DATABASE RESOURCES PRICING ABOUT US

{"id": "SECURITYVULNS:DOC:30005", "bulletinFamily": "software", "title": "[USN-2027-1] SPICE vulnerability", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2027-1\r\nNovember 12, 2013\r\n\r\nspice vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n- Ubuntu 13.04\r\n\r\nSummary:\r\n\r\nSPICE could be made to crash if it received specially crafted network\r\ntraffic.\r\n\r\nSoftware Description:\r\n- spice: SPICE protocol client and server library\r\n\r\nDetails:\r\n\r\nTomas Jamrisko discovered that SPICE incorrectly handled long passwords in\r\nSPICE tickets. An attacker could use this issue to cause the SPICE server\r\nto crash, resulting in a denial of service.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n libspice-server1 0.12.4-0nocelt1ubuntu0.1\r\n\r\nUbuntu 13.04:\r\n libspice-server1 0.12.2-0nocelt2expubuntu1.2\r\n\r\nAfter a standard system update you need to restart applications using the\r\nSPICE protocol, such as QEMU, to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2027-1\r\n CVE-2013-4282\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/spice/0.12.2-0nocelt2expubuntu1.2\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "published": "2013-11-18T00:00:00", "modified": "2013-11-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30005", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2013-4282"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:49", "edition": 1, "viewCount": 18, "enchantments": {"score": {"value": 7.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2013:1473", "CESA-2013:1474"]}, {"type": "cve", "idList": ["CVE-2013-4282"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2839-1:20FD8", "DEBIAN:DSA-2839-1:AF416"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-4282"]}, {"type": "fedora", "idList": ["FEDORA:0AA142279D", "FEDORA:62B072159B", "FEDORA:EBDA02421E"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2013-1473.NASL", "CENTOS_RHSA-2013-1474.NASL", "DEBIAN_DSA-2839.NASL", "FEDORA_2013-20310.NASL", "FEDORA_2013-20340.NASL", "FEDORA_2013-20360.NASL", "MANDRIVA_MDVSA-2014-016.NASL", "OPENSUSE-2015-657.NASL", "ORACLELINUX_ELSA-2013-1473.NASL", "ORACLELINUX_ELSA-2013-1474.NASL", "REDHAT-RHSA-2013-1460.NASL", "REDHAT-RHSA-2013-1473.NASL", "REDHAT-RHSA-2013-1474.NASL", "SL_20131029_QSPICE_ON_SL5_X.NASL", "SL_20131029_SPICE_SERVER_ON_SL6_X.NASL", "SUSE_SU-2015-0884-1.NASL", "UBUNTU_USN-2027-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123539", "OPENVAS:1361412562310123540", "OPENVAS:1361412562310702839", "OPENVAS:1361412562310841632", "OPENVAS:1361412562310850847", "OPENVAS:1361412562310867044", "OPENVAS:1361412562310867051", "OPENVAS:1361412562310871064", "OPENVAS:1361412562310871067", "OPENVAS:1361412562310881823", "OPENVAS:1361412562310881825", "OPENVAS:702839", "OPENVAS:841632", "OPENVAS:867044", "OPENVAS:867051", "OPENVAS:871064", "OPENVAS:871067", "OPENVAS:881823", "OPENVAS:881825"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1473", "ELSA-2013-1474"]}, {"type": "redhat", "idList": ["RHSA-2013:1460", "RHSA-2013:1473", "RHSA-2013:1474"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13407"]}, {"type": "seebug", "idList": ["SSV:61067"]}, {"type": "suse", "idList": ["SUSE-SU-2015:0884-1", "SUSE-SU-2015:0884-2"]}, {"type": "ubuntu", "idList": ["USN-2027-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-4282"]}], "rev": 4}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2013:1473", "CESA-2013:1474"]}, {"type": "cve", "idList": ["CVE-2013-4282"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2839-1:20FD8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-4282"]}, {"type": "fedora", "idList": ["FEDORA:62B072159B"]}, {"type": "nessus", "idList": ["FEDORA_2013-20340.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881823", "OPENVAS:867051"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1473", "ELSA-2013-1474"]}, {"type": "redhat", "idList": ["RHSA-2013:1460", "RHSA-2013:1473", "RHSA-2013:1474"]}, {"type": "suse", "idList": ["SUSE-SU-2015:0884-2"]}, {"type": "ubuntu", "idList": ["USN-2027-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-4282"]}]}, "exploitation": null, "vulnersScore": 7.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646872144}}

{"nessus": [{"lastseen": "2021-08-19T12:52:19", "description": "Updated qspice packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2013-10-30T00:00:00", "type": "nessus", "title": "CentOS 5 : qspice (CESA-2013:1474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:qspice", "p-cpe:/a:centos:centos:qspice-libs", "p-cpe:/a:centos:centos:qspice-libs-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-1474.NASL", "href": "https://www.tenable.com/plugins/nessus/70686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1474 and \n# CentOS Errata and Security Advisory 2013:1474 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70686);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_xref(name:\"RHSA\", value:\"2013:1474\");\n\n script_name(english:\"CentOS 5 : qspice (CESA-2013:1474)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qspice packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is\na remote display protocol for virtual environments. SPICE users can\naccess a virtualized desktop or server from the local system or any\nsystem with network access to the server. SPICE is used in Red Hat\nEnterprise Linux for viewing virtualized guests running on the\nKernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise\nVirtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able\nto initiate a SPICE connection to an application acting as a SPICE\nserver could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-October/019994.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?087d8a1d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qspice packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4282\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qspice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qspice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qspice-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"qspice-0.3.0-56.el5_10.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"qspice-libs-0.3.0-56.el5_10.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"qspice-libs-devel-0.3.0-56.el5_10.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qspice / qspice-libs / qspice-libs-devel\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:11", "description": "A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282)", "cvss3": {"score": null, "vector": null}, "published": "2013-10-31T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : qspice on SL5.x x86_64 (20131029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:qspice", "p-cpe:/a:fermilab:scientific_linux:qspice-debuginfo", "p-cpe:/a:fermilab:scientific_linux:qspice-libs", "p-cpe:/a:fermilab:scientific_linux:qspice-libs-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20131029_QSPICE_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/70706", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70706);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4282\");\n\n script_name(english:\"Scientific Linux Security Update : qspice on SL5.x x86_64 (20131029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able\nto initiate a SPICE connection to an application acting as a SPICE\nserver could use this flaw to crash the application. (CVE-2013-4282)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1310&L=scientific-linux-errata&T=0&P=3301\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05c8c1d4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qspice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qspice-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qspice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:qspice-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"qspice-0.3.0-56.el5_10.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"qspice-debuginfo-0.3.0-56.el5_10.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"qspice-libs-0.3.0-56.el5_10.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"qspice-libs-devel-0.3.0-56.el5_10.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qspice / qspice-debuginfo / qspice-libs / qspice-libs-devel\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:45:58", "description": "The remote desktop software SPICE was updated to address one security issue.\n\nThe following vulnerabilitiy was fixed :\n\n - A stack-based buffer overflow in the password handling code allowed remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.\n (bsc#848279, CVE-2013-4282)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2015:0884-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libspice-server1", "p-cpe:/a:novell:suse_linux:libspice-server1-debuginfo", "p-cpe:/a:novell:suse_linux:spice-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-0884-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0884-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83726);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_bugtraq_id(63408);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2015:0884-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote desktop software SPICE was updated to address one security\nissue.\n\nThe following vulnerabilitiy was fixed :\n\n - A stack-based buffer overflow in the password handling\n code allowed remote attackers to cause a denial of\n service (crash) via a long password in a SPICE ticket.