RHEL 7 : Virtualization (RHSA-2018:1524)

High Nessus Plugin ID 109909

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available.

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.
Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897.

A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4 .2/html/ technical_notes/

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2018:1524

https://access.redhat.com/security/cve/cve-2018-1087

https://access.redhat.com/security/cve/cve-2018-1088

https://access.redhat.com/security/cve/cve-2018-1111

https://access.redhat.com/security/cve/cve-2018-8897

Plugin Details

Severity: High

ID: 109909

File Name: redhat-RHSA-2018-1524.nasl

Version: 1.16

Type: local

Agent: unix

Published: 2018/05/18

Updated: 2019/09/12

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.9

Temporal Score: 6.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:imgbased, p-cpe:/a:redhat:enterprise_linux:ovirt-node-ng-nodectl, p-cpe:/a:redhat:enterprise_linux:python-imgbased, p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host, p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update, p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/05/15

Vulnerability Publication Date: 2018/04/18

Exploitable With

Metasploit (Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability)

Reference Information

CVE: CVE-2018-1087, CVE-2018-1088, CVE-2018-1111, CVE-2018-8897

RHSA: 2018:1524

IAVA: 2018-A-0162