Detections
Analytics

Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2020:4676)

high Nessus Plugin ID 184870

Synopsis

The remote Rocky Linux host is missing one or more security updates.

Description

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4676 advisory.

 - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. (CVE-2019-15890)

 - qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). (CVE-2019-20485)

 - A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD.
 Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. (CVE-2020-10703)

 - An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
 (CVE-2020-14301)

 - A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14339)

 - A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. (CVE-2020-1983)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://errata.rockylinux.org/RLSA-2020:4676

https://bugzilla.redhat.com/show_bug.cgi?id=1518042

https://bugzilla.redhat.com/show_bug.cgi?id=1664324

https://bugzilla.redhat.com/show_bug.cgi?id=1715039

https://bugzilla.redhat.com/show_bug.cgi?id=1717394

https://bugzilla.redhat.com/show_bug.cgi?id=1727865

https://bugzilla.redhat.com/show_bug.cgi?id=1749716

https://bugzilla.redhat.com/show_bug.cgi?id=1756946

https://bugzilla.redhat.com/show_bug.cgi?id=1759849

https://bugzilla.redhat.com/show_bug.cgi?id=1763191

https://bugzilla.redhat.com/show_bug.cgi?id=1790189

https://bugzilla.redhat.com/show_bug.cgi?id=1805998

https://bugzilla.redhat.com/show_bug.cgi?id=1807057

https://bugzilla.redhat.com/show_bug.cgi?id=1809740

https://bugzilla.redhat.com/show_bug.cgi?id=1810193

https://bugzilla.redhat.com/show_bug.cgi?id=1811539

https://bugzilla.redhat.com/show_bug.cgi?id=1816650

https://bugzilla.redhat.com/show_bug.cgi?id=1828681

https://bugzilla.redhat.com/show_bug.cgi?id=1829825

https://bugzilla.redhat.com/show_bug.cgi?id=1844296

https://bugzilla.redhat.com/show_bug.cgi?id=1845459

https://bugzilla.redhat.com/show_bug.cgi?id=1848640

https://bugzilla.redhat.com/show_bug.cgi?id=1849997

https://bugzilla.redhat.com/show_bug.cgi?id=1854380

https://bugzilla.redhat.com/show_bug.cgi?id=1857779

https://bugzilla.redhat.com/show_bug.cgi?id=1860069

https://bugzilla.redhat.com/show_bug.cgi?id=1867847

Plugin Details

Severity: High

ID: 184870

File Name: rocky_linux_RLSA-2020-4676.nasl

Version: 1.0

Type: local

Published: 11/7/2023

Updated: 11/7/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-14339

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:rocky:linux:libnbd-debuginfo, p-cpe:/a:rocky:linux:libnbd-debugsource, p-cpe:/a:rocky:linux:libnbd-devel, p-cpe:/a:rocky:linux:libvirt-dbus, p-cpe:/a:rocky:linux:libvirt-dbus-debuginfo, p-cpe:/a:rocky:linux:libvirt-dbus-debugsource, p-cpe:/a:rocky:linux:libvirt-python-debugsource, p-cpe:/a:rocky:linux:nbdfuse, p-cpe:/a:rocky:linux:nbdfuse-debuginfo, p-cpe:/a:rocky:linux:nbdkit, p-cpe:/a:rocky:linux:nbdkit-bash-completion, p-cpe:/a:rocky:linux:nbdkit-basic-filters, p-cpe:/a:rocky:linux:nbdkit-basic-filters-debuginfo, p-