Multiple vulnerabilities in Red Hat Virtualization

Published: 2017-11-08 11:50:56
Severity High
Patch available YES
Number of vulnerabilities 3
CVSSv2 7.4 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.6 (AV:L/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
5.3 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
CVSSv3 8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2017-7525
CVE-2014-9970
CVE-2017-7536
CWE ID CWE-502
CWE-200
CWE-264
Exploitation vector Network
Public exploit Not available
Vulnerable software Red Hat Virtualization
Vulnerable software versions Red Hat Virtualization 4
Vendor URL Red Hat Inc.
Advisory type Public

Security Advisory

1) Deserialization of untrusted data

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a deserialization flaw in the jackson-databind component. A remote attacker can send a specially crafted input to the readValue method of the ObjectMapper and execute arbitrary code with privileges of the target service.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:3141

2) Information disclosure

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The weakness exists due to a flaw in the Jasypt component. A local attacker can conduct a timing attack on password hash comparison and obtain passwords on the target system.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:3141

3) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to the security manager's reflective permissions are granted to Hibernate Validator. A local attacker can allow the calling code to access private members without the permission, validate an invalid instance, access the private member value via ConstraintViolation#getInvalidValue() and gain execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2017:3141

Back to List