Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2023 Tenable Network Security, Inc.REDHAT-RHSA-2014-0416.NASL
HistoryNov 08, 2014 - 12:00 a.m.

RHEL 6 : rhevm-spice-client (RHSA-2014:0416)

2014-11-0800:00:00
This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.
www.tenable.com
26
JSON

Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems.

The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues :

An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
(CVE-2014-0160)

It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)

A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash.
(CVE-2013-4353)

It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter.

The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers :

CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166

All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:0416. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79013);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id(
    "CVE-2012-2686",
    "CVE-2012-4929",
    "CVE-2013-0166",
    "CVE-2013-0169",
    "CVE-2013-4353",
    "CVE-2013-6449",
    "CVE-2013-6450",
    "CVE-2014-0160"
  );
  script_bugtraq_id(
    55704,
    57755,
    57778,
    60268,
    64530,
    64618,
    64691,
    66690
  );
  script_xref(name:"RHSA", value:"2014:0416");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/25");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"RHEL 6 : rhevm-spice-client (RHSA-2014:0416)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Updated rhevm-spice-client packages that fix multiple security issues
are now available for Red Hat Enterprise Virtualization Manager 3.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise Virtualization Manager provides access to virtual
machines using SPICE. These SPICE client packages provide the SPICE
client and usbclerk service for both Windows 32-bit operating systems
and Windows 64-bit operating systems.

The rhevm-spice-client package includes the mingw-virt-viewer Windows
SPICE client. OpenSSL, a general purpose cryptography library with a
TLS implementation, is bundled with mingw-virt-viewer. The
mingw-virt-viewer package has been updated to correct the following
issues :

An information disclosure flaw was found in the way OpenSSL handled
TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS
client or server could send a specially crafted TLS or DTLS Heartbeat
packet to disclose a limited portion of memory per request from a
connected client or server. Note that the disclosed portions of memory
could potentially include sensitive information such as private keys.
(CVE-2014-0160)

It was discovered that OpenSSL leaked timing information when
decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode
cipher suites were used. A remote attacker could possibly use this
flaw to retrieve plain text from the encrypted packets by using a
TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169)

A NULL pointer dereference flaw was found in the way OpenSSL handled
TLS/SSL protocol handshake packets. A specially crafted handshake
packet could cause a TLS/SSL client using OpenSSL to crash.
(CVE-2013-4353)

It was discovered that the TLS/SSL protocol could leak information
about plain text when optional compression was used. An attacker able
to control part of the plain text sent over an encrypted TLS/SSL
connection could possibly use this flaw to recover other portions of
the plain text. (CVE-2012-4929)

Red Hat would like to thank the OpenSSL project for reporting
CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as
the original reporter.

The updated mingw-virt-viewer Windows SPICE client further includes
OpenSSL security fixes that have no security impact on
mingw-virt-viewer itself. The security fixes included in this update
address the following CVE numbers :

CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166

All Red Hat Enterprise Virtualization Manager users are advised to
upgrade to these updated packages, which address these issues.");
  script_set_attribute(attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2014-0416.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-0169.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2012-4929.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2013-4353.html");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0160.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0160");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-cab");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-msi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-cab");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-msi");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

flag = 0;
if (rpm_exists(rpm:"rhevm-spice-client-x64-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-cab-3.3-12.el6_5")) flag++;
if (rpm_exists(rpm:"rhevm-spice-client-x64-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x64-msi-3.3-12.el6_5")) flag++;
if (rpm_exists(rpm:"rhevm-spice-client-x86-cab-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-cab-3.3-12.el6_5")) flag++;
if (rpm_exists(rpm:"rhevm-spice-client-x86-msi-3\.3-", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"rhevm-spice-client-x86-msi-3.3-12.el6_5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhevm-spice-client-x64-cab-3.3 / rhevm-spice-client-x64-msi-3.3 / etc");
}
VendorProductVersionCPE
redhatenterprise_linuxrhevm-spice-client-x64-cabp-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-cab
redhatenterprise_linuxrhevm-spice-client-x64-msip-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x64-msi
redhatenterprise_linuxrhevm-spice-client-x86-cabp-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-cab
redhatenterprise_linuxrhevm-spice-client-x86-msip-cpe:/a:redhat:enterprise_linux:rhevm-spice-client-x86-msi
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6

Related

redhat 4
openvas 58
fedora 11
nessus 50
ibm 40
freebsd 3
ubuntu 4
altlinux 9
oraclelinux 2
freebsd_advisory 2
centos 2
securityvulns 2
amazon 3
slackware 2
aix 2
debian 2
mageia 1
ubuntucve 1
osv 1
redhat
redhat
(RHSA-2014:0416) Important: rhevm-spice-client security update
2014-04-17 00:00:00
(RHSA-2014:0015) Important: openssl security update
2014-01-08 00:00:00
(RHSA-2013:0587) Moderate: openssl security update
2013-03-04 00:00:00
openvas
openvas
Fedora Update for openssl FEDORA-2014-4879
2014-04-10 00:00:00
Fedora Update for mingw-openssl FEDORA-2014-4999
2014-04-16 00:00:00
Fedora Update for mingw-openssl FEDORA-2014-4982
2014-04-15 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: openssl-1.0.1e-37.fc19.1
2014-04-09 00:59:56
[SECURITY] Fedora 19 Update: mingw-openssl-1.0.1e-6.fc19
2014-04-15 15:47:01
[SECURITY] Fedora 20 Update: mingw-openssl-1.0.1e-6.fc20
2014-04-14 22:35:43
nessus
nessus
HP System Management Homepage OpenSSL Multiple Vulnerabilities (Heartbleed)
2014-04-18 00:00:00
CentOS 6 : openssl (CESA-2014:0015)
2014-01-09 00:00:00
Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20140108)
2014-01-10 00:00:00
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) and compatible IBM Systems Director agents are affected by vulnerabilities in OpenSSL (CVE-2013-4353, CVE-2013-6450, and CVE-2013-6449)
2019-01-30 08:35:01
Security Bulletin: IBM Systems Director (ISD) is affected by vulnerabilities in OpenSSL (CVE-2013-4353, CVE-2013-6450, and CVE-2013-6449)
2019-01-30 08:35:01
Security Bulletin: Vulnerabilities in ClearQuest OpenSSL Component (CVE-2013-4353, CVE-2013-6450, CVE-2013-6449 )
2018-09-29 18:04:03
freebsd
freebsd
openssl -- multiple vulnerabilities
2014-01-06 00:00:00
OpenSSL -- TLS 1.1, 1.2 denial of service
2013-02-05 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-01-09 00:00:00
OpenSSL vulnerabilities
2013-02-21 00:00:00
OpenSSL vulnerability
2013-03-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1f-alt1
2014-01-06 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1f-alt1
2014-01-06 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1f-alt1
2014-01-06 00:00:00
oraclelinux
oraclelinux
openssl security update
2014-01-08 00:00:00
openssl security update
2013-03-04 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:03.openssl
2014-01-14 00:00:00
FreeBSD-SA-13:03.openssl
2013-04-02 00:00:00
centos
centos
openssl security update
2014-01-08 22:59:22
openssl security update
2013-03-04 22:46:45
securityvulns
securityvulns
OpenSSL security vulnerabilities
2014-01-08 00:00:00
[SECURITY] [DSA 2833-1] openssl security update
2014-01-08 00:00:00
amazon
amazon
Important: openssl
2014-01-14 15:56:00
Medium: openssl
2013-03-14 22:04:00
Critical: openssl
2014-04-07 17:26:00
slackware
slackware
openssl
2014-01-13 22:30:19
openssl
2013-02-09 15:03:57
aix
aix
Multiple OpenSSL vulnerabilities
2014-02-25 14:07:48
Multiple OpenSSL vulnerabilities
2013-03-15 03:20:11
debian
debian
[SECURITY] [DSA 2833-1] openssl security update
2014-01-01 12:09:10
[SECURITY] [DSA 2621-1] openssl security update
2013-02-13 20:07:41
mageia
mageia
Updated openssl package fixes security vulnerabilities
2014-01-17 04:33:19
ubuntucve
ubuntucve
CVE-2012-2686
2013-02-08 00:00:00
osv
osv
openssl - several vulnerabilities
2013-02-13 00:00:00
JSON
Related for REDHAT-RHSA-2014-0416.NASL
redhat4openvas58fedora11nessus50ibm40freebsd3ubuntu4altlinux9oraclelinux2freebsd_advisory2centos2securityvulns2amazon3slackware2aix2debian2mageia1ubuntucve1osv1