Rapid7 Vulnerability & Exploit Database

RHSA-2010:0651: spice-xpi security and bug fix update

Back to Search

RHSA-2010:0651: spice-xpi security and bug fix update



The Simple Protocol for Independent Computing Environments (SPICE) is aremote display protocol used in Red Hat Enterprise Linux for viewingvirtualized guests running on the Kernel-based Virtual Machine (KVM)hypervisor, or on Red Hat Enterprise Virtualization Hypervisor.The spice-xpi package provides a plug-in that allows the SPICE client torun from within Mozilla Firefox.A race condition was found in the way the SPICE Firefox plug-in and theSPICE client communicated. A local attacker could use this flaw to trickthe plug-in and the SPICE client into communicating over anattacker-controlled socket, possibly gaining access to authenticationdetails, or resulting in a man-in-the-middle attack on the SPICEconnection. (CVE-2010-2792)It was found that the SPICE Firefox plug-in used a predictable name for itslog file. A local attacker could use this flaw to conduct a symbolic linkattack, allowing them to overwrite arbitrary files accessible to the userrunning Firefox. (CVE-2010-2794)This update also fixes the following bugs:Note: This update should be installed together with the RHSA-2010:0632qspice-client update: https://rhn.redhat.com/errata/RHSA-2010-0632.htmlUsers of spice-xpi should upgrade to this updated package, which containsbackported patches to correct these issues. After installing the update,Firefox must be restarted for the changes to take effect.


  • redhat-upgrade-spice-xpi

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center