Lucene search
UbuntuUSN-2027-1HistoryNov 12, 2013 - 12:00 a.m.
SPICE vulnerability
2013-11-1200:00:00
ubuntu.com
44
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.2
Confidence
Low
EPSS
0.084
Percentile
94.5%
Releases
- Ubuntu 13.10
- Ubuntu 13.04
Packages
- spice - SPICE protocol client and server library
Details
Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in
SPICE tickets. An attacker could use this issue to cause the SPICE server
to crash, resulting in a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 13.10 | noarch | libspice-server1 | <Β 0.12.4-0nocelt1ubuntu0.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libspice-server-dev | <Β 0.12.4-0nocelt1ubuntu0.1 | UNKNOWN |
| Ubuntu | 13.10 | noarch | spice-client | <Β 0.12.4-0nocelt1ubuntu0.1 | UNKNOWN |
| Ubuntu | 13.04 | noarch | libspice-server1 | <Β 0.12.2-0nocelt2expubuntu1.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | libspice-server-dev | <Β 0.12.2-0nocelt2expubuntu1.2 | UNKNOWN |
| Ubuntu | 13.04 | noarch | spice-client | <Β 0.12.2-0nocelt2expubuntu1.2 | UNKNOWN |
References
Related
nessus
nessus
Scientific Linux Security Update : spice-server on SL6.x x86_64 (20131029)
2013-10-31 00:00:00
SUSE SLED12 / SLES12 Security Update : spice (SUSE-SU-2015:0884-1)
2015-05-20 00:00:00
Oracle Linux 6 : spice-server (ELSA-2013-1473)
2013-10-30 00:00:00
openvas
openvas
RedHat Update for spice-server RHSA-2013:1473-01
2013-11-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0884-1)
2021-04-19 00:00:00
RedHat Update for qspice RHSA-2013:1474-01
2013-11-08 00:00:00
ubuntucve
ubuntucve
CVE-2013-4282
2013-11-02 00:00:00
oraclelinux
oraclelinux
spice-server security update
2013-10-29 00:00:00
qspice security update
2013-10-29 00:00:00
suse
suse
Security update for spice (important)
2015-05-15 18:04:56
Security update for spice (important)
2015-05-16 01:04:53
cvelist
cvelist
CVE-2013-4282
2013-11-02 19:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: spice-0.12.4-3.fc20
2013-11-10 06:59:01
[SECURITY] Fedora 18 Update: spice-0.12.4-3.fc18
2013-11-08 04:37:11
[SECURITY] Fedora 19 Update: spice-0.12.4-3.fc19
2013-11-08 04:35:57
securityvulns
securityvulns
SPICE library buffer overflow
2013-11-18 00:00:00
[USN-2027-1] SPICE vulnerability
2013-11-18 00:00:00
nvd
nvd
CVE-2013-4282
2013-11-02 19:55:04
debiancve
debiancve
CVE-2013-4282
2013-11-02 19:55:04
prion
prion
Stack overflow
2013-11-02 19:55:00
centos
centos
spice security update
2013-10-30 02:12:05
qspice security update
2013-10-29 20:25:52
seebug
seebug
SPICE 'reds_handle_ticket()'ε½ζ°θΏη¨ζη»ζε‘ζΌζ΄
2013-10-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:01:01
redhat
redhat
(RHSA-2013:1474) Important: qspice security update
2013-10-29 00:00:00
(RHSA-2013:1473) Important: spice-server security update
2013-10-29 00:00:00
(RHSA-2013:1460) Important: rhev-hypervisor6 security and bug fix update
2013-10-29 00:00:00
mageia
mageia
Updated spice packages fix a security vulnerability
2014-01-21 20:20:58
cve
cve
CVE-2013-4282
2013-11-02 19:55:04
debian
debian
[SECURITY] [DSA 2839-1] spice security update
2014-01-08 14:41:30
[SECURITY] [DSA 2839-1] spice security update
2014-01-08 14:41:30
osv
osv
spice - denial of service
2014-01-08 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.2
Confidence
Low
EPSS
0.084
Percentile
94.5%
Related for USN-2027-1