Lucene search

K
rosalinuxROSA LABROSA-SA-2021-1974
HistoryJul 02, 2021 - 6:08 p.m.

Advisory ROSA-SA-2021-1974

2021-07-0218:08:32
ROSA LAB
abf.rosalinux.ru
15
advisory
rosa-sa-2021-1974
vdagent spices
0.14.0
critical
security vulnerabilities
arbitrary commands execution
denial of service
data leakage

CVSS2

5.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

23.5%

Software: vdagent spices 0.14.0
OS: Cobalt 7.9

CVE-ID: CVE-2017-15108
CVE-Crit: HIGH
CVE-DESC: spices vdagent up to 0.17.0 in a way that does not avoid saving the directory before going to the shell, allowing an attacker with access to the session running the agent to inject arbitrary commands to execute.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-25653
CVE-Crit: MEDIUM
CVE-DESC: Racing State A vulnerability was discovered in the spice-vdagentd path of the spice-vdagentd daemon pumping new client connections. This flaw could allow an unprivileged local guest user to become an active agent for spec-vdagentd, which could lead to denial of service or information leakage from the host. The highest threat from this vulnerability is data privacy as well as system availability. This flaw affects spice-vdagent version 0.20 and earlier.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-25652
CVE-Crit: MEDIUM
CVE-DESC: A defect was found in the spice-vdagentd daemon, where it does not properly handle client connections that can be established over a UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. Any unprivileged local guest user could exploit this flaw to prevent a legitimate agent from connecting to the spice-vdagentd daemon, resulting in a denial of service. The biggest threat from this vulnerability is to system availability. This flaw affects spice-vdagent version 0.20 and earlier.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-25651
CVE-Crit: MEDIUM
CVE-DESC: A defect was detected in the SPICE file transfer protocol. File data from the host system may end up in whole or in part in the communication of a client extramarital local user in the VM system. Active file transfers from other users could also be interrupted, as a result of a denial of service. The highest threat from this vulnerability is data privacy as well as system availability. This flaw affects spice-vdagent version 0.20 and earlier.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-25650
CVE-Crit: MEDIUM
CVE-DESC: A defect was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged Local Guest user accessing the UNIX domain socket path /run / Gingerbread / vdagentd spice-vdagent-sock could exploit this flaw to perform a memory service failure for spice-vdagentd or even other processes on the VM system, the biggest threat from this vulnerability is to system availability. This flaw affects spice-vdagent version 0.20 and previous versions.
CVE-STATUS: default
CVE-REV: default

CVSS2

5.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:N/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

23.5%