Vulnerabilites related to spice-space - spice-vdagent
cve-2020-25651
Vulnerability from cvelistv5
Published
2020-11-26 01:18
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
References
▼ | URL | Tags |
---|---|---|
https://www.openwall.com/lists/oss-security/2020/11/04/1 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1886359 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | spice-vdagent |
Version: spice-vdagent versions 0.20 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.225Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886359", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "spice-vdagent", vendor: "n/a", versions: [ { status: "affected", version: "spice-vdagent versions 0.20 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362->CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-17T06:06:17", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886359", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-25651", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "spice-vdagent", version: { version_data: [ { version_value: "spice-vdagent versions 0.20 and prior", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-362->CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://www.openwall.com/lists/oss-security/2020/11/04/1", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1886359", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886359", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-25651", datePublished: "2020-11-26T01:18:45", dateReserved: "2020-09-16T00:00:00", dateUpdated: "2024-08-04T15:40:36.225Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25652
Vulnerability from cvelistv5
Published
2020-11-26 01:28
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.
References
▼ | URL | Tags |
---|---|---|
https://www.openwall.com/lists/oss-security/2020/11/04/1 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1886366 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | spice-vdagent |
Version: spice-vdagent versions 0.20 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.309Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886366", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "spice-vdagent", vendor: "n/a", versions: [ { status: "affected", version: "spice-vdagent versions 0.20 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-17T06:06:19", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886366", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-25652", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "spice-vdagent", version: { version_data: [ { version_value: "spice-vdagent versions 0.20 and prior", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-770", }, ], }, ], }, references: { reference_data: [ { name: "https://www.openwall.com/lists/oss-security/2020/11/04/1", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1886366", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886366", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-25652", datePublished: "2020-11-26T01:28:54", dateReserved: "2020-09-16T00:00:00", dateUpdated: "2024-08-04T15:40:36.309Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15108
Vulnerability from cvelistv5
Published
2018-01-20 00:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
References
▼ | URL | Tags |
---|---|---|
https://security.gentoo.org/glsa/201804-09 | vendor-advisory, x_refsource_GENTOO | |
https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Red Hat, Inc. | spice-vdagent |
Version: up to and including 0.17.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:50:15.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201804-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201804-09", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "spice-vdagent", vendor: "Red Hat, Inc.", versions: [ { status: "affected", version: "up to and including 0.17.0", }, ], }, ], datePublic: "2017-11-29T00:00:00", descriptions: [ { lang: "en", value: "spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T09:06:16", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "GLSA-201804-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201804-09", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2017-15108", datePublished: "2018-01-20T00:00:00Z", dateReserved: "2017-10-08T00:00:00", dateUpdated: "2024-08-05T19:50:15.989Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25653
Vulnerability from cvelistv5
Published
2020-11-26 01:23
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
References
▼ | URL | Tags |
---|---|---|
https://www.openwall.com/lists/oss-security/2020/11/04/1 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1886372 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | spice-vdagent |
Version: spice-vdagent versions 0.20 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.473Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886372", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "spice-vdagent", vendor: "n/a", versions: [ { status: "affected", version: "spice-vdagent versions 0.20 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362->CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-17T06:06:18", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886372", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-25653", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "spice-vdagent", version: { version_data: [ { version_value: "spice-vdagent versions 0.20 and prior", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-362->CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://www.openwall.com/lists/oss-security/2020/11/04/1", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1886372", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886372", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-25653", datePublished: "2020-11-26T01:23:16", dateReserved: "2020-09-16T00:00:00", dateUpdated: "2024-08-04T15:40:36.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25650
Vulnerability from cvelistv5
Published
2020-11-25 14:35
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1886345 | x_refsource_MISC | |
https://www.openwall.com/lists/oss-security/2020/11/04/1 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | spice-vdagent |
Version: spice-vdagent versions prior and including 0.20 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.363Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886345", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "spice-vdagent", vendor: "n/a", versions: [ { status: "affected", version: "spice-vdagent versions prior and including 0.20", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-17T06:06:18", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886345", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-25650", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "spice-vdagent", version: { version_data: [ { version_value: "spice-vdagent versions prior and including 0.20", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-770", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1886345", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886345", }, { name: "https://www.openwall.com/lists/oss-security/2020/11/04/1", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { name: "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { name: "FEDORA-2021-09ce0cdfac", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { name: "FEDORA-2021-510977db25", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-25650", datePublished: "2020-11-25T14:35:01", dateReserved: "2020-09-16T00:00:00", dateUpdated: "2024-08-04T15:40:36.363Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-11-26 02:15
Modified
2024-11-21 05:18
Severity ?