\n (bsc#848279, CVE-2013-4282)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=848279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-4282/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150884-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?486f9628\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-199=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-199=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libspice-server1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libspice-server1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:spice-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"libspice-server1-0.12.4-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"libspice-server1-debuginfo-0.12.4-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"spice-debugsource-0.12.4-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libspice-server1-0.12.4-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libspice-server1-debuginfo-0.12.4-6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"spice-debugsource-0.12.4-6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:14", "description": "From Red Hat Security Advisory 2013:1473 :\n\nAn updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2013-10-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : spice-server (ELSA-2013-1473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:spice-server", "p-cpe:/a:oracle:linux:spice-server-devel", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2013-1473.NASL", "href": "https://www.tenable.com/plugins/nessus/70690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1473 and \n# Oracle Linux Security Advisory ELSA-2013-1473 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70690);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_xref(name:\"RHSA\", value:\"2013:1473\");\n\n script_name(english:\"Oracle Linux 6 : spice-server (ELSA-2013-1473)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1473 :\n\nAn updated spice-server package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is\na remote display protocol for virtual environments. SPICE users can\naccess a virtualized desktop or server from the local system or any\nsystem with network access to the server. SPICE is used in Red Hat\nEnterprise Linux for viewing virtualized guests running on the\nKernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise\nVirtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able\nto initiate a SPICE connection to an application acting as a SPICE\nserver could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-October/003771.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected spice-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:spice-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:spice-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"spice-server-0.12.0-12.el6_4.5\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"spice-server-devel-0.12.0-12.el6_4.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice-server / spice-server-devel\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:14", "description": "This update fixes CVE-2013-4282\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-11-08T00:00:00", "type": "nessus", "title": "Fedora 19 : spice-0.12.4-3.fc19 (2013-20340)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:spice", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-20340.NASL", "href": "https://www.tenable.com/plugins/nessus/70787", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-20340.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70787);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_bugtraq_id(63408);\n script_xref(name:\"FEDORA\", value:\"2013-20340\");\n\n script_name(english:\"Fedora 19 : spice-0.12.4-3.fc19 (2013-20340)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2013-4282\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120220.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddbd1dd3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected spice package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:spice\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"spice-0.12.4-3.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:11", "description": "Updated qspice packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2013-10-30T00:00:00", "type": "nessus", "title": "RHEL 5 : qspice (RHSA-2013:1474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:qspice", "p-cpe:/a:redhat:enterprise_linux:qspice-debuginfo", "p-cpe:/a:redhat:enterprise_linux:qspice-libs", "p-cpe:/a:redhat:enterprise_linux:qspice-libs-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2013-1474.NASL", "href": "https://www.tenable.com/plugins/nessus/70695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1474. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70695);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_xref(name:\"RHSA\", value:\"2013:1474\");\n\n script_name(english:\"RHEL 5 : qspice (RHSA-2013:1474)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qspice packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is\na remote display protocol for virtual environments. SPICE users can\naccess a virtualized desktop or server from the local system or any\nsystem with network access to the server. SPICE is used in Red Hat\nEnterprise Linux for viewing virtualized guests running on the\nKernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise\nVirtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able\nto initiate a SPICE connection to an application acting as a SPICE\nserver could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4282\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qspice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qspice-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qspice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qspice-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1474\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"qspice-0.3.0-56.el5_10.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"qspice-debuginfo-0.3.0-56.el5_10.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"qspice-libs-0.3.0-56.el5_10.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"qspice-libs-devel-0.3.0-56.el5_10.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qspice / qspice-debuginfo / qspice-libs / qspice-libs-devel\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:23", "description": "A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282)", "cvss3": {"score": null, "vector": null}, "published": "2013-10-31T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : spice-server on SL6.x x86_64 (20131029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:spice-server", "p-cpe:/a:fermilab:scientific_linux:spice-server-debuginfo", "p-cpe:/a:fermilab:scientific_linux:spice-server-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20131029_SPICE_SERVER_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/70707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70707);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4282\");\n\n script_name(english:\"Scientific Linux Security Update : spice-server on SL6.x x86_64 (20131029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able\nto initiate a SPICE connection to an application acting as a SPICE\nserver could use this flaw to crash the application. (CVE-2013-4282)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1310&L=scientific-linux-errata&T=0&P=3173\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?740e6da8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected spice-server, spice-server-debuginfo and / or\nspice-server-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:spice-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:spice-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:spice-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"spice-server-0.12.0-12.el6_4.5\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"spice-server-debuginfo-0.12.0-12.el6_4.5\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"spice-server-devel-0.12.0-12.el6_4.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice-server / spice-server-debuginfo / spice-server-devel\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:19", "description": "An updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2013-10-30T00:00:00", "type": "nessus", "title": "RHEL 6 : spice-server (RHSA-2013:1473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:spice-server", "p-cpe:/a:redhat:enterprise_linux:spice-server-debuginfo", "p-cpe:/a:redhat:enterprise_linux:spice-server-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.4"], "id": "REDHAT-RHSA-2013-1473.NASL", "href": "https://www.tenable.com/plugins/nessus/70694", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1473. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70694);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_xref(name:\"RHSA\", value:\"2013:1473\");\n\n script_name(english:\"RHEL 6 : spice-server (RHSA-2013:1473)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated spice-server package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is\na remote display protocol for virtual environments. SPICE users can\naccess a virtualized desktop or server from the local system or any\nsystem with network access to the server. SPICE is used in Red Hat\nEnterprise Linux for viewing virtualized guests running on the\nKernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise\nVirtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able\nto initiate a SPICE connection to an application acting as a SPICE\nserver could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4282\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected spice-server, spice-server-debuginfo and / or\nspice-server-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:spice-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1473\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-server-0.12.0-12.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-server-debuginfo-0.12.0-12.el6_4.5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"spice-server-devel-0.12.0-12.el6_4.