VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-4236 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 2.7 |
---|---|
Base Metrics | AV:A/AC:L/Au:S/C:N/I:N/A:P |
Access Vector | Adjacent Network |
Access Complexity | Low |
Authentication | Single |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) | RHSA-2013:1181 | 2013-08-27 |
RHEV Agents (vdsm) (vdsm) | RHSA-2013:1155 | 2013-08-13 |
RHEV Manager 3 (vdsm) | RHSA-2013:1155 | 2013-08-13 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Virtualization Manager 2 | vdsm | Will not fix |