Veracode Vulnerability DatabaseVERACODE:24139Man-in-the-middle
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
The Simple Protocol for Independent Computing Environments (SPICE) is vulnerable to Man-in-the-middle. A race condition was found in the way the SPICE Mozilla Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into communicating over an attacker-controlled socket, possibly gaining access to authentication details, or resulting in a man-in-the-middle attack on the SPICE connection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qspice-client | eq | 0.3.0__2.el5_5 | |
| spice-xpi | eq | 2.2__1.el5_5 | |
| qspice-client | eq | 0.3.0__2.el5_5 | |
| spice-xpi | eq | 2.2__1.el5_5 |
References
osvdb.org/67619
secunia.com/advisories/41120
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0632.html
www.redhat.com/support/errata/RHSA-2010-0651.html
www.securityfocus.com/bid/42711
www.vupen.com/english/advisories/2010/2181
access.redhat.com/errata/RHSA-2010:0632
bugzilla.redhat.com/show_bug.cgi?id=620350
Related
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N