ID CVE-2013-4130
Summary The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.
References
Vulnerable Configurations
  • cpe:2.3:a:spice_project:spice:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:spice_project:spice:0.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:spice_project:spice:0.12.3:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-01-2014 - 04:35)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 984769
    title CVE-2013-4130 spice: unsafe clients ring access abort
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment spice-server is earlier than 0:0.12.0-12.el6_4.3
          oval oval:com.redhat.rhsa:tst:20131192005
        • comment spice-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131192006
      • AND
        • comment spice-server-devel is earlier than 0:0.12.0-12.el6_4.3
          oval oval:com.redhat.rhsa:tst:20131192007
        • comment spice-server-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131192008
    rhsa
    id RHSA-2013:1192
    released 2013-09-03
    severity Moderate
    title RHSA-2013:1192: spice-server security update (Moderate)
  • rhsa
    id RHSA-2013:1260
rpms
  • spice-server-0:0.12.0-12.el6_4.3
  • spice-server-devel-0:0.12.0-12.el6_4.3
refmap via4
confirm
debian DSA-2839
mlist [oss-security] 20130715 Re: CVE Request -- spice: unsafe clients ring access abort
ubuntu USN-1926-1
Last major update 24-01-2014 - 04:35
Published 20-08-2013 - 22:55
Back to Top