971172 – (CVE-2013-2152) CVE-2013-2152 rhevm: spice service unquoted search path

Bug 971172 (CVE-2013-2152) - CVE-2013-2152 rhevm: spice service unquoted search path

Summary: CVE-2013-2152 rhevm: spice service unquoted search path

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-2152
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	949899
Blocks:	971173 971175 971177
TreeView+	depends on / blocked

Reported:	2013-06-05 21:31 UTC by Petr Matousek
Modified:	2019-09-29 13:05 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-06-11 07:08:12 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0924	0	normal	SHIPPED_LIVE	Important: spice-vdagent-win security and bug fix update	2013-07-02 18:52:44 UTC
Red Hat Product Errata	RHSA-2013:0925	0	normal	SHIPPED_LIVE	Important: rhev-guest-tools-iso security and bug fix update	2013-06-11 00:35:30 UTC

Description Petr Matousek 2013-06-05 21:31:30 UTC

An unquoted search path flaw was found in the way Spice service for Windows was installed into the system.

A local unprivileged user could use this flaw to increase their privileges.

References:

http://cwe.mitre.org/data/definitions/428.html

Comment 2 errata-xmlrpc 2013-06-10 20:27:51 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Virtualization 3.2

Via RHSA-2013:0924 https://rhn.redhat.com/errata/RHSA-2013-0924.html

Comment 3 errata-xmlrpc 2013-06-10 20:51:53 UTC

This issue has been addressed in following products:

  RHEV Manager version 3.2

Via RHSA-2013:0925 https://rhn.redhat.com/errata/RHSA-2013-0925.html

Note You need to log in before you can comment on or make changes to this bug.