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice-server / spice-server-debuginfo / spice-server-devel\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:24", "description": "This update fixes CVE-2013-4282\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-11-11T00:00:00", "type": "nessus", "title": "Fedora 20 : spice-0.12.4-3.fc20 (2013-20310)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:spice", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-20310.NASL", "href": "https://www.tenable.com/plugins/nessus/70827", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-20310.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70827);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_bugtraq_id(63408);\n script_xref(name:\"FEDORA\", value:\"2013-20310\");\n\n script_name(english:\"Fedora 20 : spice-0.12.4-3.fc20 (2013-20310)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2013-4282\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120720.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d58f9cca\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected spice package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:spice\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"spice-0.12.4-3.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:14", "description": "This update fixes CVE-2013-4282\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-11-08T00:00:00", "type": "nessus", "title": "Fedora 18 : spice-0.12.4-3.fc18 (2013-20360)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:spice", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-20360.NASL", "href": "https://www.tenable.com/plugins/nessus/70788", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-20360.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70788);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_bugtraq_id(63408);\n script_xref(name:\"FEDORA\", value:\"2013-20360\");\n\n script_name(english:\"Fedora 18 : spice-0.12.4-3.fc18 (2013-20360)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2013-4282\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120239.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27aee5ee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected spice package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:spice\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"spice-0.12.4-3.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:14", "description": "Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-11-13T00:00:00", "type": "nessus", "title": "Ubuntu 13.04 / 13.10 : spice vulnerability (USN-2027-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libspice-server1", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:13.10"], "id": "UBUNTU_USN-2027-1.NASL", "href": "https://www.tenable.com/plugins/nessus/70874", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2027-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70874);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_xref(name:\"USN\", value:\"2027-1\");\n\n script_name(english:\"Ubuntu 13.04 / 13.10 : spice vulnerability (USN-2027-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tomas Jamrisko discovered that SPICE incorrectly handled long\npasswords in SPICE tickets. An attacker could use this issue to cause\nthe SPICE server to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2027-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libspice-server1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libspice-server1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libspice-server1\", pkgver:\"0.12.2-0nocelt2expubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libspice-server1\", pkgver:\"0.12.4-0nocelt1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libspice-server1\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:51:37", "description": "Updated spice packages fix security vulnerability :\n\nA stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application (CVE-2013-4282).", "cvss3": {"score": null, "vector": null}, "published": "2014-01-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : spice (MDVSA-2014:016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64spice-server-devel", "p-cpe:/a:mandriva:linux:lib64spice-server1", "p-cpe:/a:mandriva:linux:spice-client", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-016.NASL", "href": "https://www.tenable.com/plugins/nessus/72100", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:016. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72100);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_bugtraq_id(63408);\n script_xref(name:\"MDVSA\", value:\"2014:016\");\n\n script_name(english:\"Mandriva Linux Security Advisory : spice (MDVSA-2014:016)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated spice packages fix security vulnerability :\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able\nto initiate a SPICE connection to an application acting as a SPICE\nserver could use this flaw to crash the application (CVE-2013-4282).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected lib64spice-server-devel, lib64spice-server1 and /\nor spice-client packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64spice-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64spice-server1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:spice-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64spice-server-devel-0.12.2-5.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64spice-server1-0.12.2-5.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"spice-client-0.12.2-5.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:11", "description": "An updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2013-10-30T00:00:00", "type": "nessus", "title": "CentOS 6 : spice-server (CESA-2013:1473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:spice-server", "p-cpe:/a:centos:centos:spice-server-devel", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2013-1473.NASL", "href": "https://www.tenable.com/plugins/nessus/70685", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1473 and \n# CentOS Errata and Security Advisory 2013:1473 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70685);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_xref(name:\"RHSA\", value:\"2013:1473\");\n\n script_name(english:\"CentOS 6 : spice-server (CESA-2013:1473)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated spice-server package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is\na remote display protocol for virtual environments. SPICE users can\naccess a virtualized desktop or server from the local system or any\nsystem with network access to the server. SPICE is used in Red Hat\nEnterprise Linux for viewing virtualized guests running on the\nKernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise\nVirtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able\nto initiate a SPICE connection to an application acting as a SPICE\nserver could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-October/019996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d14c16c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected spice-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-4282\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:spice-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:spice-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"spice-server-0.12.0-12.el6_4.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"spice-server-devel-0.12.0-12.el6_4.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"spice-server / spice-server-devel\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:52:19", "description": "From Red Hat Security Advisory 2013:1474 :\n\nUpdated qspice packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2013-10-30T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : qspice (ELSA-2013-1474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:qspice", "p-cpe:/a:oracle:linux:qspice-libs", "p-cpe:/a:oracle:linux:qspice-libs-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2013-1474.NASL", "href": "https://www.tenable.com/plugins/nessus/70691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1474 and \n# Oracle Linux Security Advisory ELSA-2013-1474 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70691);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4282\");\n script_xref(name:\"RHSA\", value:\"2013:1474\");\n\n script_name(english:\"Oracle Linux 5 : qspice (ELSA-2013-1474)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1474 :\n\nUpdated qspice packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is\na remote display protocol for virtual environments. SPICE users can\naccess a virtualized desktop or server from the local system or any\nsystem with network access to the server. SPICE is used in Red Hat\nEnterprise Linux for viewing virtualized guests running on the\nKernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise\nVirtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able\nto initiate a SPICE connection to an application acting as a SPICE\nserver could use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-October/003773.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qspice packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qspice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qspice-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qspice-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"qspice-0.3.0-56.el5_10.1\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"qspice-libs-0.3.0-56.el5_10.1\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"qspice-libs-devel-0.3.0-56.el5_10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qspice / qspice-libs / qspice-libs-devel\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:51:32", "description": "Multiple vulnerabilities have been found in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following issues :\n\n - CVE-2013-4130 David Gibson of Red Hat discovered that SPICE incorrectly handled certain network errors. