CVE-2015-2152 - OpenCVE

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:20:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:22:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
http://www.securityfocus.com/bid/73068
http://www.securitytracker.com/id/1031806	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031919	Third Party Advisory VDB Entry
http://xenbits.xen.org/xsa/advisory-119.html	Patch Vendor Advisory
https://security.gentoo.org/glsa/201504-04

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-03-18T16:00:00

Updated: 2016-12-30T16:57:01

Reserved: 2015-02-28T00:00:00

Link: CVE-2015-2152

JSON object: View

NVD Information

Status : Modified

Published: 2015-03-18T16:59:02.483

Modified: 2018-10-30T16:26:52.560

Link: CVE-2015-2152

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-12T00:00:00", "descriptions": [{"lang": "en", "value": "Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201504-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201504-04"}, {"name": "1031919", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031919"}, {"name": "FEDORA-2015-3944", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html"}, {"name": "FEDORA-2015-3721", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html"}, {"name": "73068", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73068"}, {"name": "FEDORA-2015-3935", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-119.html"}, {"name": "openSUSE-SU-2015:0732", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html"}, {"name": "1031806", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031806"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2152", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201504-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-04"}, {"name": "1031919", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031919"}, {"name": "FEDORA-2015-3944", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html"}, {"name": "FEDORA-2015-3721", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html"}, {"name": "73068", "refsource": "BID", "url": "http://www.securityfocus.com/bid/73068"}, {"name": "FEDORA-2015-3935", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html"}, {"name": "http://xenbits.xen.org/xsa/advisory-119.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-119.html"}, {"name": "openSUSE-SU-2015:0732", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html"}, {"name": "1031806", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031806"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-2152", "datePublished": "2015-03-18T16:00:00", "dateReserved": "2015-02-28T00:00:00", "dateUpdated": "2016-12-30T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE6592AF-775F-4B8A-8E33-57A1239852E3", "versionEndIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support."}, {"lang": "es", "value": "Xen 4.5.x y anteriores capacita a ciertos backends por defecto cuando emula un dispositivo VGA para una gemu invitado de x86 HVM incluso cuando la configuraci\u00f3n las descapacite, lo que permite a usuarios locales invitados obtener acceso a la consola VGA mediante (1) la configuraci\u00f3n de la variable de entorno DISPLAY, cuando est\u00e9 compilada con el soporte SDL, o la conexi\u00f3n al servidor VNC server en (2) ::1 o (3) 127.0.0.1, cuando no est\u00e9 compilado con el soporte SDL."}], "id": "CVE-2015-2152", "lastModified": "2018-10-30T16:26:52.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-18T16:59:02.483", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/73068"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1031806"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1031919"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-119.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201504-04"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}