ID CVE-2014-3559 Type cve Reporter cve@mitre.org Modified 2017-08-29T01:34:00
Description
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
{"id": "CVE-2014-3559", "bulletinFamily": "NVD", "title": "CVE-2014-3559", "description": "The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.", "published": "2014-08-06T19:55:00", "modified": "2017-08-29T01:34:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3559", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/95098", "https://bugzilla.redhat.com/show_bug.cgi?id=1121925", "http://rhn.redhat.com/errata/RHSA-2014-1002.html", "http://www.securitytracker.com/id/1030664"], "cvelist": ["CVE-2014-3559"], "type": "cve", "lastseen": "2020-10-03T12:01:17", "edition": 3, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2014:1002"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2014-1002.NASL"]}], "modified": "2020-10-03T12:01:17", "rev": 2}, "score": {"value": 4.2, "vector": "NONE", "modified": "2020-10-03T12:01:17", "rev": 2}, "vulnersScore": 4.2}, "cpe": ["cpe:/a:redhat:enterprise_virtualization:3.4"], "affectedSoftware": [{"cpeName": "redhat:enterprise_virtualization", "name": "redhat enterprise virtualization", "operator": "eq", "version": "3.4"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:redhat:enterprise_virtualization:3.4:*:*:*:*:*:*:*"], "cwe": ["CWE-264"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:enterprise_virtualization:3.4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"redhat": [{"lastseen": "2019-08-13T18:46:33", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3559"], "description": "Red Hat Enterprise Virtualization is a feature-rich server virtualization\nmanagement system that provides advanced capabilities for managing Red Hat\nvirtualization infrastructure for Servers and Desktops.\n\nIt was found that the oVirt storage back end did not wipe memory snapshots\nwhen VMs were deleted, even if wipe-after-delete (WAD) was enabled for the\nVM's disks. A remote attacker with credentials to create a new VM could use\nthis flaw to potentially access the contents of memory snapshots in an\nuninitialized storage volume, possibly leading to the disclosure of\nsensitive information. (CVE-2014-3559)\n\nThis issue was discovered by Idan Shaby and Allon Mureinik of Red Hat.\n\nAll rhevm users are advised to upgrade to these updated packages, which\ncorrect this issue.\n", "modified": "2018-06-07T09:00:31", "published": "2014-08-04T04:00:00", "id": "RHSA-2014:1002", "href": "https://access.redhat.com/errata/RHSA-2014:1002", "type": "redhat", "title": "(RHSA-2014:1002) Moderate: rhevm security update", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-17T13:14:49", "description": "Updated rhevm packages that fix one security issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nRed Hat Enterprise Virtualization is a feature-rich server\nvirtualization management system that provides advanced capabilities\nfor managing Red Hat virtualization infrastructure for Servers and\nDesktops.\n\nIt was found that the oVirt storage back end did not wipe memory\nsnapshots when VMs were deleted, even if wipe-after-delete (WAD) was\nenabled for the VM's disks. A remote attacker with credentials to\ncreate a new VM could use this flaw to potentially access the contents\nof memory snapshots in an uninitialized storage volume, possibly\nleading to the disclosure of sensitive information. (CVE-2014-3559)\n\nThis issue was discovered by Idan Shaby and Allon Mureinik of Red Hat.\n\nAll rhevm users are advised to upgrade to these updated packages,\nwhich correct this issue.", "edition": 24, "published": "2014-11-11T00:00:00", "title": "RHEL 6 : rhevm (RHSA-2014:1002)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3559"], "modified": "2014-11-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhevm-restapi", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-ovirt-engine", "p-cpe:/a:redhat:enterprise_linux:rhevm-websocket-proxy", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-ovirt-engine-common", "p-cpe:/a:redhat:enterprise_linux:rhevm-userportal", "p-cpe:/a:redhat:enterprise_linux:rhevm-dbscripts", "p-cpe:/a:redhat:enterprise_linux:rhevm-tools", "p-cpe:/a:redhat:enterprise_linux:rhevm-lib", "p-cpe:/a:redhat:enterprise_linux:rhevm-webadmin-portal", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-allinone", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup", "p-cpe:/a:redhat:enterprise_linux:rhevm", "p-cpe:/a:redhat:enterprise_linux:rhevm-backend", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-websocket-proxy", "p-cpe:/a:redhat:enterprise_linux:rhevm-setup-base"], "id": "REDHAT-RHSA-2014-1002.NASL", "href": "https://www.tenable.com/plugins/nessus/79112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1002. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79112);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3559\");\n script_bugtraq_id(69174);\n script_xref(name:\"RHSA\", value:\"2014:1002\");\n\n script_name(english:\"RHEL 6 : rhevm (RHSA-2014:1002)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rhevm packages that fix one security issue are now available.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nRed Hat Enterprise Virtualization is a feature-rich server\nvirtualization management system that provides advanced capabilities\nfor managing Red Hat virtualization infrastructure for Servers and\nDesktops.\n\nIt was found that the oVirt storage back end did not wipe memory\nsnapshots when VMs were deleted, even if wipe-after-delete (WAD) was\nenabled for the VM's disks. A remote attacker with credentials to\ncreate a new VM could use this flaw to potentially access the contents\nof memory snapshots in an uninitialized storage volume, possibly\nleading to the disclosure of sensitive information. (CVE-2014-3559)\n\nThis issue was discovered by Idan Shaby and Allon Mureinik of Red Hat.\n\nAll rhevm users are advised to upgrade to these updated packages,\nwhich correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3559\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-backend\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-dbscripts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-restapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-allinone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-ovirt-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-ovirt-engine-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-setup-plugin-websocket-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-userportal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-webadmin-portal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhevm-websocket-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1002\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_exists(rpm:\"rhevm-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-backend-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-backend-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-dbscripts-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-dbscripts-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-lib-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-lib-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-restapi-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-restapi-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-base-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-base-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-plugin-allinone-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-plugin-allinone-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-plugin-ovirt-engine-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-plugin-ovirt-engine-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-plugin-ovirt-engine-common-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-plugin-ovirt-engine-common-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-setup-plugin-websocket-proxy-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-setup-plugin-websocket-proxy-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-tools-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-tools-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-userportal-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-userportal-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-webadmin-portal-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-webadmin-portal-3.4.1-0.31.el6ev\")) flag++;\n if (rpm_exists(rpm:\"rhevm-websocket-proxy-3.4.\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rhevm-websocket-proxy-3.4.1-0.31.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhevm / rhevm-backend / rhevm-dbscripts / rhevm-lib / rhevm-restapi / etc\");\n }\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}]}