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.\n\n - CVE-2013-4282 Tomas Jamrisko of Red Hat discovered that SPICE incorrectly handled long passwords in SPICE tickets. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.\n\nApplications acting as a SPICE server must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2014-01-09T00:00:00", "type": "nessus", "title": "Debian DSA-2839-1 : spice - denial of service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4130", "CVE-2013-4282"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:spice", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2839.NASL", "href": "https://www.tenable.com/plugins/nessus/71867", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2839. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71867);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4130\", \"CVE-2013-4282\");\n script_bugtraq_id(61192, 63408);\n script_xref(name:\"DSA\", value:\"2839\");\n\n script_name(english:\"Debian DSA-2839-1 : spice - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been found in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following issues :\n\n - CVE-2013-4130\n David Gibson of Red Hat discovered that SPICE\n incorrectly handled certain network errors. A remote\n user able to initiate a SPICE connection to an\n application acting as a SPICE server could use this flaw\n to crash the application.\n\n - CVE-2013-4282\n Tomas Jamrisko of Red Hat discovered that SPICE\n incorrectly handled long passwords in SPICE tickets. A\n remote user able to initiate a SPICE connection to an\n application acting as a SPICE server could use this flaw\n to crash the application.\n\nApplications acting as a SPICE server must be restarted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/spice\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2839\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the spice packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 0.11.0-1+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:spice\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libspice-server-dev\", reference:\"0.11.0-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libspice-server1\", reference:\"0.11.0-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"spice-client\", reference:\"0.11.0-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:44:09", "description": "Spice was updated to fix four security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3247: heap corruption in the spice server (bsc#944460)\n\n - CVE-2015-5261: Guest could have accessed host memory using crafted images (bsc#948976)\n\n - CVE-2015-5260: Insufficient validation of surface_id parameter could have caused a crash (bsc#944460)\n\n - CVE-2013-4282: Buffer overflow in password handling (bsc#848279)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-10-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : spice (openSUSE-2015-657)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282", "CVE-2015-3247", "CVE-2015-5260", "CVE-2015-5261"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libspice-server-devel", "p-cpe:/a:novell:opensuse:libspice-server1", "p-cpe:/a:novell:opensuse:libspice-server1-debuginfo", "p-cpe:/a:novell:opensuse:spice-client", "p-cpe:/a:novell:opensuse:spice-client-debuginfo", "p-cpe:/a:novell:opensuse:spice-debugsource", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-657.NASL", "href": "https://www.tenable.com/plugins/nessus/86392", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-657.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86392);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4282\", \"CVE-2015-3247\", \"CVE-2015-5260\", \"CVE-2015-5261\");\n\n script_name(english:\"openSUSE Security Update : spice (openSUSE-2015-657)\");\n script_summary(english:\"Check for the openSUSE-2015-657 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Spice was updated to fix four security issues.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-3247: heap corruption in the spice server\n (bsc#944460)\n\n - CVE-2015-5261: Guest could have accessed host memory\n using crafted images (bsc#948976)\n\n - CVE-2015-5260: Insufficient validation of surface_id\n parameter could have caused a crash (bsc#944460)\n\n - CVE-2013-4282: Buffer overflow in password handling\n (bsc#848279)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=848279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=944460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=944787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=948976\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected spice packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-server1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libspice-server1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spice-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spice-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spice-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libspice-server-devel-0.12.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libspice-server1-0.12.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libspice-server1-debuginfo-0.12.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"spice-client-0.12.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"spice-client-debuginfo-0.12.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"spice-debugsource-0.12.4-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libspice-server-devel-0.12.4-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libspice-server1-0.12.4-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libspice-server1-debuginfo-0.12.4-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"spice-client-0.12.4-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"spice-client-debuginfo-0.12.4-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"spice-debugsource-0.12.4-4.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libspice-server-devel / libspice-server1 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:47:44", "description": "An updated rhev-hypervisor6 package that fixes one security issue and various bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of 'Install Failed'. If this happens, place the host into maintenance mode, then activate it again to get the host back to an 'Up' state\n\nA stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote attacker able to initiate a SPICE connection to the guest could use this flaw to crash the guest. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nThis updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers :\n\nCVE-2013-4162 and CVE-2013-4299 (kernel issues)\n\nCVE-2013-4296 and CVE-2013-4311 (libvirt issues)\n\nCVE-2013-4288 (polkit issue)\n\nThis update also contains the fixes from the following advisories :\n\n* vdsm: https://rhn.redhat.com/errata/RHBA-2013-1462.html\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1461.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-08T00:00:00", "type": "nessus", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2013:1460)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4162", "CVE-2013-4282", "CVE-2013-4288", "CVE-2013-4296", "CVE-2013-4299", "CVE-2013-4311"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-1460.NASL", "href": "https://www.tenable.com/plugins/nessus/78977", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1460. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78977);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4162\", \"CVE-2013-4282\", \"CVE-2013-4288\", \"CVE-2013-4296\", \"CVE-2013-4299\", \"CVE-2013-4311\");\n script_xref(name:\"RHSA\", value:\"2013:1460\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1460)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes one security issue and\nvarious bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of 'Install Failed'. If this happens, place the\nhost into maintenance mode, then activate it again to get the host\nback to an 'Up' state\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote attacker\nable to initiate a SPICE connection to the guest could use this flaw\nto crash the guest. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2013-4162 and CVE-2013-4299 (kernel issues)\n\nCVE-2013-4296 and CVE-2013-4311 (libvirt issues)\n\nCVE-2013-4288 (polkit issue)\n\nThis update also contains the fixes from the following advisories :\n\n* vdsm: https://rhn.redhat.com/errata/RHBA-2013-1462.html\n\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1461.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues.\"\n );\n # https://rhn.redhat.com/errata/RHBA-2013-1462.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2013:1462\"\n );\n # https://rhn.redhat.com/errata/RHBA-2013-1461.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2013:1461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4282\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1460\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.4-20131016.0.el6_4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated spice packages fix security vulnerability: A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application (CVE-2013-4282). \n", "cvss3": {}, "published": "2014-01-21T16:20:58", "type": "mageia", "title": "Updated spice packages fix a security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2014-01-21T16:20:58", "id": "MGASA-2014-0022", "href": "https://advisories.mageia.org/MGASA-2014-0022.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:54:22", "description": "**CentOS Errata and Security Advisory** CESA-2013:1474\n\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2013-October/056913.html\n\n**Affected packages:**\nqspice\nqspice-libs\nqspice-libs-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2013:1474", "cvss3": {}, "published": "2013-10-29T20:25:52", "type": "centos", "title": "qspice security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2013-10-29T20:25:52", "id": "CESA-2013:1474", "href": "https://lists.centos.org/pipermail/centos-announce/2013-October/056913.