T11:57:26", "edition": 3, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2010:0473", "RHSA-2010:0476"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2010-0473.NASL", "REDHAT-RHSA-2010-0476.NASL"]}], "modified": "2020-10-03T11:57:26", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2020-10-03T11:57:26", "rev": 2}, "wild_exploited": {"wildExploited": false, "wildExploitedSources": [], "modified": "2020-10-03T11:57:26"}, "vulnersScore": 4.4}, "cpe": ["cpe:/a:redhat:enterprise_virtualization_hypervisor:5.4-2.1"], "affectedSoftware": [{"cpeName": "redhat:enterprise_virtualization_hypervisor", "name": "redhat enterprise virtualization hypervisor", "operator": "le", "version": "5.4-2.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:5.4-2.1:*:*:*:*:*:*:*"], "cwe": ["CWE-264"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:enterprise_virtualization_hypervisor:5.4-2.1:*:*:*:*:*:*:*", "versionEndIncluding": "5.4-2.1", "vulnerable": true}], "operator": "OR"}]}}
{"redhat": [{"lastseen": "2019-08-13T18:47:13", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2223"], "description": "The Virtual Desktop Server Manager (VDSM) is a management module that\nserves as a Red Hat Enterprise Virtualization Manager (RHEV-M) agent on Red\nHat Enterprise Virtualization Hypervisor (RHEV-H) or Red Hat Enterprise\nLinux hosts. VDSM allows RHEV-M to manage virtual machines and storage\npools, and retrieve statistics from both hosts and guests.\n\nA flaw was found in the way VDSM handled the removal of a virtual machine's\n(VM) data back end (such as an image or a volume). When removing an image\nor a volume, it was not securely deleted from its corresponding data domain\nas expected. A guest user in a new, raw VM, created in a data domain that\nhas had VMs deleted from it, could use this flaw to read limited data from\nthose deleted VMs, potentially disclosing sensitive information.\n(CVE-2010-2223)\n\nThese updated vdsm packages also fix the following bugs:\n\n* Kernel Samepage Merging (KSM) did not use all the available memory (due\nto the memory not being zero-filled) if the memory did not belong to the\nLinux guest. Thus, KSM was not effective in distributing the memory to the\nLinux guests with the result of shared memory being unavailable for Linux\nguests. With this update, KSM allows multiple Linux guests to share the\nmemory. (BZ#527405)\n\n* the vds_bootstrap script failed when the host's temporary directory was\nlocated on a different partition, with the following error:\n\n[Errno 18] Invalid cross-device link using os.rename\n\nWith this update, vds_bootstrap no longer fails. (BZ#530322)\n\n* vds_bootstrap failed to add a host to RHEV-M when the 'cpuspeed' and the\n'libvirt' services were not found. With this update, the host is added to\nRHEV-M even when the aforementioned services are not present in the system.\n(BZ#538751)\n\n* previously, vds_bootstrap attempted to parse blank lines present in\nnetwork scripts (for example, /etc/sysconfig/network-scripts/ifcfg-eth0).\nAs a consequence, if a network script contained blank lines, vds_bootstrap\nfailed and an error such as follows was written to /var/vdsm/vdsm.log (the\nerror example below is consequent to the blank line being present in\nifcfg-eth0):\n\ngetBridgeParams: failed to read params of file\n/etc/sysconfig/network-scripts/ifcfg-eth0\nError:list index out of range\n\nWith this update, vds_bootstrap filters blank lines in network\nconfiguration files, ensuring it does not fail if they are present.\n(BZ#540479)\n\n* the 'pool connect' utility did not save the master domain's information\nto the disk. If VDSM was restarted, auto-reconnect searched for a master\ndomain with the highest version. If the master domain was not available at\nthat time, an incorrect domain was chosen as the master. With this update,\nthe correct domain is chosen as the master. (BZ#543432)\n\n* when using the RHEV-M interface to manage high-availability VMs, power\ndown requests were not honored. Consequently, some high-availability\nvirtual machines automatically rebooted instead of shutting down after they\nreceived a command to shut down. High-availability VMs now correctly\nprocess requests to shut down, with the result that no VMs incorrectly\nreboot instead. (BZ#547112)\n\n* after a host installation, the 'multipathd' service would restart when\nthe host was started from a multipath device. With this update, the\n'multipathd' service no longer restarts. (BZ#547305)\n\nThese updated vdsm packages also add the following enhancements:\n\n* previously, import/export of VMs was not supported. With this update\nimport/export have been implemented. (BZ#482608)\n\n* previously, the ISO image domain could not be shared with multiple Data\nCenters. The user had to define an independent ISO domain for each Data\nCenter. With this update, the ISO image domain can be shared between\nmultiple Data Centers. (BZ#496448)\n\nAll vdsm users should upgrade to these updated packages, which resolve\nthese issues and add these enhancements.\n", "modified": "2016-04-04T18:33:45", "published": "2010-06-22T04:00:00", "id": "RHSA-2010:0473", "href": "https://access.redhat.com/errata/RHSA-2010:0473", "type": "redhat", "title": "(RHSA-2010:0473) Moderate: vdsm security, bug fix, and enhancement update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-11T13:30:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1189", "CVE-2009-3767", "CVE-2010-0307", "CVE-2010-0410", "CVE-2010-0426", "CVE-2010-0427", "CVE-2010-0430", "CVE-2010-0730", "CVE-2010-0741", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-1163", "CVE-2010-2223"], "description": "The rhev-hypervisor package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way QEMU-KVM handled erroneous data provided by the\nLinux virtio-net driver, used by guest operating systems. Due to a\ndeficiency in the TSO (TCP segment offloading) implementation, a guest's\nvirtio-net driver would transmit improper data to a certain QEMU-KVM\nprocess on the host, causing the guest to crash. A remote attacker could\nuse this flaw to send specially-crafted data to a target guest system,\ncausing that guest to crash. (CVE-2010-0741)\n\nA flaw was found in the way the Virtual Desktop Server Manager (VDSM)\nhandled the removal of a virtual machine's (VM) data back end (such as an\nimage or a volume). When removing an image or a volume, it was not securely\ndeleted from its corresponding data domain as expected. A guest user in a\nnew, raw VM, created in a data domain that has had VMs deleted from it,\ncould use this flaw to read limited data from those deleted VMs,\npotentially disclosing sensitive information. (CVE-2010-2223)\n\nThis updated package provides updated components that include fixes for\nsecurity issues; however, these issues have no security impact for Red Hat\nEnterprise Virtualization Hypervisor. These fixes are for dbus issue\nCVE-2009-1189; kernel issues CVE-2010-0307, CVE-2010-0410, CVE-2010-0730,\nCVE-2010-1085, and CVE-2010-1086; openldap issue CVE-2009-3767; and sudo\nissues CVE-2010-0426, CVE-2010-0427, and CVE-2010-1163.\n\nThis update also fixes several bugs and adds several enhancements.\nDocumentation for these bug fixes and enhancements is available from\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/2.2/html/Servers-5.5-2.2_Hypervisor_Security_Update\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug\nfixes and enhancements from the KVM updates RHSA-2010:0271 and\nRHBA-2010:0419 have been included in this update. Also included are the bug\nfixes and enhancements from the Virtual Desktop Server Manager (VDSM)\nupdate RHSA-2010:0473, and fence-agents update RHBA-2010:0477.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0271.html and\nhttps://rhn.redhat.com/errata/RHBA-2010-0419.html\nVDSM: https://rhn.redhat.com/errata/RHSA-2010-0473.html\nfence-agents: https://rhn.redhat.com/errata/RHBA-2010-0477.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues and adds these\nenhancements.\n", "modified": "2019-03-22T23:44:52", "published": "2010-06-22T04:00:00", "id": "RHSA-2010:0476", "href": "https://access.redhat.com/errata/RHSA-2010:0476", "type": "redhat", "title": "(RHSA-2010:0476) Important: rhev-hypervisor security, bug fix, and enhancement update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2020-11-01T00:47:27", "description": "Updated vdsm packages that fix one security issue, various bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Virtual Desktop Server Manager (VDSM) is a management module that\nserves as a Red Hat Enterprise Virtualization Manager (RHEV-M) agent\non Red Hat Enterprise Virtualization Hypervisor (RHEV-H) or Red Hat\nEnterprise Linux hosts. VDSM allows RHEV-M to manage virtual machines\nand storage pools, and retrieve statistics from both hosts and guests.\n\nA flaw was found in the way VDSM handled the removal of a virtual\nmachine's (VM) data back end (such as an image or a volume). When\nremoving an image or a volume, it was not securely deleted from its\ncorresponding data domain as expected. A guest user in a new, raw VM,\ncreated in a data domain that has had VMs deleted from it, could use\nthis flaw to read limited data from those deleted VMs, potentially\ndisclosing sensitive information. (CVE-2010-2223)\n\nThese updated vdsm packages also fix the following bugs :\n\n* Kernel Samepage Merging (KSM) did not use all the available memory\n(due to the memory not being zero-filled) if the memory did not belong\nto the Linux guest. Thus, KSM was not effective in distributing the\nmemory to the Linux guests with the result of shared memory being\nunavailable for Linux guests. With this update, KSM allows multiple\nLinux guests to share the memory. (BZ#527405)\n\n* the