RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)

high Nessus Plugin ID 78979

Synopsis

The remote Red Hat host is missing one or more security updates for rhev-hypervisor6.

Description

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:1527 advisory.

The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.

Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of Install Failed. If this happens, place the host into maintenance mode, then activate it again to get the host back to an Up state.

A buffer overflow flaw was found in the way QEMU processed the SCSI REPORT LUNS command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
(CVE-2013-4344)

Multiple flaws were found in the way Linux kernel handled HID (Human Interface Device) reports. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, CVE-2013-2889, CVE-2013-2892)

A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238)

The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default.
For more information, refer to the sshd_config(5) man page. (CVE-2010-5107)

The CVE-2013-4344 issue was discovered by Asias He of Red Hat.

This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers:

CVE-2012-0786 and CVE-2012-0787 (augeas issues)

CVE-2013-1813 (busybox issue)

CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)

CVE-2012-4453 (dracut issue)

CVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)

CVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591, CVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929, CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and CVE-2013-2851 (kernel issues)

CVE-2013-4242 (libgcrypt issue)

CVE-2013-4419 (libguestfs issue)

CVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)

This update also fixes the following bug:

* A previous version of the rhev-hypervisor6 package did not contain the latest vhostmd package, which provides a metrics communication channel between a host and its hosted virtual machines, allowing limited introspection of host resource usage from within virtual machines. This has been fixed, and rhev-hypervisor6 now includes the latest vhostmd package.
(BZ#1026703)

This update also contains the fixes from the following errata:

* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html

Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL rhev-hypervisor6 package based on the guidance in RHSA-2013:1527.

See Also

http://www.nessus.org/u?0869eae1

http://www.nessus.org/u?5d1b5f78

https://access.redhat.com/errata/RHSA-2013:1527

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1000429

https://bugzilla.redhat.com/show_bug.cgi?id=1000451

https://bugzilla.redhat.com/show_bug.cgi?id=1007330

https://bugzilla.redhat.com/show_bug.cgi?id=1026703

https://bugzilla.redhat.com/show_bug.cgi?id=908060

https://bugzilla.redhat.com/show_bug.cgi?id=908707

https://bugzilla.redhat.com/show_bug.cgi?id=996381

https://bugzilla.redhat.com/show_bug.cgi?id=999890

https://rhn.redhat.com/errata/RHBA-2013-1528.html

Plugin Details

Severity: High

ID: 78979

File Name: redhat-RHSA-2013-1527.nasl

Version: 1.17

Type: local

Agent: unix

Published: 11/8/2014

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-4344

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2010-5107

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/21/2013

Vulnerability Publication Date: 3/7/2013

Reference Information

CVE: CVE-2010-5107, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-4238, CVE-2013-4344

BID: 58162, 61738, 62042, 62043, 62049, 62773

CWE: 122, 400

RHSA: 2013:1527