Vulnerabilities > CVE-2019-3813 - Off-by-one Error vulnerability in multiple products

047910
CVSS 5.4 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

Vulnerable Configurations

Part Description Count
Application
Spice_Project
37
OS
Redhat
9
OS
Debian
2
OS
Canonical
4

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-AFADE40F3D.NASL
    descriptionFixes CVE-2019-3813 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122411
    published2019-02-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122411
    titleFedora 28 : spice (2019-afade40f3d)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-afade40f3d.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122411);
      script_version("1.3");
      script_cvs_date("Date: 2020/02/07");
    
      script_cve_id("CVE-2019-3813");
      script_xref(name:"FEDORA", value:"2019-afade40f3d");
    
      script_name(english:"Fedora 28 : spice (2019-afade40f3d)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixes CVE-2019-3813
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-afade40f3d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected spice package.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:spice");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"spice-0.14.0-5.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spice");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0232.NASL
    descriptionFrom Red Hat Security Advisory 2019:0232 : An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es) : * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Christophe Fergeau (Red Hat).
    last seen2020-03-18
    modified2019-02-01
    plugin id121526
    published2019-02-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121526
    titleOracle Linux 6 : spice-server (ELSA-2019-0232)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2019:0232 and 
    # Oracle Linux Security Advisory ELSA-2019-0232 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121526);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");
    
      script_cve_id("CVE-2019-3813");
      script_xref(name:"RHSA", value:"2019:0232");
    
      script_name(english:"Oracle Linux 6 : spice-server (ELSA-2019-0232)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2019:0232 :
    
    An update for spice-server is now available for Red Hat Enterprise
    Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The Simple Protocol for Independent Computing Environments (SPICE) is
    a remote display protocol for virtual environments. SPICE users can
    access a virtualized desktop or server from the local system or any
    system with network access to the server. SPICE is used in Red Hat
    Enterprise Linux for viewing virtualized guests running on the
    Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise
    Virtualization Hypervisors.
    
    Security Fix(es) :
    