vds_bootstrap script failed when the host's temporary directory\nwas located on a different partition, with the following error :\n\n[Errno 18] Invalid cross-device link using os.rename\n\nWith this update, vds_bootstrap no longer fails. (BZ#530322)\n\n* vds_bootstrap failed to add a host to RHEV-M when the 'cpuspeed' and\nthe 'libvirt' services were not found. With this update, the host is\nadded to RHEV-M even when the aforementioned services are not present\nin the system. (BZ#538751)\n\n* previously, vds_bootstrap attempted to parse blank lines present in\nnetwork scripts (for example,\n/etc/sysconfig/network-scripts/ifcfg-eth0). As a consequence, if a\nnetwork script contained blank lines, vds_bootstrap failed and an\nerror such as follows was written to /var/vdsm/vdsm.log (the error\nexample below is consequent to the blank line being present in\nifcfg-eth0) :\n\ngetBridgeParams: failed to read params of file\n/etc/sysconfig/network-scripts/ifcfg-eth0 Error:list index out of\nrange\n\nWith this update, vds_bootstrap filters blank lines in network\nconfiguration files, ensuring it does not fail if they are present.\n(BZ#540479)\n\n* the 'pool connect' utility did not save the master domain's\ninformation to the disk. If VDSM was restarted, auto-reconnect\nsearched for a master domain with the highest version. If the master\ndomain was not available at that time, an incorrect domain was chosen\nas the master. With this update, the correct domain is chosen as the\nmaster. (BZ#543432)\n\n* when using the RHEV-M interface to manage high-availability VMs,\npower down requests were not honored. Consequently, some\nhigh-availability virtual machines automatically rebooted instead of\nshutting down after they received a command to shut down.\nHigh-availability VMs now correctly process requests to shut down,\nwith the result that no VMs incorrectly reboot instead. (BZ#547112)\n\n* after a host installation, the 'multipathd' service would restart\nwhen the host was started from a multipath device. With this update,\nthe 'multipathd' service no longer restarts. (BZ#547305)\n\nThese updated vdsm packages also add the following enhancements :\n\n* previously, import/export of VMs was not supported. With this update\nimport/export have been implemented. (BZ#482608)\n\n* previously, the ISO image domain could not be shared with multiple\nData Centers. The user had to define an independent ISO domain for\neach Data Center. With this update, the ISO image domain can be shared\nbetween multiple Data Centers. (BZ#496448)\n\nAll vdsm users should upgrade to these updated packages, which resolve\nthese issues and add these enhancements.", "edition": 25, "published": "2014-11-17T00:00:00", "title": "RHEL 5 : vdsm (RHSA-2010:0473)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2223"], "modified": "2020-11-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:vdsm22-cli", "p-cpe:/a:redhat:enterprise_linux:vdsm22"], "id": "REDHAT-RHSA-2010-0473.NASL", "href": "https://www.tenable.com/plugins/nessus/79274", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0473. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79274);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:15\");\n\n script_cve_id(\"CVE-2010-2223\");\n script_xref(name:\"RHSA\", value:\"2010:0473\");\n\n script_name(english:\"RHEL 5 : vdsm (RHSA-2010:0473)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vdsm packages that fix one security issue, various bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Virtual Desktop Server Manager (VDSM) is a management module that\nserves as a Red Hat Enterprise Virtualization Manager (RHEV-M) agent\non Red Hat Enterprise Virtualization Hypervisor (RHEV-H) or Red Hat\nEnterprise Linux hosts. VDSM allows RHEV-M to manage virtual machines\nand storage pools, and retrieve statistics from both hosts and guests.\n\nA flaw was found in the way VDSM handled the removal of a virtual\nmachine's (VM) data back end (such as an image or a volume). When\nremoving an image or a volume, it was not securely deleted from its\ncorresponding data domain as expected. A guest user in a new, raw VM,\ncreated in a data domain that has had VMs deleted from it, could use\nthis flaw to read limited data from those deleted VMs, potentially\ndisclosing sensitive information. (CVE-2010-2223)\n\nThese updated vdsm packages also fix the following bugs :\n\n* Kernel Samepage Merging (KSM) did not use all the available memory\n(due to the memory not being zero-filled) if the memory did not belong\nto the Linux guest. Thus, KSM was not effective in distributing the\nmemory to the Linux guests with the result of shared memory being\nunavailable for Linux guests. With this update, KSM allows multiple\nLinux guests to share the memory. (BZ#527405)\n\n* the vds_bootstrap script failed when the host's temporary directory\nwas located on a different partition, with the following error :\n\n[Errno 18] Invalid cross-device link using os.rename\n\nWith this update, vds_bootstrap no longer fails. (BZ#530322)\n\n* vds_bootstrap failed to add a host to RHEV-M when the 'cpuspeed' and\nthe 'libvirt' services were not found. With this update, the host is\nadded to RHEV-M even when the aforementioned services are not present\nin the system. (BZ#538751)\n\n* previously, vds_bootstrap attempted to parse blank lines present in\nnetwork scripts (for example,\n/etc/sysconfig/network-scripts/ifcfg-eth0). As a consequence, if a\nnetwork script contained blank lines, vds_bootstrap failed and an\nerror such as follows was written to /var/vdsm/vdsm.log (the error\nexample below is consequent to the blank line being present in\nifcfg-eth0) :\n\ngetBridgeParams: failed to read params of file\n/etc/sysconfig/network-scripts/ifcfg-eth0 Error:list index out of\nrange\n\nWith this update, vds_bootstrap filters blank lines in network\nconfiguration files, ensuring it does not fail if they are present.\n(BZ#540479)\n\n* the 'pool connect' utility did not save the master domain's\ninformation to the disk. If VDSM was restarted, auto-reconnect\nsearched for a master domain with the highest version. If the master\ndomain was not available at that time, an incorrect domain was chosen\nas the master. With this update, the correct domain is chosen as the\nmaster. (BZ#543432)\n\n* when using the RHEV-M interface to manage high-availability VMs,\npower down requests were not honored. Consequently, some\nhigh-availability virtual machines automatically rebooted instead of\nshutting down after they received a command to shut down.\nHigh-availability VMs now correctly process requests to shut down,\nwith the result that no VMs incorrectly reboot instead. (BZ#547112)\n\n* after a host installation, the 'multipathd' service would restart\nwhen the host was started from a multipath device. With this update,\nthe 'multipathd' service no longer restarts. (BZ#547305)\n\nThese updated vdsm packages also add the following enhancements :\n\n* previously, import/export of VMs was not supported. With this update\nimport/export have been implemented. (BZ#482608)\n\n* previously, the ISO image domain could not be shared with multiple\nData Centers. The user had to define an independent ISO domain for\neach Data Center. With this update, the ISO image domain can be shared\nbetween multiple Data Centers. (BZ#496448)\n\nAll vdsm users should upgrade to these updated packages, which resolve\nthese issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0473\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected vdsm22 and / or vdsm22-cli packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm22-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0473\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vdsm22-4.5-62.el5rhev\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vdsm22-cli-4.5-62.el5rhev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vdsm22 / vdsm22-cli\");\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-01T00:47:28", "description": "An updated rhev-hypervisor package that fixes two security issues,\nmultiple bugs, and adds enhancements is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way QEMU-KVM handled erroneous data provided\nby the Linux virtio-net driver, used by guest operating systems. Due\nto a deficiency in the TSO (TCP segment offloading) implementation, a\nguest's virtio-net driver would transmit improper data to a certain\nQEMU-KVM process on the host, causing the guest to crash. A remote\nattacker could use this flaw to send specially crafted data to a\ntarget guest system, causing that guest to crash. (CVE-2010-0741)\n\nA flaw was found in the way the Virtual Desktop Server Manager (VDSM)\nhandled the removal of a virtual machine's (VM) data back end (such as\nan image or a volume). When removing an image or a volume, it was not\nsecurely deleted from its corresponding data domain as expected. A\nguest user in a new, raw VM, created in a data domain that has had VMs\ndeleted from it, could use this flaw to read limited data from those\ndeleted VMs, potentially disclosing sensitive information.\n(CVE-2010-2223)\n\nThis updated package provides updated components that include fixes\nfor security issues; however, these issues have no security impact for\nRed Hat Enterprise Virtualization Hypervisor. These fixes are for dbus\nissue CVE-2009-1189; kernel issues CVE-2010-0307, CVE-2010-0410,\nCVE-2010-0730, CVE-2010-1085, and CVE-2010-1086; openldap issue\nCVE-2009-3767; and sudo issues CVE-2010-0426, CVE-2010-0427, and\nCVE-2010-1163.\n\nThis update also fixes several bugs and adds several enhancements.