Red Hat update for Red Hat Virtualization Manager

1) Stack-based buffer overflow

EUVDB-ID: #VU12815

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-10728

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can insert a specially crafted cookie into a GET request, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Virtualization Manager: 4.2

CPE2.3

• cpe:2.3:a:red_hat:red_hat_virtualization_manager:4.2:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2018:2071

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU12814

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-10729

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to Web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. A remote attacker can submit a web login request can expose the contents of this file through to the web browser.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Virtualization Manager: 4.2

CPE2.3

• cpe:2.3:a:red_hat:red_hat_virtualization_manager:4.2:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2018:2071

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Null pointer dereference

EUVDB-ID: #VU13374

Risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-10754

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper parsing of terminfo files by the _nc_write_entry function, as defined in the tinfo/parse_entry.c source code file. A remote attacker can trick the victim into open a terminfo file that submits malicious input, trigger a NULL pointer dereference condition and cause the application to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Virtualization Manager: 4.2

CPE2.3

• cpe:2.3:a:red_hat:red_hat_virtualization_manager:4.2:*:*:*:*:*:*:*

External links

https://access.redhat.com/errata/RHSA-2018:2071

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.