Summary
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spice-space | spice-vdagent | * | |
debian | debian_linux | 9.0 | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:spice-space:spice-vdagent:*:*:*:*:*:*:*:*", matchCriteriaId: "6F8AC7B5-3AB8-42FE-8EC8-F28A6E489C0F", versionEndIncluding: "0.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.", }, { lang: "es", value: "Se encontró una vulnerabilidad de condición de carrera en la forma en que el demonio de spice-vdagentd manejaba nuevas conexiones de clientes. Este fallo puede permitir a un usuario invitado local no privilegiado convertirse en el agente activo de spice-vdagentd, resultando posiblemente en una denegación de servicio o un filtrado de información del host. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad del sistema. Este fallo afecta a spice-vdagent versiones 0.20 y anteriores", }, ], id: "CVE-2020-25653", lastModified: "2024-11-21T05:18:21.540", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 5.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 7.8, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-26T02:15:11.933", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886372", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-25 15:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spice-space | spice-vdagent | * | |
debian | debian_linux | 9.0 | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:spice-space:spice-vdagent:*:*:*:*:*:*:*:*", matchCriteriaId: "6F8AC7B5-3AB8-42FE-8EC8-F28A6E489C0F", versionEndIncluding: "0.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.", }, { lang: "es", value: "Se encontró un fallo en la manera en que el demonio de spice-vdagentd manejaba las transferencias de archivos desde el sistema host hacia la máquina virtual. Cualquier usuario invitado local no privilegiado con acceso a la ruta del socket del dominio de UNIX \"/ run/spice-vdagentd/spice-vdagent-sock\" podría usar este fallo para llevar a cabo una denegación de servicio de la memoria para spice-vdagentd o inclusive otros procesos en el sistema de la VM. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. Este fallo afecta a las versiones 0.20 y versiones anteriores a spice-vdagent", }, ], id: "CVE-2020-25650", lastModified: "2024-11-21T05:18:20.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-25T15:15:11.583", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886345", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-26 02:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spice-space | spice-vdagent | * | |
debian | debian_linux | 9.0 | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:spice-space:spice-vdagent:*:*:*:*:*:*:*:*", matchCriteriaId: "6F8AC7B5-3AB8-42FE-8EC8-F28A6E489C0F", versionEndIncluding: "0.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.", }, { lang: "es", value: "Se encontró un fallo en el protocolo de transferencia de archivos SPICE. Los datos de archivo del sistema host pueden terminar en su totalidad o en partes en la conexión del cliente de un usuario local ilegítimo en el sistema de la VM. Las transferencias de archivos activas de otros usuarios también podrían ser interrumpidas, resultando en una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad del sistema. Este fallo afecta a spice-vdagent versiones 0.20 y anteriores", }, ], id: "CVE-2020-25651", lastModified: "2024-11-21T05:18:21.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 1.1, impactScore: 4.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-26T02:15:11.743", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886359", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886359", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-26 02:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spice-space | spice-vdagent | * | |
debian | debian_linux | 9.0 | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:spice-space:spice-vdagent:*:*:*:*:*:*:*:*", matchCriteriaId: "6F8AC7B5-3AB8-42FE-8EC8-F28A6E489C0F", versionEndIncluding: "0.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.", }, { lang: "es", value: "Se encontró un fallo en el demonio de spice-vdagentd, donde no manejaba apropiadamente las conexiones de cliente que pueden ser establecidas por medio del socket de dominio UNIX en \"/run/spice-vdagentd/spice-vdagent-sock\". Cualquier usuario invitado local no privilegiado podría usar este fallo para impedir que agentes legítimos conecten al demonio de spice-vdagentd, resultando en una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. Este fallo afecta a spice-vdagent versiones 0.20 y anteriores", }, ], id: "CVE-2020-25652", lastModified: "2024-11-21T05:18:21.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-26T02:15:11.870", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886366", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/11/04/1", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-20 00:29
Modified
2024-11-21 03:14
Severity ?
Summary
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 | Patch, Third Party Advisory | |
secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html | Mailing List, Third Party Advisory | |
secalert@redhat.com | https://security.gentoo.org/glsa/201804-09 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201804-09 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
spice-space | spice-vdagent | * | |
debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:spice-space:spice-vdagent:*:*:*:*:*:*:*:*", matchCriteriaId: "E5F25358-F588-4126-94CC-5A96ECB0E88A", versionEndIncluding: "0.17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.", }, { lang: "es", value: "spice-vdagent, hasta e incluyendo la versión 0.17.0, no escapa correctamente el directorio de guardado antes de pasarlo al shell, lo que permite que un atacante local con acceso a la sesión en la que se ejecuta el agente inyecte comandos arbitrarios para su ejecución.", }, ], id: "CVE-2017-15108", lastModified: "2024-11-21T03:14:05.393", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-20T00:29:00.407", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201804-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201804-09", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }