Vulnerabilities > CVE-2019-3813 - Off-by-one Error vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-AFADE40F3D.NASL description Fixes CVE-2019-3813 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122411 published 2019-02-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122411 title Fedora 28 : spice (2019-afade40f3d) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-afade40f3d. # include("compat.inc"); if (description) { script_id(122411); script_version("1.3"); script_cvs_date("Date: 2020/02/07"); script_cve_id("CVE-2019-3813"); script_xref(name:"FEDORA", value:"2019-afade40f3d"); script_name(english:"Fedora 28 : spice (2019-afade40f3d)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes CVE-2019-3813 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-afade40f3d" ); script_set_attribute(attribute:"solution", value:"Update the affected spice package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:spice"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"spice-0.14.0-5.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spice"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0232.NASL description From Red Hat Security Advisory 2019:0232 : An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es) : * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Christophe Fergeau (Red Hat). last seen 2020-03-18 modified 2019-02-01 plugin id 121526 published 2019-02-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121526 title Oracle Linux 6 : spice-server (ELSA-2019-0232) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:0232 and # Oracle Linux Security Advisory ELSA-2019-0232 respectively. # include("compat.inc"); if (description) { script_id(121526); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20"); script_cve_id("CVE-2019-3813"); script_xref(name:"RHSA", value:"2019:0232"); script_name(english:"Oracle Linux 6 : spice-server (ELSA-2019-0232)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2019:0232 : An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es) : * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Christophe Fergeau (Red Hat)." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2019-January/008456.html" ); script_set_attribute( attribute:"solution", value:"Update the affected spice-server packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:spice-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:spice-server-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL6", cpu:"x86_64", reference:"spice-server-0.12.4-16.el6_10.3")) flag++; if (rpm_check(release:"EL6", cpu:"x86_64", reference:"spice-server-devel-0.12.4-16.el6_10.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spice-server / spice-server-devel"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1649.NASL description Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8 last seen 2020-03-17 modified 2019-01-31 plugin id 121481 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121481 title Debian DLA-1649-1 : spice security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-176.NASL description This update for spice fixes the following issues : Security issue fixed : - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). This update was imported from the SUSE:SLE-12-SP3:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 122223 published 2019-02-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122223 title openSUSE Security Update : spice (openSUSE-2019-176) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0232.NASL description An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es) : * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Christophe Fergeau (Red Hat). last seen 2020-03-18 modified 2019-02-01 plugin id 121530 published 2019-02-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121530 title RHEL 6 : spice-server (RHSA-2019:0232) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-13943-1.NASL description This update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed an out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122051 published 2019-02-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122051 title SUSE SLES11 Security Update : spice (SUSE-SU-2019:13943-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0231.NASL description An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing last seen 2020-06-01 modified 2020-06-02 plugin id 122062 published 2019-02-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122062 title CentOS 7 : spice (CESA-2019:0231) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3870-1.NASL description Christophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-29 plugin id 121432 published 2019-01-29 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121432 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : spice vulnerability (USN-3870-1) NASL family Scientific Linux Local Security Checks NASL id SL_20190131_SPICE_ON_SL7_X.NASL description Security Fix(es) : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) last seen 2020-03-18 modified 2019-02-01 plugin id 121534 published 2019-02-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121534 title Scientific Linux Security Update : spice on SL7.x x86_64 (20190131) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0229-1.NASL description This update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-02-06 plugin id 121611 published 2019-02-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121611 title SUSE SLES12 Security Update : spice (SUSE-SU-2019:0229-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1105.NASL description According to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-03-26 plugin id 123118 published 2019-03-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123118 title EulerOS 2.0 SP3 : spice (EulerOS-SA-2019-1105) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0231-1.NASL description This update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-02-06 plugin id 121613 published 2019-02-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121613 title SUSE SLES12 Security Update : spice (SUSE-SU-2019:0231-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0231.NASL description An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing last seen 2020-03-18 modified 2019-02-01 plugin id 121529 published 2019-02-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121529 title RHEL 7 : spice (RHSA-2019:0231) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-167.NASL description This update for spice fixes the following issues : Security issue fixed : - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Non-security issue fixed : - Include spice-server tweak to compensate for performance issues with Windows guests (bsc#1109044). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 122180 published 2019-02-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122180 title openSUSE Security Update : spice (openSUSE-2019-167) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0092_SPICE-SERVER.NASL description The remote NewStart CGSL host, running version MAIN 4.06, has spice-server packages installed that are affected by a vulnerability: - Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. (CVE-2019-3813) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127313 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127313 title NewStart CGSL MAIN 4.06 : spice-server Vulnerability (NS-SA-2019-0092) NASL family Fedora Local Security Checks NASL id FEDORA_2019-A095A16C47.NASL description Fixes CVE-2019-3813 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122079 published 2019-02-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122079 title Fedora 29 : spice (2019-a095a16c47) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1127.NASL description According to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-04-02 plugin id 123601 published 2019-04-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123601 title EulerOS 2.0 SP2 : spice (EulerOS-SA-2019-1127) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0241-1.NASL description This update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-02-06 plugin id 121614 published 2019-02-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121614 title SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2019:0241-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0230-1.NASL description This update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-02-06 plugin id 121612 published 2019-02-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121612 title SUSE SLES12 Security Update : spice (SUSE-SU-2019:0230-1) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1184.NASL description Spice, versions 0.5.2 through 0.14.0, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.(CVE-2019-3813) last seen 2020-06-01 modified 2020-06-02 plugin id 123468 published 2019-03-29 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123468 title Amazon Linux 2 : spice (ALAS-2019-1184) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0231.NASL description From Red Hat Security Advisory 2019:0231 : An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing last seen 2020-03-18 modified 2019-02-01 plugin id 121525 published 2019-02-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121525 title Oracle Linux 7 : spice (ELSA-2019-0231) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0457.NASL description An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host last seen 2020-06-01 modified 2020-06-02 plugin id 122737 published 2019-03-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122737 title RHEL 7 : Virtualization Manager (RHSA-2019:0457) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0242-1.NASL description This update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Non-security issue fixed: Include spice-server tweak to compensate for performance issues with Windows guests (bsc#1109044). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-02-06 plugin id 121615 published 2019-02-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121615 title SUSE SLES15 Security Update : spice (SUSE-SU-2019:0242-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1075.NASL description According to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-03-08 plugin id 122698 published 2019-03-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122698 title EulerOS 2.0 SP5 : spice (EulerOS-SA-2019-1075) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0232.NASL description An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es) : * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Christophe Fergeau (Red Hat). last seen 2020-06-01 modified 2020-06-02 plugin id 122063 published 2019-02-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122063 title CentOS 6 : spice-server (CESA-2019:0232) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4375.NASL description Christophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. last seen 2020-03-17 modified 2019-01-30 plugin id 121438 published 2019-01-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121438 title Debian DSA-4375-1 : spice - security update NASL family Scientific Linux Local Security Checks NASL id SL_20190131_SPICE_SERVER_ON_SL6_X.NASL description Security Fix(es) : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) last seen 2020-03-18 modified 2019-02-01 plugin id 121535 published 2019-02-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121535 title Scientific Linux Security Update : spice-server on SL6.x x86_64 (20190131) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0149_SPICE-SERVER.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has spice-server packages installed that are affected by a vulnerability: - Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. (CVE-2019-3813) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127421 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127421 title NewStart CGSL MAIN 4.05 : spice-server Vulnerability (NS-SA-2019-0149)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1665371
- https://www.debian.org/security/2019/dsa-4375
- https://usn.ubuntu.com/3870-1/
- https://lists.debian.org/debian-lts-announce/2019/01/msg00026.html
- https://access.redhat.com/errata/RHSA-2019:0232
- https://access.redhat.com/errata/RHSA-2019:0231
- http://www.securityfocus.com/bid/106801
- https://access.redhat.com/errata/RHSA-2019:0457
- https://security.gentoo.org/glsa/202007-30