Red Hat update for rhvm-appliance



Published: 2019-08-13 | Updated: 2022-06-24
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2018-16881
CVE-2019-1559
CVE-2019-3888
CWE-ID CWE-20
CWE-327
CWE-312
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Red Hat Virtualization Host
Web applications / Remote management & hosting panels

Red Hat Virtualization
Server applications / Virtualization software

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU17698

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-16881

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the imptcp module due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted message to the imptcp socket that submits malicious input and cause the affected software to crash, resulting in a DoS condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Virtualization Host: 4

Red Hat Virtualization: 4

External links

http://access.redhat.com/errata/RHSA-2019:2439


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU17860

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1559

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to decrypt sensitive information.

The vulnerability exists due to the way an application behaves, when it receives a 0-byte record with invalid padding compared to the record with an invalid MAC, which results in padding oracle. A remote attacker can decrypt data.

Successful exploitation of the vulnerability requires that the application is using "non-stitched" ciphersuites and calls SSL_shutdown() twice (first, via a BAD_RECORD_MAC and again via a CLOSE_NOTIFY). 


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Virtualization Host: 4

Red Hat Virtualization: 4

External links

http://access.redhat.com/errata/RHSA-2019:2439


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cleartext storage of sensitive information

EUVDB-ID: #VU20066

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3888

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange), which includes logging of user credentials. A local user can view contents of log files and gain access to credentials in plain text that are stored in them.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Virtualization Host: 4

Red Hat Virtualization: 4

External links

http://access.redhat.com/errata/RHSA-2019:2439


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###