SB2019110653 - Multiple vulnerabilities in Red Hat Enterprise Linux Advanced Virtualization 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019110653

SB2019110653 - Multiple vulnerabilities in Red Hat Enterprise Linux Advanced Virtualization

Published: November 6, 2019 Updated: November 26, 2019

Security Bulletin ID SB2019110653
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2019-12155)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in "hw/display/qxl.c". A remote attacker can perform a denial of service (DoS) attack.


2) Heap-based buffer overflow (CVE-ID: CVE-2019-9755)

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to a boundary error when executing the NTFS-3G driver with an overly long relative mount point path. A local usre can create directory structure with specially crafted names, trigger heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.



3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-3886)

The vulnerability allows a remote attacker to gain access to sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to the application allows readonly permissions to invoke the APIs depending on the guest agent. A remote non-authenticated attacker can gain access to sensitive information or perform denial of service attack.


Remediation

Install update from vendor's website.

References