cpe:/a:rocky:linux:nbdkit-basic-plugins, p-cpe:/a:rocky:linux:nbdkit-basic-plugins-debuginfo, p-cpe:/a:rocky:linux:nbdkit-curl-plugin, p-cpe:/a:rocky:linux:nbdkit-curl-plugin-debuginfo, p-cpe:/a:rocky:linux:nbdkit-debuginfo, p-cpe:/a:rocky:linux:nbdkit-debugsource, p-cpe:/a:rocky:linux:nbdkit-devel, p-cpe:/a:rocky:linux:nbdkit-example-plugins, p-cpe:/a:rocky:linux:nbdkit-example-plugins-debuginfo, p-cpe:/a:rocky:linux:nbdkit-gzip-plugin, p-cpe:/a:rocky:linux:nbdkit-gzip-plugin-debuginfo, p-cpe:/a:rocky:linux:nbdkit-linuxdisk-plugin, p-cpe:/a:rocky:linux:nbdkit-linuxdisk-plugin-debuginfo, p-cpe:/a:rocky:linux:nbdkit-python-plugin, p-cpe:/a:rocky:linux:nbdkit-python-plugin-debuginfo, p-cpe:/a:rocky:linux:nbdkit-server, p-cpe:/a:rocky:linux:nbdkit-server-debuginfo, p-cpe:/a:rocky:linux:nbdkit-ssh-plugin, p-cpe:/a:rocky:linux:nbdkit-ssh-plugin-debuginfo, p-cpe:/a:rocky:linux:nbdkit-vddk-plugin, p-cpe:/a:rocky:linux:nbdkit-vddk-plugin-debuginfo, p-cpe:/a:rocky:linux:nbdkit-xz-filter, p-cpe:/a:rocky:linux:nbdkit-xz-filter-debuginfo, p-cpe:/a:rocky:linux:netcf, p-cpe:/a:rocky:linux:netcf-debuginfo, p-cpe:/a:rocky:linux:netcf-debugsource, p-cpe:/a:rocky:linux:netcf-devel, p-cpe:/a:rocky:linux:netcf-libs, p-cpe:/a:rocky:linux:netcf-libs-debuginfo, p-cpe:/a:rocky:linux:ocaml-hivex, p-cpe:/a:rocky:linux:ocaml-hivex-debuginfo, p-cpe:/a:rocky:linux:ocaml-hivex-devel, p-cpe:/a:rocky:linux:ocaml-libnbd, p-cpe:/a:rocky:linux:ocaml-libnbd-debuginfo, p-cpe:/a:rocky:linux:ocaml-libnbd-devel, p-cpe:/a:rocky:linux:perl-sys-virt, p-cpe:/a:rocky:linux:perl-sys-virt-debuginfo, p-cpe:/a:rocky:linux:perl-sys-virt-debugsource, p-cpe:/a:rocky:linux:perl-hivex, p-cpe:/a:rocky:linux:perl-hivex-debuginfo, p-cpe:/a:rocky:linux:python3-hivex, p-cpe:/a:rocky:linux:python3-hivex-debuginfo, p-cpe:/a:rocky:linux:python3-libnbd, p-cpe:/a:rocky:linux:python3-libnbd-debuginfo, p-cpe:/a:rocky:linux:python3-libvirt, p-cpe:/a:rocky:linux:python3-libvirt-debuginfo, p-cpe:/a:rocky:linux:ruby-hivex, p-cpe:/a:rocky:linux:ruby-hivex-debuginfo, p-cpe:/a:rocky:linux:seabios, p-cpe:/a:rocky:linux:seabios-bin, p-cpe:/a:rocky:linux:seavgabios-bin, p-cpe:/a:rocky:linux:sgabios, p-cpe:/a:rocky:linux:sgabios-bin, p-cpe:/a:rocky:linux:supermin, p-cpe:/a:rocky:linux:supermin-debuginfo, p-cpe:/a:rocky:linux:supermin-debugsource, p-cpe:/a:rocky:linux:supermin-devel, cpe:/o:rocky:linux:8, p-cpe:/a:rocky:linux:hivex, p-cpe:/a:rocky:linux:hivex-debuginfo, p-cpe:/a:rocky:linux:hivex-debugsource, p-cpe:/a:rocky:linux:hivex-devel, p-cpe:/a:rocky:linux:libguestfs-winsupport, p-cpe:/a:rocky:linux:libiscsi, p-cpe:/a:rocky:linux:libiscsi-debuginfo, p-cpe:/a:rocky:linux:libiscsi-debugsource, p-cpe:/a:rocky:linux:libiscsi-devel, p-cpe:/a:rocky:linux:libiscsi-utils, p-cpe:/a:rocky:linux:libiscsi-utils-debuginfo, p-cpe:/a:rocky:linux:libnbd

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/3/2020

Vulnerability Publication Date: 9/6/2019

Reference Information

CVE: CVE-2019-15890, CVE-2019-20485, CVE-2020-10703, CVE-2020-14301, CVE-2020-14339, CVE-2020-1983