    * spice: Off-by-one error in array access in spice/server/memslot.c
    (CVE-2019-3813)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    This issue was discovered by Christophe Fergeau (Red Hat)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-January/008456.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected spice-server packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:spice-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:spice-server-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"spice-server-0.12.4-16.el6_10.3")) flag++;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"spice-server-devel-0.12.4-16.el6_10.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spice-server / spice-server-devel");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1649.NASL
    descriptionChristophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code. For Debian 8
    last seen2020-03-17
    modified2019-01-31
    plugin id121481
    published2019-01-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121481
    titleDebian DLA-1649-1 : spice security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-176.NASL
    descriptionThis update for spice fixes the following issues : Security issue fixed : - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122223
    published2019-02-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122223
    titleopenSUSE Security Update : spice (openSUSE-2019-176)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0232.NASL
    descriptionAn update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es) : * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Christophe Fergeau (Red Hat).
    last seen2020-03-18
    modified2019-02-01
    plugin id121530
    published2019-02-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121530
    titleRHEL 6 : spice-server (RHSA-2019:0232)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-13943-1.NASL
    descriptionThis update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed an out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122051
    published2019-02-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122051
    titleSUSE SLES11 Security Update : spice (SUSE-SU-2019:13943-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0231.NASL
    descriptionAn update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing
    last seen2020-06-01
    modified2020-06-02
    plugin id122062
    published2019-02-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122062
    titleCentOS 7 : spice (CESA-2019:0231)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3870-1.NASL
    descriptionChristophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-29
    plugin id121432
    published2019-01-29
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121432
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : spice vulnerability (USN-3870-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190131_SPICE_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
    last seen2020-03-18
    modified2019-02-01
    plugin id121534
    published2019-02-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121534
    titleScientific Linux Security Update : spice on SL7.x x86_64 (20190131)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0229-1.NASL
    descriptionThis update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-02-06
    plugin id121611
    published2019-02-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121611
    titleSUSE SLES12 Security Update : spice (SUSE-SU-2019:0229-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1105.NASL
    descriptionAccording to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-26
    plugin id123118
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123118
    titleEulerOS 2.0 SP3 : spice (EulerOS-SA-2019-1105)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0231-1.NASL
    descriptionThis update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-02-06
    plugin id121613
    published2019-02-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121613
    titleSUSE SLES12 Security Update : spice (SUSE-SU-2019:0231-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0231.NASL
    descriptionAn update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing
    last seen2020-03-18
    modified2019-02-01
    plugin id121529
    published2019-02-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121529
    titleRHEL 7 : spice (RHSA-2019:0231)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-167.NASL
    descriptionThis update for spice fixes the following issues : Security issue fixed : - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Non-security issue fixed : - Include spice-server tweak to compensate for performance issues with Windows guests (bsc#1109044). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122180
    published2019-02-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122180
    titleopenSUSE Security Update : spice (openSUSE-2019-167)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0092_SPICE-SERVER.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has spice-server packages installed that are affected by a vulnerability: - Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. (CVE-2019-3813) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127313
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127313
    titleNewStart CGSL MAIN 4.06 : spice-server Vulnerability (NS-SA-2019-0092)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A095A16C47.NASL
    descriptionFixes CVE-2019-3813 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122079
    published2019-02-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122079
    titleFedora 29 : spice (2019-a095a16c47)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1127.NASL
    descriptionAccording to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123601
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123601
    titleEulerOS 2.0 SP2 : spice (EulerOS-SA-2019-1127)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0241-1.NASL
    descriptionThis update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-02-06
    plugin id121614
    published2019-02-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121614
    titleSUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2019:0241-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0230-1.NASL
    descriptionThis update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-02-06
    plugin id121612
    published2019-02-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121612
    titleSUSE SLES12 Security Update : spice (SUSE-SU-2019:0230-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1184.NASL
    descriptionSpice, versions 0.5.2 through 0.14.0, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.(CVE-2019-3813)
    last seen2020-06-01
    modified2020-06-02
    plugin id123468
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123468
    titleAmazon Linux 2 : spice (ALAS-2019-1184)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0231.NASL
    descriptionFrom Red Hat Security Advisory 2019:0231 : An update for spice is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing
    last seen2020-03-18
    modified2019-02-01
    plugin id121525
    published2019-02-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121525
    titleOracle Linux 7 : spice (ELSA-2019-0231)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0457.NASL
    descriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id122737
    published2019-03-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122737
    titleRHEL 7 : Virtualization Manager (RHSA-2019:0457)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0242-1.NASL
    descriptionThis update for spice fixes the following issues : Security issue fixed : CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Non-security issue fixed: Include spice-server tweak to compensate for performance issues with Windows guests (bsc#1109044). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-02-06
    plugin id121615
    published2019-02-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121615
    titleSUSE SLES15 Security Update : spice (SUSE-SU-2019:0242-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1075.NASL
    descriptionAccording to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-08
    plugin id122698
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122698
    titleEulerOS 2.0 SP5 : spice (EulerOS-SA-2019-1075)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0232.NASL
    descriptionAn update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es) : * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Christophe Fergeau (Red Hat).
    last seen2020-06-01
    modified2020-06-02
    plugin id122063
    published2019-02-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122063
    titleCentOS 6 : spice-server (CESA-2019:0232)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4375.NASL
    descriptionChristophe Fergeau discovered an out-of-bounds read vulnerability in spice, a SPICE protocol client and server library, which might result in denial of service (spice server crash), or possibly, execution of arbitrary code.
    last seen2020-03-17
    modified2019-01-30
    plugin id121438
    published2019-01-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121438
    titleDebian DSA-4375-1 : spice - security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190131_SPICE_SERVER_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
    last seen2020-03-18
    modified2019-02-01
    plugin id121535
    published2019-02-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121535
    titleScientific Linux Security Update : spice-server on SL6.x x86_64 (20190131)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0149_SPICE-SERVER.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has spice-server packages installed that are affected by a vulnerability: - Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. (CVE-2019-3813) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127421
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127421
    titleNewStart CGSL MAIN 4.05 : spice-server Vulnerability (NS-SA-2019-0149)

Redhat

advisories
  • bugzilla
    id1665371
    titleCVE-2019-3813 spice: Off-by-one error in array access in spice/server/memslot.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentspice-server-devel is earlier than 0:0.14.0-6.el7_6.1
            ovaloval:com.redhat.rhsa:tst:20190231001
          • commentspice-server-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131192004
        • AND
          • commentspice-server is earlier than 0:0.14.0-6.el7_6.1
            ovaloval:com.redhat.rhsa:tst:20190231003
          • commentspice-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131192002
    rhsa
    idRHSA-2019:0231
    released2019-01-31
    severityImportant
    titleRHSA-2019:0231: spice security update (Important)
  • bugzilla
    id1665371
    titleCVE-2019-3813 spice: Off-by-one error in array access in spice/server/memslot.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentspice-server-devel is earlier than 0:0.12.4-16.el6_10.3
            ovaloval:com.redhat.rhsa:tst:20190232001
          • commentspice-server-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131192004
        • AND
          • commentspice-server is earlier than 0:0.12.4-16.el6_10.3
            ovaloval:com.redhat.rhsa:tst:20190232003
          • commentspice-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131192002
    rhsa
    idRHSA-2019:0232
    released2019-01-31
    severityImportant
    titleRHSA-2019:0232: spice-server security update (Important)
  • rhsa
    idRHSA-2019:0457
rpms
  • spice-debuginfo-0:0.14.0-6.el7_6.1
  • spice-server-0:0.14.0-6.el7_6.1
  • spice-server-devel-0:0.14.0-6.el7_6.1
  • spice-server-0:0.12.4-16.el6_10.3
  • spice-server-debuginfo-0:0.12.4-16.el6_10.3
  • spice-server-devel-0:0.12.4-16.el6_10.3
  • redhat-release-virtualization-host-0:4.2-8.3.el7
  • redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7