Detections
Analytics

RHEL 7 : Virtualization (RHSA-2018:1524)

high Nessus Plugin ID 109909

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated redhat-virtualization-host packages that fix several bugs and add various enhancements are now available.

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.
Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Includes GlusterFS fixes for CVE-2018-1088, dhcp fixes for CVE-2018-1111, kernel fixes for CVE-2018-1087, and kernel fixes for CVE-2018-8897.

A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4 .2/html/ technical_notes/

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2018:1524

https://access.redhat.com/security/cve/cve-2018-1087

https://access.redhat.com/security/cve/cve-2018-1088

https://access.redhat.com/security/cve/cve-2018-1111

https://access.redhat.com/security/cve/cve-2018-8897

Plugin Details

Severity: High

ID: 109909

File Name: redhat-RHSA-2018-1524.nasl

Version: 1.18

Type: local

Agent: unix

Published: 5/18/2018

Updated: 10/24/2019

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 6.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:imgbased, p-cpe:/a:redhat:enterprise_linux:ovirt-node-ng-nodectl, p-cpe:/a:redhat:enterprise_linux:python-imgbased, p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host, p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update, p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/15/2018

Vulnerability Publication Date: 4/18/2018

Exploitable With

Metasploit (Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability)

Reference Information

CVE: CVE-2018-1087, CVE-2018-1088, CVE-2018-1111, CVE-2018-8897

IAVA: 2018-A-0162

RHSA: 2018:1524