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-27T11:54:22", "description": "**CentOS Errata and Security Advisory** CESA-2013:1473\n\n\nThe Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2013-October/056915.html\n\n**Affected packages:**\nspice-server\nspice-server-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2013:1473", "cvss3": {}, "published": "2013-10-30T02:12:05", "type": "centos", "title": "spice security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2013-10-30T02:12:05", "id": "CESA-2013:1473", "href": "https://lists.centos.org/pipermail/centos-announce/2013-October/056915.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-19T18:40:46", "description": "The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\n", "cvss3": {}, "published": "2013-10-29T00:00:00", "type": "redhat", "title": "(RHSA-2013:1473) Important: spice-server security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2018-06-06T16:24:30", "id": "RHSA-2013:1473", "href": "https://access.redhat.com/errata/RHSA-2013:1473", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T04:44:01", "description": "The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n", "cvss3": {}, "published": "2013-10-29T00:00:00", "type": "redhat", "title": "(RHSA-2013:1474) Important: qspice security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2017-09-08T08:19:43", "id": "RHSA-2013:1474", "href": "https://access.redhat.com/errata/RHSA-2013:1474", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:40:01", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote attacker able to\ninitiate a SPICE connection to the guest could use this flaw to crash the\nguest. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nThis updated package provides updated components that include fixes for \nvarious security issues. These issues have no security impact on Red Hat \nEnterprise Virtualization Hypervisor itself, however. The security fixes \nincluded in this update address the following CVE numbers: \n\nCVE-2013-4162 and CVE-2013-4299 (kernel issues)\n\nCVE-2013-4296 and CVE-2013-4311 (libvirt issues)\n\nCVE-2013-4288 (polkit issue)\n\nThis update also contains the fixes from the following advisories:\n\n* vdsm: https://rhn.redhat.com/errata/RHBA-2013-1462.html\n* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1461.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "cvss3": {}, "published": "2013-10-29T00:00:00", "type": "redhat", "title": "(RHSA-2013:1460) Important: rhev-hypervisor6 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4162", "CVE-2013-4282", "CVE-2013-4288", "CVE-2013-4296", "CVE-2013-4299", "CVE-2013-4311"], "modified": "2018-06-07T04:59:45", "id": "RHSA-2013:1460", "href": "https://access.redhat.com/errata/RHSA-2013:1460", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:43", "description": "[0.3.0-56.1]\n- Fix spice-server crash when client sends a password which is too long\n Resolves: CVE-2013-4282\n[0.3.0-56.el5]\n- Fix unsafe accesses\n + spice: drop libpng from windows components (537849)\n + libspice: fix unsafe guest data accessing\nResolves: #568720\n + fix unsafe free() call.\nResolves: #568724\n + spice server: fix unsafe cursor items handling.\nResolves: #568720\n[0.3.0-55.el5]\n- spice: clear client palette caches on migration\nResolves: #599496", "cvss3": {}, "published": "2013-10-29T00:00:00", "type": "oraclelinux", "title": "qspice security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2013-10-29T00:00:00", "id": "ELSA-2013-1474", "href": "http://linux.oracle.com/errata/ELSA-2013-1474.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:29", "description": "[0.12.0-12.5]\n- Fix issue with error-handling of RSA_private_decrypt() in previous patch\n Related: CVE-2013-4282\n[0.12.0-12.el6_4.4]\n- Fix buffer overflow when decrypting client SPICE ticket\n Resolves: CVE-2013-4282", "cvss3": {}, "published": "2013-10-29T00:00:00", "type": "oraclelinux", "title": "spice-server security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2013-10-29T00:00:00", "id": "ELSA-2013-1473", "href": "http://linux.oracle.com/errata/ELSA-2013-1473.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:38:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for spice USN-2027-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2027_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for spice USN-2027-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841632\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 17:12:32 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for spice USN-2027-1\");\n\n script_tag(name:\"affected\", value:\"spice on Ubuntu 13.10,\n Ubuntu 13.04\");\n script_tag(name:\"insight\", value:\"Tomas Jamrisko discovered that SPICE incorrectly handled long\npasswords in SPICE tickets. An attacker could use this issue to cause the\nSPICE server to crash, resulting in a denial of service.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2027-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2027-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(13\\.10|13\\.04)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libspice-server1:i386\", ver:\"0.12.4-0nocelt1ubuntu0.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libspice-server1:i386\", ver:\"0.12.2-0nocelt2expubuntu1.2\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:19", "description": "Oracle Linux Local Security Checks ELSA-2013-1473", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1473", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123539", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123539", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1473.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123539\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:15 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1473\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1473 - spice-server security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1473\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1473.html\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"spice-server\", rpm:\"spice-server~0.12.0~12.el6_4.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"spice-server-devel\", rpm:\"spice-server-devel~0.12.0~12.el6_4.5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-02-05T11:11:07", "description": "Check for the Version of spice-server", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "CentOS Update for spice-server CESA-2013:1473 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-02-03T00:00:00", "id": "OPENVAS:881825", "href": "http://plugins.openvas.org/nasl.php?oid=881825", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for spice-server CESA-2013:1473 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881825);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:52:46 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for spice-server CESA-2013:1473 centos6 \");\n\n tag_insight = \"The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\n\";\n\n tag_affected = \"spice-server on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1473\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-October/019996.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of spice-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-server\", rpm:\"spice-server~0.12.0~12.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-server-devel\", rpm:\"spice-server-devel~0.12.0~12.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:07", "description": "Oracle Linux Local Security Checks ELSA-2013-1474", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1474", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123540", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123540", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1474.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123540\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:16 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1474\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1474 - qspice security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1474\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1474.html\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"qspice\", rpm:\"qspice~0.3.0~56.el5_10.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qspice-libs\", rpm:\"qspice-libs~0.3.0~56.el5_10.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qspice-libs-devel\", rpm:\"qspice-libs-devel~0.3.0~56.el5_10.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-19T15:09:06", "description": "Check for the Version of spice-server", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "RedHat Update for spice-server RHSA-2013:1473-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-01-19T00:00:00", "id": "OPENVAS:871064", "href": "http://plugins.openvas.org/nasl.php?oid=871064", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for spice-server RHSA-2013:1473-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871064);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:41:38 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for spice-server RHSA-2013:1473-01\");\n\n tag_insight = \"The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\n\";\n\n tag_affected = \"spice-server on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1473-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-October/msg00030.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of spice-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-server\", rpm:\"spice-server~0.12.0~12.el6_4.