PT-2013-1186 · Red Hat+2 · Spice-Server-Debuginfo+10

Tomas Jamrisko

·

Published

2013-10-29

·

Updated

2024-06-15

·

CVE-2013-4282

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions SPICE version 0.12.0 qspice versions 0.3.0 qspice-libs version 0.3.0 qspice-libs-devel version 0.3.0 qspice-debuginfo version 0.3.0 spice-server version 0.12.0 spice-server-devel version 0.12.0 spice-server-debuginfo version 0.12.0
Description The issue is related to a stack-based buffer overflow in the reds handle ticket function in server/reds.c that allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. This can lead to disruption of protected information and can be exploited remotely.
Recommendations For SPICE version 0.12.0, consider disabling the reds handle ticket function until a patch is available. For qspice versions 0.3.0, qspice-libs version 0.3.0, qspice-libs-devel version 0.3.0, qspice-debuginfo version 0.3.0, spice-server version 0.12.0, spice-server-devel version 0.12.0, and spice-server-debuginfo version 0.12.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-07076
BDU:2015-07077
BDU:2015-07078
BDU:2015-07079
BDU:2015-07099
BDU:2015-07100
BDU:2015-07101
BDU:2015-09035
BDU:2015-09036
BDU:2015-09037
CESA-2013_1473
CVE-2013-4282
DSA-2839-1
MGASA-2014-0022
OPENSUSE-SU-2024:11397-1
RHSA-2013:1460
RHSA-2013:1473
RHSA-2013:1474
RHSA-2013_1473
RHSA-2013_1474
SUSE-SU-2015:0884-1
SUSE-SU-2015:0884-2
SUSE-SU-2015_0884-1
SUSE-SU-2015_0884-2
USN-2027-1

Affected Products

Centos
Red Hat
Spice
Suse
Qspice
Qspice-Debuginfo
Qspice-Libs
Qspice-Libs-Devel
Spice-Server
Spice-Server-Debuginfo
Spice-Server-Devel