CVE-2010-2793 — Race Condition in Redhat Enterprise Virtualization Manager

CWE-362 — Race Condition5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 54.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization Manager

Timeline

PublishedDec 8

Latest updateMay 17

Description

Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2.2.4 allows local users to create a certain named pipe, and consequently gain privileges, via vectors involving knowledge of the name of this named pipe, in conjunction with use of the ImpersonateNamedPipeClient function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization_manager2.2.3+2

🔴Vulnerability Details

GHSA

GHSA-75v4-749r-wgh6: Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2↗2022-05-17

▶

CVEList

CVE-2010-2793: Race condition in the SPICE (aka spice-activex) plug-in for Internet Explorer in Red Hat Enterprise Virtualization (RHEV) Manager before 2↗2010-12-08

▶

📋Vendor Advisories

Red Hat

spice activex/spicec named pipe races↗2010-12-06

▶

💬Community

Bugzilla

CVE-2010-2793 spice activex/spicec named pipe races↗2010-08-02

▶