MiracleLinux 4 : spice-server-0.12.4-6.AXS4.1 (AXSA:2014-003:01)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 SPICE server vulnerability 2013 4282 may cause remote denial of service via long SPICE ticket password.

Reporter	Title	Published	Views	Family All 78
Tenable Nessus	CentOS 6 : spice-server (CESA-2013:1473)	30 Oct 201300:00	–	nessus
Tenable Nessus	CentOS 5 : qspice (CESA-2013:1474)	30 Oct 201300:00	–	nessus
Tenable Nessus	Debian DSA-2839-1 : spice - denial of service	9 Jan 201400:00	–	nessus
Tenable Nessus	Fedora 20 : spice-0.12.4-3.fc20 (2013-20310)	11 Nov 201300:00	–	nessus
Tenable Nessus	Fedora 19 : spice-0.12.4-3.fc19 (2013-20340)	8 Nov 201300:00	–	nessus
Tenable Nessus	Fedora 18 : spice-0.12.4-3.fc18 (2013-20360)	8 Nov 201300:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : spice (MDVSA-2014:016)	23 Jan 201400:00	–	nessus
Tenable Nessus	MiracleLinux 3 : qspice-0.3.0-56.AXS3.1 (AXSA:2013-680:01)	16 Jan 202600:00	–	nessus
Tenable Nessus	openSUSE Security Update : spice (openSUSE-2015-657)	15 Oct 201500:00	–	nessus
Tenable Nessus	Oracle Linux 6 : spice-server (ELSA-2013-1473)	30 Oct 201300:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/4484
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2014-003:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(288943);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id("CVE-2013-4282");

  script_name(english:"MiracleLinux 4 : spice-server-0.12.4-6.AXS4.1 (AXSA:2014-003:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the
AXSA:2014-003:01 advisory.

    The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for
    virtual environments which allows you to view a computing 'desktop' environment not only on the machine
    where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.
    This package contains the runtime libraries for any application that wishes to be a SPICE server.
    Security issues fixed with this release:
     CVE-2013-4282
    Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows
    remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
    Fixed bugs:
     Previously, the SPICE server assumed that the client was connected until they got disconnected, and
    continued to communicate with it even if unresponsive. This could lead to queues filling up. Now the SPICE
    server disconnect as soon as the client is unresponsive.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/4484");
  script_set_attribute(attribute:"solution", value:
"Update the affected spice-server package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4282");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:spice-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'spice-server-0.12.4-6.AXS4.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'spice-server');
}

16 Jan 2026 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 25

EPSS0.01116