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-server-debuginfo\", rpm:\"spice-server-debuginfo~0.12.0~12.el6_4.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-24T11:09:22", "description": "Check for the Version of qspice", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "CentOS Update for qspice CESA-2013:1474 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:881823", "href": "http://plugins.openvas.org/nasl.php?oid=881823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for qspice CESA-2013:1474 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881823);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:52:32 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for qspice CESA-2013:1474 centos5 \");\n\n tag_insight = \"The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\";\n\n tag_affected = \"qspice on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1474\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-October/019994.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of qspice\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"qspice\", rpm:\"qspice~0.3.0~56.el5_10.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qspice-libs\", rpm:\"qspice-libs~0.3.0~56.el5_10.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qspice-libs-devel\", rpm:\"qspice-libs-devel~0.3.0~56.el5_10.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "RedHat Update for qspice RHSA-2013:1474-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871067", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qspice RHSA-2013:1474-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871067\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:42:32 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for qspice RHSA-2013:1474-01\");\n\n\n script_tag(name:\"affected\", value:\"qspice on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1474-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-October/msg00031.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qspice'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"qspice-debuginfo\", rpm:\"qspice-debuginfo~0.3.0~56.el5_10.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qspice-libs\", rpm:\"qspice-libs~0.3.0~56.el5_10.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "RedHat Update for spice-server RHSA-2013:1473-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871064", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871064", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for spice-server RHSA-2013:1473-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871064\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:41:38 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for spice-server RHSA-2013:1473-01\");\n\n\n script_tag(name:\"affected\", value:\"spice-server on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1473-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-October/msg00030.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice-server'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-server\", rpm:\"spice-server~0.12.0~12.el6_4.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-server-debuginfo\", rpm:\"spice-server-debuginfo~0.12.0~12.el6_4.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-27T10:51:21", "description": "Check for the Version of qspice", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "RedHat Update for qspice RHSA-2013:1474-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:871067", "href": "http://plugins.openvas.org/nasl.php?oid=871067", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qspice RHSA-2013:1474-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871067);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:42:32 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Update for qspice RHSA-2013:1474-01\");\n\n tag_insight = \"The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\";\n\n tag_affected = \"qspice on Red Hat Enterprise Linux (v. 5 server)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1474-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-October/msg00031.html\");\n script_summary(\"Check for the Version of qspice\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"qspice-debuginfo\", rpm:\"qspice-debuginfo~0.3.0~56.el5_10.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qspice-libs\", rpm:\"qspice-libs~0.3.0~56.el5_10.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:10:10", "description": "Check for the Version of spice", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for spice FEDORA-2013-20360", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:867051", "href": "http://plugins.openvas.org/nasl.php?oid=867051", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice FEDORA-2013-20360\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867051);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:37:52 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for spice FEDORA-2013-20360\");\n\n tag_insight = \"The Simple Protocol for Independent Computing Environments (SPICE) is\na remote display system built for virtual environments which allows\nyou to view a computing 'desktop' environment not only on the machine\nwhere it is running, but from anywhere on the Internet and from a wide\nvariety of machine architectures.\n\";\n\n tag_affected = \"spice on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-20360\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120239.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of spice\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice\", rpm:\"spice~0.12.4~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-01-31T18:37:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for spice (SUSE-SU-2015:0884-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850847", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850847\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 12:15:01 +0200 (Thu, 15 Oct 2015)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for spice (SUSE-SU-2015:0884-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The remote desktop software SPICE was updated to address one security\n issue.\n\n The following vulnerability was fixed:\n\n * A stack-based buffer overflow in the password handling code allowed\n remote attackers to cause a denial of service (crash) via a long\n password in a SPICE ticket. (bsc#848279, CVE-2013-4282)\");\n\n script_tag(name:\"affected\", value:\"spice on SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0884-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libspice-server1\", rpm:\"libspice-server1~0.12.4~6.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libspice-server1-debuginfo\", rpm:\"libspice-server1-debuginfo~0.12.4~6.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"spice-debugsource\", rpm:\"spice-debugsource~0.12.4~6.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for spice FEDORA-2013-20340", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice FEDORA-2013-20340\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867044\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:37:39 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for spice FEDORA-2013-20340\");\n\n\n script_tag(name:\"affected\", value:\"spice on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-20340\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120220.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice\", rpm:\"spice~0.12.4~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for spice FEDORA-2013-20360", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867051", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice FEDORA-2013-20360\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867051\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:37:52 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for spice FEDORA-2013-20360\");\n\n\n script_tag(name:\"affected\", value:\"spice on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-20360\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120239.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice\", rpm:\"spice~0.12.4~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "CentOS Update for qspice CESA-2013:1474 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for qspice CESA-2013:1474 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881823\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:52:32 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for qspice CESA-2013:1474 centos5\");\n\n script_tag(name:\"affected\", value:\"qspice on CentOS 5\");\n script_tag(name:\"insight\", value:\"The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll qspice users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2013:1474\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-October/019994.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qspice'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"qspice\", rpm:\"qspice~0.3.0~56.el5_10.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qspice-libs\", rpm:\"qspice-libs~0.3.0~56.el5_10.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qspice-libs-devel\", rpm:\"qspice-libs-devel~0.3.0~56.el5_10.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "CentOS Update for spice-server CESA-2013:1473 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881825", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881825", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for spice-server CESA-2013:1473 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881825\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:52:46 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Update for spice-server CESA-2013:1473 centos6\");\n\n script_tag(name:\"affected\", value:\"spice-server on CentOS 6\");\n script_tag(name:\"insight\", value:\"The Simple Protocol for Independent Computing Environments (SPICE) is a\nremote display protocol for virtual environments. SPICE users can access a\nvirtualized desktop or server from the local system or any system with\nnetwork access to the server. SPICE is used in Red Hat Enterprise Linux for\nviewing virtualized guests running on the Kernel-based Virtual Machine\n(KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors.\n\nA stack-based buffer overflow flaw was found in the way the\nreds_handle_ticket() function in the spice-server library handled\ndecryption of ticket data provided by the client. A remote user able to\ninitiate a SPICE connection to an application acting as a SPICE server\ncould use this flaw to crash the application. (CVE-2013-4282)\n\nThis issue was discovered by Tomas Jamrisko of Red Hat.\n\nAll spice-server users are advised to upgrade to this updated package,\nwhich contains a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2013:1473\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-October/019996.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'spice-server'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice-server\", rpm:\"spice-server~0.12.0~12.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"spice-server-devel\", rpm:\"spice-server-devel~0.12.0~12.el6_4.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-23T13:09:48", "description": "Check for the Version of spice", "cvss3": {}, "published": "2013-11-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for spice USN-2027-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:841632", "href": "http://plugins.openvas.org/nasl.php?oid=841632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2027_1.nasl 8494 2018-01-23 06:57:55Z teissa $\n#\n# Ubuntu Update for spice USN-2027-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841632);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-18 17:12:32 +0530 (Mon, 18 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for spice USN-2027-1\");\n\n tag_insight = \"Tomas Jamrisko discovered that SPICE incorrectly handled long\npasswords in SPICE tickets. An attacker could use this issue to cause the\nSPICE server to crash, resulting in a denial of service.\";\n\n tag_affected = \"spice on Ubuntu 13.10 ,\n Ubuntu 13.04\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2027-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2027-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of spice\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libspice-server1:i386\", ver:\"0.12.4-0nocelt1ubuntu0.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libspice-server1:i386\", ver:\"0.12.2-0nocelt2expubuntu1.2\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:09:35", "description": "Check for the Version of spice", "cvss3": {}, "published": "2013-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for spice FEDORA-2013-20340", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2018-01-25T00:00:00", "id": "OPENVAS:867044", "href": "http://plugins.openvas.org/nasl.php?oid=867044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for spice FEDORA-2013-20340\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867044);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:37:39 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-4282\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for spice FEDORA-2013-20340\");\n\n tag_insight = \"The Simple Protocol for Independent Computing Environments (SPICE) is\na remote display system built for virtual environments which allows\nyou to view a computing 'desktop' environment not only on the machine\nwhere it is running, but from anywhere on the Internet and from a wide\nvariety of machine architectures.\n\";\n\n tag_affected = \"spice on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-20340\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120220.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of spice\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"spice\", rpm:\"spice~0.12.4~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:20", "description": "Multiple vulnerabilities have been found in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following issues:\n\nCVE-2013-4130\nDavid Gibson of Red Hat discovered that SPICE incorrectly handled\ncertain network errors. A remote user able to initiate a SPICE\nconnection to an application acting as a SPICE server could use this\nflaw to crash the application.\n\nCVE-2013-4282\nTomas Jamrisko of Red Hat discovered that SPICE incorrectly handled\nlong passwords in SPICE tickets. A remote user able to initiate a\nSPICE connection to an application acting as a SPICE server could use\nthis flaw to crash the application.\n\nApplications acting as a SPICE server must be restarted for this update\nto take effect.", "cvss3": {}, "published": "2014-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2839-1 (spice - denial of service)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282", "CVE-2013-4130"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702839", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702839", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2839.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2839-1 using nvtgen 1.0\n# Script version: 1.2\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702839\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-4130\", \"CVE-2013-4282\");\n script_name(\"Debian Security Advisory DSA 2839-1 (spice - denial of service)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-08 00:00:00 +0100 (Wed, 08 Jan 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2839.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"spice on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 0.11.0-1+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 0.12.4-0nocelt2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.12.4-0nocelt2.\n\nWe recommend that you upgrade your spice packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been found in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following issues:\n\nCVE-2013-4130\nDavid Gibson of Red Hat discovered that SPICE incorrectly handled\ncertain network errors. A remote user able to initiate a SPICE\nconnection to an application acting as a SPICE server could use this\nflaw to crash the application.\n\nCVE-2013-4282\nTomas Jamrisko of Red Hat discovered that SPICE incorrectly handled\nlong passwords in SPICE tickets. A remote user able to initiate a\nSPICE connection to an application acting as a SPICE server could use\nthis flaw to crash the application.\n\nApplications acting as a SPICE server must be restarted for this update\nto take effect.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libspice-server-dev\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libspice-server1\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"spice-client\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-08-02T10:49:12", "description": "Multiple vulnerabilities have been found in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following issues:\n\nCVE-2013-4130 \nDavid Gibson of Red Hat discovered that SPICE incorrectly handled\ncertain network errors. A remote user able to initiate a SPICE\nconnection to an application acting as a SPICE server could use this\nflaw to crash the application.\n\nCVE-2013-4282 \nTomas Jamrisko of Red Hat discovered that SPICE incorrectly handled\nlong passwords in SPICE tickets. A remote user able to initiate a\nSPICE connection to an application acting as a SPICE server could use\nthis flaw to crash the application.\n\nApplications acting as a SPICE server must be restarted for this update\nto take effect.", "cvss3": {}, "published": "2014-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2839-1 (spice - denial of service)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4282", "CVE-2013-4130"], "modified": "2017-07-18T00:00:00", "id": "OPENVAS:702839", "href": "http://plugins.openvas.org/nasl.php?oid=702839", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2839.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 2839-1 using nvtgen 1.0\n# Script version: 1.2\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"spice on Debian Linux\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 0.11.0-1+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 0.12.4-0nocelt2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.12.4-0nocelt2.\n\nWe recommend that you upgrade your spice packages.\";\ntag_summary = \"Multiple vulnerabilities have been found in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following issues:\n\nCVE-2013-4130 \nDavid Gibson of Red Hat discovered that SPICE incorrectly handled\ncertain network errors. A remote user able to initiate a SPICE\nconnection to an application acting as a SPICE server could use this\nflaw to crash the application.\n\nCVE-2013-4282 \nTomas Jamrisko of Red Hat discovered that SPICE incorrectly handled\nlong passwords in SPICE tickets. A remote user able to initiate a\nSPICE connection to an application acting as a SPICE server could use\nthis flaw to crash the application.\n\nApplications acting as a SPICE server must be restarted for this update\nto take effect.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702839);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2013-4130\", \"CVE-2013-4282\");\n script_name(\"Debian Security Advisory DSA 2839-1 (spice - denial of service)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-01-08 00:00:00 +0100 (Wed, 08 Jan 2014)\");\n script_tag(name: \"cvss_base\", value:\"5.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2839.