Vulnerabilities > CVE-2007-5906 - Local Denial of Service vulnerability in Xensource INC XEN 3.1.1
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_XEN-4764.NASL description This update fixes various Xen issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. CVE-2007-5907: Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). Also the following bugs were fixed: 279062: Timer ISR/1: Time went backwards 340379: Xen-3.04_13138-0.52 not working with FV File-Backed VMs last seen 2020-06-01 modified 2020-06-02 plugin id 29891 published 2008-01-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29891 title openSUSE 10 Security Update : xen (xen-4764) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xen-4764. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(29891); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-5906", "CVE-2007-5907"); script_name(english:"openSUSE 10 Security Update : xen (xen-4764)"); script_summary(english:"Check for the xen-4764 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes various Xen issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. CVE-2007-5907: Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). Also the following bugs were fixed: 279062: Timer ISR/1: Time went backwards 340379: Xen-3.04_13138-0.52 not working with FV File-Backed VMs" ); script_set_attribute(attribute:"solution", value:"Update the affected xen packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-ps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-ioemu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"xen-3.0.4_13138-0.60") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xen-devel-3.0.4_13138-0.60") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xen-doc-html-3.0.4_13138-0.60") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xen-doc-pdf-3.0.4_13138-0.60") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xen-doc-ps-3.0.4_13138-0.60") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xen-libs-3.0.4_13138-0.60") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xen-tools-3.0.4_13138-0.60") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xen-tools-ioemu-3.0.4_13138-0.60") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"xen-libs-32bit-3.0.4_13138-0.60") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-doc-html / xen-doc-pdf / xen-doc-ps / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_XEN-4901.NASL description This update fixes Xen security issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. CVE-2007-5907: Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). last seen 2020-06-01 modified 2020-06-02 plugin id 29963 published 2008-01-14 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29963 title openSUSE 10 Security Update : xen (xen-4901) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xen-4901. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(29963); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2007-5906", "CVE-2007-5907"); script_name(english:"openSUSE 10 Security Update : xen (xen-4901)"); script_summary(english:"Check for the xen-4901 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes Xen security issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. CVE-2007-5907: Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash)." ); script_set_attribute(attribute:"solution", value:"Update the affected xen packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-ps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-ioemu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"xen-3.0.3_11774-23") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xen-devel-3.0.3_11774-23") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xen-doc-html-3.0.3_11774-23") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xen-doc-pdf-3.0.3_11774-23") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xen-doc-ps-3.0.3_11774-23") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xen-libs-3.0.3_11774-23") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xen-tools-3.0.3_11774-23") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xen-tools-ioemu-3.0.3_11774-23") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-doc-html / xen-doc-pdf / xen-doc-ps / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_XEN-4854.NASL description This update fixes various Xen issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. CVE-2007-5907: Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). Also the following bugs were fixed: 279062: Timer ISR/1: Time went backwards 286859: Fix booting from SAN 310279: Kernel Panic while booting Xen 338486: xen fails to start when option last seen 2020-06-01 modified 2020-06-02 plugin id 29792 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29792 title openSUSE 10 Security Update : xen (xen-4854) NASL family SuSE Local Security Checks NASL id SUSE_XEN-4766.NASL description This update fixes various Xen issues. Two security problems were fixed: CVE-2007-5906: Xen allowed virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. - Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). (CVE-2007-5907) Also the following bugs were fixed: 279062: Timer ISR/1: Time went backwards 340379: Xen-3.04_13138-0.52 not working with FV File-Backed VMs last seen 2020-06-01 modified 2020-06-02 plugin id 29791 published 2007-12-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29791 title SuSE 10 Security Update : xen (ZYPP Patch Number 4766)
Redhat
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
- http://lists.xensource.com/archives/html/xen-devel/2007-10/msg01048.html
- http://secunia.com/advisories/28405
- http://secunia.com/advisories/28412
- http://secunia.com/advisories/28636
- http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
- http://www.securityfocus.com/bid/27219