You are here

CVE-2013-4236

Vincent (CVE) Danen's picture
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167.

Details Source

Mitre

Public Date

2013-07-16 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-4236 vdsm: incomplete fix for CVE-2013-0167 issue

Bugzilla ID

996 166

CVSS Status

verified

Base Score

2.70

Base Metrics

AV:A/AC:L/Au:S/C:N/I:N/A:P

Acknowledgements

This issue was found by David Gibson of Red Hat.

Red Hat Security Errata

Platform Errata Release Date
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) RHSA-2013:1181 2013-08-27
RHEV Agents (vdsm) (vdsm) RHSA-2013:1155 2013-08-13
RHEV-M for Servers (vdsm) RHSA-2013:1155 2013-08-13

Affected Packages State

Platform Package State
Red Hat Enterprise Virtualization Manager 2 vdsm Will not fix