\nDocumentation for these bug fixes and enhancements is available from\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/2.2\n/html/ Servers-5.5-2.2_Hypervisor_Security_Update\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the\nbug fixes and enhancements from the KVM updates RHSA-2010:0271 and\nRHBA-2010:0419 have been included in this update. Also included are\nthe bug fixes and enhancements from the Virtual Desktop Server Manager\n(VDSM) update RHSA-2010:0473, and fence-agents update RHBA-2010:0477.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0271.html and\nhttps://rhn.redhat.com/errata/RHBA-2010-0419.html VDSM:\nhttps://rhn.redhat.com/errata/RHSA-2010-0473.html fence-agents:\nhttps://rhn.redhat.com/errata/RHBA-2010-0477.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues and\nadds these enhancements.", "edition": 26, "published": "2014-11-17T00:00:00", "title": "RHEL 5 : rhev-hypervisor (RHSA-2010:0476)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0307", "CVE-2009-3767", "CVE-2010-0410", "CVE-2010-0730", "CVE-2010-2223", "CVE-2010-0741", "CVE-2010-1163", "CVE-2010-0426", "CVE-2010-0430", "CVE-2010-1085", "CVE-2010-1086", "CVE-2010-0427", "CVE-2009-1189"], "modified": "2020-11-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor", "p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor-pxe"], "id": "REDHAT-RHSA-2010-0476.NASL", "href": "https://www.tenable.com/plugins/nessus/79275", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0476. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79275);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:15\");\n\n script_cve_id(\"CVE-2010-0430\", \"CVE-2010-0741\", \"CVE-2010-2223\");\n script_bugtraq_id(64576);\n script_xref(name:\"RHSA\", value:\"2010:0476\");\n\n script_name(english:\"RHEL 5 : rhev-hypervisor (RHSA-2010:0476)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor package that fixes two security issues,\nmultiple bugs, and adds enhancements is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way QEMU-KVM handled erroneous data provided\nby the Linux virtio-net driver, used by guest operating systems. Due\nto a deficiency in the TSO (TCP segment offloading) implementation, a\nguest's virtio-net driver would transmit improper data to a certain\nQEMU-KVM process on the host, causing the guest to crash. A remote\nattacker could use this flaw to send specially crafted data to a\ntarget guest system, causing that guest to crash. (CVE-2010-0741)\n\nA flaw was found in the way the Virtual Desktop Server Manager (VDSM)\nhandled the removal of a virtual machine's (VM) data back end (such as\nan image or a volume). When removing an image or a volume, it was not\nsecurely deleted from its corresponding data domain as expected. A\nguest user in a new, raw VM, created in a data domain that has had VMs\ndeleted from it, could use this flaw to read limited data from those\ndeleted VMs, potentially disclosing sensitive information.\n(CVE-2010-2223)\n\nThis updated package provides updated components that include fixes\nfor security issues; however, these issues have no security impact for\nRed Hat Enterprise Virtualization Hypervisor. These fixes are for dbus\nissue CVE-2009-1189; kernel issues CVE-2010-0307, CVE-2010-0410,\nCVE-2010-0730, CVE-2010-1085, and CVE-2010-1086; openldap issue\nCVE-2009-3767; and sudo issues CVE-2010-0426, CVE-2010-0427, and\nCVE-2010-1163.\n\nThis update also fixes several bugs and adds several enhancements.\nDocumentation for these bug fixes and enhancements is available from\nhttp://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/2.2\n/html/ Servers-5.5-2.2_Hypervisor_Security_Update\n\nAs Red Hat Enterprise Virtualization Hypervisor is based on KVM, the\nbug fixes and enhancements from the KVM updates RHSA-2010:0271 and\nRHBA-2010:0419 have been included in this update. Also included are\nthe bug fixes and enhancements from the Virtual Desktop Server Manager\n(VDSM) update RHSA-2010:0473, and fence-agents update RHBA-2010:0477.\n\nKVM: https://rhn.redhat.com/errata/RHSA-2010-0271.html and\nhttps://rhn.redhat.com/errata/RHBA-2010-0419.html VDSM:\nhttps://rhn.redhat.com/errata/RHSA-2010-0473.html fence-agents:\nhttps://rhn.redhat.com/errata/RHBA-2010-0477.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues and\nadds these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2223\"\n );\n # http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/2.2/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0476\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rhev-hypervisor and / or rhev-hypervisor-pxe\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor-pxe\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0476\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-5.5-2.2.4.2.el5rhev\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-pxe-5.5-2.2.4.2.el5rhev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor / rhev-hypervisor-pxe\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
