Vulnerabilities > CVE-2019-3831

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
ovirt
redhat
critical
nessus

Summary

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.

Vulnerable Configurations

Part Description Count
Application
Ovirt
113
Application
Redhat
1

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0458.NASL
    descriptionAn update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host
    last seen2020-06-01
    modified2020-06-02
    plugin id122738
    published2019-03-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122738
    titleRHEL 7 : Virtualization Manager (RHSA-2019:0458)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0457.NASL
    descriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id122737
    published2019-03-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122737
    titleRHEL 7 : Virtualization Manager (RHSA-2019:0457)

Redhat

rpms
  • redhat-release-virtualization-host-0:4.2-8.3.el7
  • redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7
  • vdsm-0:4.20.47-1.el7ev
  • vdsm-api-0:4.20.47-1.el7ev
  • vdsm-client-0:4.20.47-1.el7ev
  • vdsm-common-0:4.20.47-1.el7ev
  • vdsm-gluster-0:4.20.47-1.el7ev
  • vdsm-hook-checkips-0:4.20.47-1.el7ev
  • vdsm-hook-cpuflags-0:4.20.47-1.el7ev
  • vdsm-hook-ethtool-options-0:4.20.47-1.el7ev
  • vdsm-hook-extra-ipv4-addrs-0:4.20.47-1.el7ev
  • vdsm-hook-fcoe-0:4.20.47-1.el7ev
  • vdsm-hook-localdisk-0:4.20.47-1.el7ev
  • vdsm-hook-macspoof-0:4.20.47-1.el7ev
  • vdsm-hook-nestedvt-0:4.20.47-1.el7ev
  • vdsm-hook-openstacknet-0:4.20.47-1.el7ev
  • vdsm-hook-vhostmd-0:4.20.47-1.el7ev
  • vdsm-hook-vmfex-dev-0:4.20.47-1.el7ev
  • vdsm-http-0:4.20.47-1.el7ev
  • vdsm-jsonrpc-0:4.20.47-1.el7ev
  • vdsm-network-0:4.20.47-1.el7ev
  • vdsm-python-0:4.20.47-1.el7ev
  • vdsm-yajsonrpc-0:4.20.47-1.el7ev