SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Red Hat Virtual Desktop Server Manager Vendors:   Red Hat
Red Hat Virtual Desktop Server Manager Lets Local Users Obtain Potentially Sensitive Information From Deleted Virtual Machines
SecurityTracker Alert ID:  1024137
SecurityTracker URL:  http://securitytracker.com/id/1024137
CVE Reference:   CVE-2010-2223   (Links to External Site)
Date:  Jun 22 2010
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Red Hat Virtual Desktop Server Manager. A local user (guest user) can obtain potentially sensitive information.

A local guest user in a new, raw virtual machine (VM) can read limited data from deleted VMs in that data domain.

Impact:   A local guest user can obtain potentially sensitive information from certain deleted virtual machines.
Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

https://rhn.redhat.com/errata/RHSA-2010-0476.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2010-0476.html (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Red Hat Enterprise)

Message History:   None.


 Source Message Contents

Date:  Tue, 22 Jun 2010 16:05:32 +0200
Subject:  [RHSA-2010:0476-01] Important: rhev-hypervisor security, bug fix, and enhancement update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rhev-hypervisor security, bug fix, and enhancement update
Advisory ID:       RHSA-2010:0476-01
Product:           Red Hat Enterprise Virtualization
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2010-0476.html
Issue date:        2010-06-22
CVE Names:         CVE-2010-0741 CVE-2010-2223 
=====================================================================

1. Summary:

An updated rhev-hypervisor package that fixes two security issues, multiple
bugs, and adds enhancements is now available.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Virtualization Hypervisor 5 - noarch

3. Description:

The rhev-hypervisor package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.

A flaw was found in the way QEMU-KVM handled erroneous data provided by the
Linux virtio-net driver, used by guest operating systems. Due to a
deficiency in the TSO (TCP segment offloading) implementation, a guest's
virtio-net driver would transmit improper data to a certain QEMU-KVM
process on the host, causing the guest to crash. A remote attacker could
use this flaw to send specially-crafted data to a target guest system,
causing that guest to crash. (CVE-2010-0741)

A flaw was found in the way the Virtual Desktop Server Manager (VDSM)
handled the removal of a virtual machine's (VM) data back end (such as an
image or a volume). When removing an image or a volume, it was not securely
deleted from its corresponding data domain as expected. A guest user in a
new, raw VM, created in a data domain that has had VMs deleted from it,
could use this flaw to read limited data from those deleted VMs,
potentially disclosing sensitive information. (CVE-2010-2223)

This updated package provides updated components that include fixes for
security issues; however, these issues have no security impact for Red Hat
Enterprise Virtualization Hypervisor. These fixes are for dbus issue
CVE-2009-1189; kernel issues CVE-2010-0307, CVE-2010-0410, CVE-2010-0730,
CVE-2010-1085, and CVE-2010-1086; openldap issue CVE-2009-3767; and sudo
issues CVE-2010-0426, CVE-2010-0427, and CVE-2010-1163.

This update also fixes several bugs and adds several enhancements.
Documentation for these bug fixes and enhancements is available from
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/2.2/html
/Servers-5.5-2.2_Hypervisor_Security_Update

As Red Hat Enterprise Virtualization Hypervisor is based on KVM, the bug
fixes and enhancements from the KVM updates RHSA-2010:0271 and
RHBA-2010:0419 have been included in this update. Also included are the bug
fixes and enhancements from the Virtual Desktop Server Manager (VDSM)
update RHSA-2010:0473, and fence-agents update RHBA-2010:0477.

KVM: https://rhn.redhat.com/errata/RHSA-2010-0271.html and
https://rhn.redhat.com/errata/RHBA-2010-0419.html
VDSM: https://rhn.redhat.com/errata/RHSA-2010-0473.html
fence-agents: https://rhn.redhat.com/errata/RHBA-2010-0477.html

Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which corrects these issues and adds these
enhancements.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

577218 - CVE-2010-0741 qemu: Improper handling of erroneous data provided by Linux virtio-net driver
604752 - CVE-2010-2223 vdsm: missing VM post-zeroing after removal

6. Package List:

Red Hat Enterprise Virtualization Hypervisor 5:

Source:
rhev-hypervisor-5.5-2.2.4.2.el5rhev.src.rpm

noarch:
rhev-hypervisor-5.5-2.2.4.2.el5rhev.noarch.rpm
rhev-hypervisor-pxe-5.5-2.2.4.2.el5rhev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0741.html
https://www.redhat.com/security/data/cve/CVE-2010-2223.html
http://www.redhat.com/security/updates/classification/#important
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization/2.2/html/Servers-5.5-2.2_Hypervisor_Security_Update

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMIMLMXlSAg2UNWIIRAsiDAKC4rcHuNlcuvaVYw7iZzryw11zj4QCdEFo7
T4/u9GXf/eqBbxALlCS+NMQ=
=MaGe
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC