Red Hat Virtualization update for redhat-virtualization-host



Published: 2021-02-04 | Updated: 2023-05-14
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2021-3156
CWE-ID CWE-345
CWE-327
CWE-122
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerability #4 is being exploited in the wild.
Vulnerable software
Subscribe
redhat-release-virtualization-host (Red Hat package)
Operating systems & Components / Operating system package or component

redhat-virtualization-host (Red Hat package)
Operating systems & Components / Operating system package or component

vdsm (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Virtualization Host
Web applications / Remote management & hosting panels

Red Hat Virtualization for IBM Power LE
Server applications / Virtualization software

Red Hat Virtualization
Server applications / Virtualization software

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Insufficient verification of data authenticity

EUVDB-ID: #VU49843

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-25684

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a lack of proper address/port check within the "reply_query" function. A remote attacker can perform a DNS cache poisoning attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

redhat-release-virtualization-host (Red Hat package): 4.3.4-1.el7ev - 4.3.12-4.el7ev

redhat-virtualization-host (Red Hat package): 4.3.11-20200922.0.el7_9 - 4.3.12-20201216.0.el7_9

vdsm (Red Hat package): 4.30.13-4.el7ev

Red Hat Virtualization Host: 4

Red Hat Virtualization for IBM Power LE: 4

Red Hat Virtualization: 4

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0395


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU49844

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-25685

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a lack of query resource name (RRNAME) checks in the "reply_query" function. A remote attacker can perform a DNS cache poisoning attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

redhat-release-virtualization-host (Red Hat package): 4.3.4-1.el7ev - 4.3.12-4.el7ev

redhat-virtualization-host (Red Hat package): 4.3.11-20200922.0.el7_9 - 4.3.12-20201216.0.el7_9

vdsm (Red Hat package): 4.30.13-4.el7ev

Red Hat Virtualization Host: 4

Red Hat Virtualization for IBM Power LE: 4

Red Hat Virtualization: 4

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0395


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Insufficient verification of data authenticity

EUVDB-ID: #VU49845

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-25686

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected software does not check for an existing pending request for the same name and forwards a new request. A remote attacker can perform a DNS cache poisoning attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

redhat-release-virtualization-host (Red Hat package): 4.3.4-1.el7ev - 4.3.12-4.el7ev

redhat-virtualization-host (Red Hat package): 4.3.11-20200922.0.el7_9 - 4.3.12-20201216.0.el7_9

vdsm (Red Hat package): 4.30.13-4.el7ev

Red Hat Virtualization Host: 4

Red Hat Virtualization for IBM Power LE: 4

Red Hat Virtualization: 4

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0395


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Heap-based buffer overflow

EUVDB-ID: #VU50040

Risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-3156

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in sudo. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system with root privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

redhat-release-virtualization-host (Red Hat package): 4.3.4-1.el7ev - 4.3.12-4.el7ev

redhat-virtualization-host (Red Hat package): 4.3.11-20200922.0.el7_9 - 4.3.12-20201216.0.el7_9

vdsm (Red Hat package): 4.30.13-4.el7ev

Red Hat Virtualization Host: 4

Red Hat Virtualization for IBM Power LE: 4

Red Hat Virtualization: 4

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0395


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###