Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 update for redhat-virtualization-host
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 |
| CWE-ID | CWE-284 CWE-190 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Red Hat Virtualization Host Web applications / Remote management & hosting panels redhat-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component redhat-release-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU18879
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-10161
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in libvirtd that allow read-only clients to use the virDomainSaveImageGetXMLDesc() API. A local user with read-only access to the libvirtd socket can confirm presence of arbitrary files on the system, trigger denial of service condition or execute arbitrary applications on the affected system.
MitigationInstall updates from vendor's website.
Red Hat Virtualization Host: 4
redhat-virtualization-host (Red Hat package): before 4.3.4-20190620.3.el7_6
redhat-release-virtualization-host (Red Hat package): before 4.3.4-1.el7ev
CPE2.3- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1699
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU32018
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-10166
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
MitigationInstall updates from vendor's website.
Red Hat Virtualization Host: 4
redhat-virtualization-host (Red Hat package): before 4.3.4-20190620.3.el7_6
redhat-release-virtualization-host (Red Hat package): before 4.3.4-1.el7ev
CPE2.3- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1699
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU32019
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-10167
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
MitigationInstall updates from vendor's website.
Red Hat Virtualization Host: 4
redhat-virtualization-host (Red Hat package): before 4.3.4-20190620.3.el7_6
redhat-release-virtualization-host (Red Hat package): before 4.3.4-1.el7ev
CPE2.3- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1699
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU32020
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-10168
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
MitigationInstall updates from vendor's website.
Red Hat Virtualization Host: 4
redhat-virtualization-host (Red Hat package): before 4.3.4-20190620.3.el7_6
redhat-release-virtualization-host (Red Hat package): before 4.3.4-1.el7ev
CPE2.3- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1699
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU18813
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11477
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to integer overflow when handling TCP Selective Acknowledgments (SACKs) due to incorrect processing of TCP_SKB_CB(skb)->tcp_gso_segs value in Linux kernel. A remote non-authenticated attacker can send specially crafted network traffic to the affected system, trigger integer overflow and render the system unavailable.
Successful exploitation of the vulnerability allows a remote attacker to perform denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Virtualization Host: 4
redhat-virtualization-host (Red Hat package): before 4.3.4-20190620.3.el7_6
redhat-release-virtualization-host (Red Hat package): before 4.3.4-1.el7ev
CPE2.3- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1699
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU18946
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11478
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to an error when processing TCP Selective Acknowledgment (SACK) sequences within the Linux kernel TCP retransmission queue implementation in tcp_fragment. A remote non-authenticated attacker can send specially crafted network traffic to the affected system and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Red Hat Virtualization Host: 4
redhat-virtualization-host (Red Hat package): before 4.3.4-20190620.3.el7_6
redhat-release-virtualization-host (Red Hat package): before 4.3.4-1.el7ev
CPE2.3- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1699
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource exhaustion
EUVDB-ID: #VU18947
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11479
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to presence of hard-coded MSS value (48 bytes) in the Linux kernel source code. A remote attacker can fragment TCP resend queues significantly more than if a larger MSS were enforced and perform denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Virtualization Host: 4
redhat-virtualization-host (Red Hat package): before 4.3.4-20190620.3.el7_6
redhat-release-virtualization-host (Red Hat package): before 4.3.4-1.el7ev
CPE2.3- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2019:1699
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
