RHEL 7 : rhev-hypervisor (RHSA-2015:1011) (Venom)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated rhev-hypervisor packages that fix one security issue are now
available.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The rhev-hypervisor packages provide a Red Hat Enterprise
Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
(KVM) hypervisor. It includes everything necessary to run and manage
virtual machines: a subset of the Red Hat Enterprise Linux operating
environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available
for the Intel 64 and AMD64 architectures with virtualization
extensions.

An out-of-bounds memory access flaw was found in the way QEMU's
virtual Floppy Disk Controller (FDC) handled FIFO buffer access while
processing certain FDC commands. A privileged guest user could use
this flaw to crash the guest or, potentially, execute arbitrary code
on the host with the privileges of the host's QEMU process
corresponding to the guest. (CVE-2015-3456)

Red Hat would like to thank Jason Geffner of CrowdStrike for reporting
this issue.

Users of the Red Hat Enterprise Virtualization Hypervisor are advised
to upgrade to this updated package.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-3456.html
http://rhn.redhat.com/errata/RHSA-2015-1011.html

Solution :

Update the affected rhev-hypervisor6 package.

Risk factor :

High / CVSS Base Score : 7.7
(CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 83536 ()

Bugtraq ID: 74640

CVE ID: CVE-2015-3456

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now