RHEL 7 : spice (RHSA-2017:0254)

🗓️ 06 Feb 2017 00:00:00Reported by TenableType

An update for SPICE in RHEL 7 addresses two vulnerabilities, one causing heap overflow and potential code execution, and the other leading to server crash through crafted messages

Reporter	Title	Published	Views	Family All 113
AlpineLinux	CVE-2016-9577	27 Jul 201820:00	–	alpinelinux
AlpineLinux	CVE-2016-9578	27 Jul 201821:00	–	alpinelinux
Tenable Nessus	CentOS 6 : spice-server (CESA-2017:0253)	7 Feb 201700:00	–	nessus
Tenable Nessus	CentOS 7 : spice (CESA-2017:0254)	7 Feb 201700:00	–	nessus
Tenable Nessus	Debian DLA-825-1 : spice security update	17 Feb 201700:00	–	nessus
Tenable Nessus	Debian DSA-3790-1 : spice - security update	17 Feb 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : spice (EulerOS-SA-2017-1021)	1 May 201700:00	–	nessus
Tenable Nessus	Fedora 24 : spice (2017-05793780f0)	15 Feb 201700:00	–	nessus
Tenable Nessus	Fedora 25 : spice (2017-5972ebe591)	15 Feb 201700:00	–	nessus
Tenable Nessus	MiracleLinux 7 : spice-0.12.4-20.el7 (AXSA:2017-1286:02)	16 Jan 202600:00	–	nessus

Source	Link
access	www.access.redhat.com/errata/RHSA-2017:0254
access	www.access.redhat.com/security/cve/cve-2016-9577
access	www.access.redhat.com/security/cve/cve-2016-9578
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2017:0254. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('compat.inc');

if (description)
{
  script_id(97013);
  script_version("3.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/01");

  script_cve_id("CVE-2016-9577", "CVE-2016-9578");
  script_xref(name:"RHSA", value:"2017:0254");

  script_name(english:"RHEL 7 : spice (RHSA-2017:0254)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"An update for spice is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The Simple Protocol for Independent Computing Environments (SPICE) is
a remote display system built for virtual environments which allows
the user to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures.

Security Fix(es) :

* A vulnerability was discovered in spice in the server's protocol
handling. An authenticated attacker could send crafted messages to the
spice server causing a heap overflow leading to a crash or possible
code execution. (CVE-2016-9577)

* A vulnerability was discovered in spice in the server's protocol
handling. An attacker able to connect to the spice server could send
crafted messages which would cause the process to crash.
(CVE-2016-9578)

These issues were discovered by Frediano Ziglio (Red Hat).");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:0254");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9577");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-9578");
  script_set_attribute(attribute:"solution", value:
"Update the affected spice-debuginfo, spice-server and / or
spice-server-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9577");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spice-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spice-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spice-server-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2017:0254";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"spice-debuginfo-0.12.4-20.el7_3")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"spice-server-0.12.4-20.el7_3")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"spice-server-devel-0.12.4-20.el7_3")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spice-debuginfo / spice-server / spice-server-devel");
  }
}

01 Jan 2026 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 26.5

CVSS 37.5 - 8.8

EPSS0.06999