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libspice-server-dev\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libspice-server1\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spice-client\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libspice-server-dev\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libspice-server1\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spice-client\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libspice-server-dev\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libspice-server1\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spice-client\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libspice-server-dev\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libspice-server1\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spice-client\", ver:\"0.11.0-1+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T13:31:17", "description": "Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.", "cvss3": {}, "published": "2013-11-02T19:55:00", "type": "cve", "title": "CVE-2013-4282", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/a:spice_project:spice:0.12.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:redhat:enterprise_virtualization:3.0"], "id": "CVE-2013-4282", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4282", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:spice_project:spice:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T17:39:59", "description": "BUGTRAQ ID: 63408\r\nCVE(CAN) ID: CVE-2013-4282\r\n\r\nSPICE\u662f\u5f00\u6e90\u865a\u62df\u684c\u9762\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nSPICE\u7684reds_handle_ticket()\u51fd\u6570\u5bf9'password'\u7f13\u51b2\u533a\u5185\u7684\u89e3\u5bc6\u5bc6\u7801\u4f7f\u7528\u4e86\u5927\u5c0f\u56fa\u5b9a\u7684\u5c3a\u5bf8SPICE_MAX_PASSWORD_LENGTH\uff0c\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5728\u5efa\u7acb\u4e86\u5230\u5ba2\u6237\u7aef\u7684SPICE\u8fde\u63a5\u540e\uff0c\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u5ba2\u6237\u7aef\u5d29\u6e83\u3002\n0\nfreedesktop spice 0.12.4-0nocelt1.1\r\nfreedesktop spice 0.11.0-1\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nfreedesktop\r\n-----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://cgit.freedesktop.org/spice", "cvss3": {}, "published": "2013-10-31T00:00:00", "type": "seebug", "title": "SPICE 'reds_handle_ticket()'\u51fd\u6570\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2013-10-31T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61067", "id": "SSV:61067", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:56:36", "description": "The remote desktop software SPICE was updated to address one security\n issue.\n\n The following vulnerabilitiy was fixed:\n\n * A stack-based buffer overflow in the password handling code allowed\n remote attackers to cause a denial of service (crash) via a long\n password in a SPICE ticket. (bsc#848279, CVE-2013-4282)\n\n", "cvss3": {}, "published": "2015-05-16T01:04:53", "type": "suse", "title": "Security update for spice (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2015-05-16T01:04:53", "id": "SUSE-SU-2015:0884-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00011.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:46:50", "description": "The remote desktop software SPICE was updated to address one security\n issue.\n\n The following vulnerabilitiy was fixed:\n\n * A stack-based buffer overflow in the password handling code allowed\n remote attackers to cause a denial of service (crash) via a long\n password in a SPICE ticket. (bsc#848279, CVE-2013-4282)\n\n", "cvss3": {}, "published": "2015-05-15T18:04:56", "type": "suse", "title": "Security update for spice (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2015-05-15T18:04:56", "id": "SUSE-SU-2015:0884-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. ", "cvss3": {}, "published": "2013-11-08T04:35:57", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: spice-0.12.4-3.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2013-11-08T04:35:57", "id": "FEDORA:62B072159B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CGLADMU633UYO45B43EWAP5UVYGS62G7/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. ", "cvss3": {}, "published": "2013-11-08T04:37:11", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: spice-0.12.4-3.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2013-11-08T04:37:11", "id": "FEDORA:0AA142279D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DA32EHRDQIJ7RLNBXDH2OO2FWEH32Q7U/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. ", "cvss3": {}, "published": "2013-11-10T06:59:01", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: spice-0.12.4-3.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2013-11-10T06:59:01", "id": "FEDORA:EBDA02421E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RFCCAZHB5WEL6VGKNGDG2YIGBPUZNDMM/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:52:49", "description": "Stack-based buffer overflow in the reds_handle_ticket function in\nserver/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of\nservice (crash) via a long password in a SPICE ticket.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728314>\n", "cvss3": {}, "published": "2013-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2013-4282", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2013-11-02T00:00:00", "id": "UB:CVE-2013-4282", "href": "https://ubuntu.com/security/CVE-2013-4282", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "description": "Buffer overflow on oversized password.", "edition": 1, "cvss3": {}, "published": "2013-11-18T00:00:00", "title": "SPICE library buffer overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-4282"], "modified": "2013-11-18T00:00:00", "id": "SECURITYVULNS:VULN:13407", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13407", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debiancve": [{"lastseen": "2022-06-11T06:02:28", "description": "Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.", "cvss3": {}, "published": "2013-11-02T19:55:00", "type": "debiancve", "title": "CVE-2013-4282", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2013-11-02T19:55:00", "id": "DEBIANCVE:CVE-2013-4282", "href": "https://security-tracker.debian.org/tracker/CVE-2013-4282", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:55:08", "description": "Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in \nSPICE tickets. An attacker could use this issue to cause the SPICE server \nto crash, resulting in a denial of service.\n", "cvss3": {}, "published": "2013-11-12T00:00:00", "type": "ubuntu", "title": "SPICE vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4282"], "modified": "2013-11-12T00:00:00", "id": "USN-2027-1", "href": "https://ubuntu.com/security/notices/USN-2027-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-21T23:24:09", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2839-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 08, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : spice\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4130 CVE-2013-4282\nDebian Bug : 717030 728314\n\nMultiple vulnerabilities have been found in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following issues:\n\nCVE-2013-4130\n\n David Gibson of Red Hat discovered that SPICE incorrectly handled\n certain network errors. A remote user able to initiate a SPICE\n connection to an application acting as a SPICE server could use this\n flaw to crash the application.\n\nCVE-2013-4282\n\n Tomas Jamrisko of Red Hat discovered that SPICE incorrectly handled\n long passwords in SPICE tickets. A remote user able to initiate a\n SPICE connection to an application acting as a SPICE server could use\n this flaw to crash the application.\n\nApplications acting as a SPICE server must be restarted for this update\nto take effect.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.11.0-1+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 0.12.4-0nocelt2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.12.4-0nocelt2.\n\nWe recommend that you upgrade your spice packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-01-08T14:41:30", "type": "debian", "title": "[SECURITY] [DSA 2839-1] spice security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4130", "CVE-2013-4282"], "modified": "2014-01-08T14:41:30", "id": "DEBIAN:DSA-2839-1:AF416", "href": "https://lists.debian.org/debian-security-announce/2014/msg00007.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-01T11:59:39", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2839-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 08, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : spice\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4130 CVE-2013-4282\nDebian Bug : 717030 728314\n\nMultiple vulnerabilities have been found in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following issues:\n\nCVE-2013-4130\n\n David Gibson of Red Hat discovered that SPICE incorrectly handled\n certain network errors. A remote user able to initiate a SPICE\n connection to an application acting as a SPICE server could use this\n flaw to crash the application.\n\nCVE-2013-4282\n\n Tomas Jamrisko of Red Hat discovered that SPICE incorrectly handled\n long passwords in SPICE tickets. A remote user able to initiate a\n SPICE connection to an application acting as a SPICE server could use\n this flaw to crash the application.\n\nApplications acting as a SPICE server must be restarted for this update\nto take effect.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 0.11.0-1+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 0.12.4-0nocelt2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.12.4-0nocelt2.\n\nWe recommend that you upgrade your spice packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-01-08T14:41:30", "type": "debian", "title": "[SECURITY] [DSA 2839-1] spice security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4130", "CVE-2013-4282"], "modified": "2014-01-08T14:41:30", "id": "DEBIAN:DSA-2839-1:20FD8", "href": "https://lists.debian.org/debian-security-announce/2014/msg00007.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}