Vulnerability CVE-2020-25651

Vulnerability Name:

CVE-2020-25651 (CCN-191194)

Published:

2020-11-03

Updated:

2021-10-19

Summary:

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.

CVSS v3 Severity:

6.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L)
5.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): Low

6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): High

6.4 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L)
5.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Partial

5.6 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-200
CWE-362
CWE-200

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-25651

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1886359

Source: CCN
Type: Bugzilla Bug 1173749
AUDIT-0: spice-vdagent: spice-vdagentd.service can be implicitly started by default

Source: XF
Type: UNKNOWN
spice-vdagent-cve202025651-dos(191194)

Source: CCN
Type: vd_agent GitLab Web site
vd_agent

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-510977db25

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-09ce0cdfac

Source: CCN
Type: oss-sec Mailing List, Wed, 4 Nov 2020 10:17:05 +0100
Security Issues in the spice-vdagentd daemon

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/11/04/1

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-25651

Vulnerable Configuration:

Configuration 1:

cpe:/a:spice-space:spice-vdagent:*:*:*:*:*:*:*:* (Version <= 0.20.0)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202025651	V	CVE-2020-25651	2022-08-07
oval:org.opensuse.security:def:3354	P	spice-vdagent-0.21.0-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2909	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94749	P	libzzip-0-13-0.13.69-3.10.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94984	P	spice-vdagent-0.21.0-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2919	P	file-5.32-7.14.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:363	P	spice-vdagent-0.21.0-3.3.1 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:99725	P	(Important)	2022-03-30
oval:org.opensuse.security:def:100035	P	(Important)	2021-12-22
oval:org.opensuse.security:def:49303	P	Security update for python-Babel (Important)	2021-12-22
oval:org.opensuse.security:def:93279	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:49458	P	Security update for php74 (Moderate)	2021-12-06
oval:org.opensuse.security:def:64808	P	Security update for webkit2gtk3 (Important)	2021-12-02
oval:org.opensuse.security:def:96617	P	libXrender-devel-0.9.10-1.30 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:70482	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:73696	P	Security update for wireshark (Moderate)	2021-09-13
oval:org.opensuse.security:def:64564	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:99134	P	(Moderate)	2021-08-23
oval:org.opensuse.security:def:10141	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:91989	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:9387	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92775	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:69916	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:10327	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:8642	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92184	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:9577	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:99327	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92973	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:70281	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:8828	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92377	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:69527	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:9776	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:99526	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:93126	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:70467	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:9023	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:98939	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:92576	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:69717	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:60333	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:32980	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:87444	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:34510	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:58803	P	Security update for spice-vdagent (Moderate)	2021-08-17
oval:org.opensuse.security:def:2264	P	libvirglrenderer0-0.6.0-4.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2271	P	openslp-server-2.0.0-6.15.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2269	P	nginx-1.19.8-1.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2259	P	libshibsp-lite8-3.1.0-1.30 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2240	P	gnuplot-5.2.2-3.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2233	P	davfs2-1.5.4-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2230	P	apache2-mod_wsgi-python3-4.5.18-2.27 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:4209	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:65298	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:74366	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:101713	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:111650	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:101462	P	Security update for cryptctl (Important)	2021-06-23
oval:org.opensuse.security:def:67126	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:64701	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:64700	P	Security update for bind (Important)	2021-06-01
oval:org.opensuse.security:def:73817	P	Security update for libX11 (Moderate)	2021-05-26
oval:com.redhat.rhsa:def:20211791	P	RHSA-2021:1791: spice-vdagent security and bug fix update (Moderate)	2021-05-18
oval:org.opensuse.security:def:70374	P	Security update for OpenIPMI (Moderate)	2021-04-01
oval:org.opensuse.security:def:67031	P	Security update for slurm_20_11 and pdsh (Important)	2021-02-18
oval:org.opensuse.security:def:49912	P	terraform on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64235	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63859	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:64006	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:51354	P	Security update for spice-vdagent (Important)	2020-12-01
oval:org.opensuse.security:def:64968	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:49780	P	cups-ddk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75155	P	Security update for spice-vdagent (Important)	2020-12-01
oval:org.opensuse.security:def:50016	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49847	P	log4j12-javadoc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49691	P	libraptor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51292	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:49943	P	dhcp-relay on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75022	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:64910	P	Security update for libjpeg-turbo (Important)	2020-12-01
oval:org.opensuse.security:def:65080	P	Security update for postgresql12 (Important)	2020-12-01
oval:org.opensuse.security:def:49208	P	libopus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:110850	P	Security update for spice-vdagent (Important)	2020-11-11
oval:org.opensuse.security:def:108128	P	Security update for spice-vdagent (Important)	2020-11-10

BACK