Vulnerabilities > CVE-2011-1166 - Improper Input Validation vulnerability in XEN
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 22 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_XEN-201105-110510.NASL description Collective May/2011 update for Xen Xen : - 691238 - L3: question on behaviour change xm list - 623680 - xen kernel freezes during boot when processor module is loaded - 680824 - dom0 can last seen 2020-06-01 modified 2020-06-02 plugin id 75776 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75776 title openSUSE Security Update : xen-201105 (openSUSE-SU-2011:0580-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xen-201105-4525. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75776); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-1146", "CVE-2011-1166", "CVE-2011-1486", "CVE-2011-1583"); script_name(english:"openSUSE Security Update : xen-201105 (openSUSE-SU-2011:0580-1)"); script_summary(english:"Check for the xen-201105-4525 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Collective May/2011 update for Xen Xen : - 691238 - L3: question on behaviour change xm list - 623680 - xen kernel freezes during boot when processor module is loaded - 680824 - dom0 can't recognize boot disk when IOMMU is enabled - 688473 - VUL-0: potential buffer overflow in tools - 679344 - VUL-0: Xen: multi-vCPU pv guest may crash host - 687981 - L3: mistyping model type when defining VIF crashes - 675817 - Kernel panic when creating HVM guests on AMD platforms with XSAVE - 678871 - dom0 hangs long time when starting hvm guests with memory >= 64GB - 675363 - Random lockups with kernel-xen. Possibly graphics related - 678229 - restore of sles HVM fails - 672833 - xen-tools bug causing problems with Ubuntu 10.10 under Xen 4. - 665610 - xm console > 1 to same VM messes up both consoles vm-install : - 688757 - SLED10SP4 fully virtualized in SLES10SP4 XEN - kernel panic - 678152 - Xen: virt-manager: harmless block device admin actions on FV guests mess up network (VIF) device type ==> network lost." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=623680" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=665610" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=672833" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675363" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675817" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678229" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678871" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=679344" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=680824" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=687981" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688473" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688757" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=691238" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-05/msg00066.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen-201105 packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vm-install"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"vm-install-0.4.30-0.4.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-devel-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-doc-html-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-doc-pdf-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-kmp-default-4.0.1_21326_08_k2.6.34.8_0.2-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-kmp-desktop-4.0.1_21326_08_k2.6.34.8_0.2-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-kmp-pae-4.0.1_21326_08_k2.6.34.8_0.2-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-libs-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-tools-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-tools-domU-4.0.1_21326_08-0.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-201105-110505.NASL description Collective May/2011 update for Xen Xen : - 679344: Xen: multi-vCPU pv guest may crash host - 675817: Kernel panic when creating HVM guests on AMD platforms with XSAVE - 678871: dom0 hangs long time when starting hvm guests with memory >= 64GB - 675363: Random lockups with kernel-xen. Possibly graphics related - 678229: restore of sles HVM fails - 672833: xen-tools bug causing problems with Ubuntu 10.10 under Xen 4. - 665610: xm console > 1 to same VM messes up both consoles - 687981: mistyping model type when defining VIF crashes VM - 688473: Fix potential buffer overflow in decode - 691238: revert accidental behaviour change in xm list - 680824: dom0 can last seen 2020-06-01 modified 2020-06-02 plugin id 54934 published 2011-06-01 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54934 title SuSE 11.1 Security Update : Xen (SAT Patch Number 4491) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(54934); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:43"); script_cve_id("CVE-2011-1146", "CVE-2011-1166", "CVE-2011-1486", "CVE-2011-1583"); script_name(english:"SuSE 11.1 Security Update : Xen (SAT Patch Number 4491)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Collective May/2011 update for Xen Xen : - 679344: Xen: multi-vCPU pv guest may crash host - 675817: Kernel panic when creating HVM guests on AMD platforms with XSAVE - 678871: dom0 hangs long time when starting hvm guests with memory >= 64GB - 675363: Random lockups with kernel-xen. Possibly graphics related - 678229: restore of sles HVM fails - 672833: xen-tools bug causing problems with Ubuntu 10.10 under Xen 4. - 665610: xm console > 1 to same VM messes up both consoles - 687981: mistyping model type when defining VIF crashes VM - 688473: Fix potential buffer overflow in decode - 691238: revert accidental behaviour change in xm list - 680824: dom0 can't recognize boot disk when IOMMU is enabled - 623680: xen kernel freezes during boot when processor module is loaded vm-install : - 678152: virt-manager: harmless block device admin actions on FV guests mess up network (VIF) device type ==> network lost. - 688757: SLED10SP4 fully virtualized in SLES10SP4 XEN - kernel panic libvirt : - 674371: qemu aio mode per disk - 675861: Force FLR on for buggy SR-IOV devices - 678406: libvirt: several API calls do not honour read-only - 684877: libvirt: error reporting in libvirtd is not thread safe - 686737: virsh: Add option 'model' to attach-interface - 681546: Fix xmdomain.cfg to libvirt XML format conversion - 688306: Handle support for recent KVM versions" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=623680" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=665610" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=672833" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=674371" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675363" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675817" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675861" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678229" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678406" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678871" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=679344" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=680824" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=681546" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=684877" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=686737" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=687981" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688306" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688473" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688757" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=691238" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1146.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1166.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1486.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1583.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4491."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libvirt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libvirt-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:vm-install"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libvirt-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libvirt-doc-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libvirt-python-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"vm-install-0.4.30-0.3.2")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-kmp-pae-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-libs-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-tools-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-tools-domU-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libvirt-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libvirt-doc-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libvirt-python-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"vm-install-0.4.30-0.3.2")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-libs-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-tools-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-tools-domU-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"libvirt-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"libvirt-doc-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"libvirt-python-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"vm-install-0.4.30-0.3.2")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-doc-html-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-doc-pdf-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-kmp-pae-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-libs-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-tools-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-tools-domU-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libvirt-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libvirt-doc-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libvirt-python-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"vm-install-0.4.30-0.3.2")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-doc-html-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-doc-pdf-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-libs-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-tools-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-tools-domU-4.0.1_21326_08-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id VMWARE_VMSA-2012-0001_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - COS kernel - cURL - python - rpm last seen 2020-06-01 modified 2020-06-02 plugin id 89105 published 2016-03-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89105 title VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2337.NASL description Several vulnerabilities were discovered in the Xen virtual machine hypervisor. - CVE-2011-1166 A 64-bit guest can get one of its vCPUs into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. - CVE-2011-1583, CVE-2011-3262 Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image. - CVE-2011-1898 When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS users can gain host OS privileges by writing to the interrupt injection registers. The oldstable distribution (lenny) contains a different version of Xen not affected by these problems. last seen 2020-03-17 modified 2011-11-07 plugin id 56716 published 2011-11-07 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56716 title Debian DSA-2337-1 : xen - several vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0833.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) * Multiple buffer overflow flaws were found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 67081 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67081 title CentOS 5 : kernel (CESA-2011:0833) NASL family SuSE Local Security Checks NASL id SUSE_XEN-201106-7547.NASL description This collective June/2011 Update for Xen provides the following fixes : - Xen does not properly check the upper boundary of user-supplied data in the get_free_port() function when getting a new event channel port. A local user on the guest operating system can exploit this flaw to cause denial of service conditions or potentially gain elevated privileges. (CVE-2011-1166) - 654798: Fix race between hotplug scripts writing to xenstore and xend registering a watch for the write. - 684297: HVM taking too long to dump vmcore - 688757: Fix kernel panic on fully virtualized setup - 658413: Fix root drive search on SLES 10-SP3 HVM guest - 675363: Random lockups with kernel-xen related to graphics last seen 2020-06-01 modified 2020-06-02 plugin id 57265 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57265 title SuSE 10 Security Update : Xen (ZYPP Patch Number 7547) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0833.NASL description From Red Hat Security Advisory 2011:0833 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) * Multiple buffer overflow flaws were found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 68276 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68276 title Oracle Linux 5 : kernel (ELSA-2011-0833) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0001.NASL description a. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues. b. ESX third-party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue. c. ESX third-party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. d. ESX third-party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues. e. ESX third-party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. f. ESX third-party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues. g. ESXi update to third-party component python The python third-party library is updated to python 2.5.6 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57749 published 2012-01-31 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57749 title VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console NASL family SuSE Local Security Checks NASL id SUSE_XEN-201108-7703.NASL description This update fixes various bugs in XEN : The following security issues have been fixed : - A denial of service (Host Crash) in the XEN hypervisor. (CVE-2011-2901) - A bug was found in the way Xen handles CPUID instruction emulation during VM exits. An unprivileged guest user can potentially use this flaw to crash the guest. (CVE-2011-1936) - A 64-bit guest can get one of its vcpus into non-kernel mode without first providing a valid non-kernel pagetable. The observed failure mode was usually a hard lockup of the host (host denial of service). (CVE-2011-1166) It fixes also the following bugs : - SLES 10 SP3 XEN: Device /dev/xvdp is already connected error when starting multiple vm last seen 2020-06-01 modified 2020-06-02 plugin id 56618 published 2011-10-24 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56618 title SuSE 10 Security Update : Xen (ZYPP Patch Number 7703) NASL family SuSE Local Security Checks NASL id SUSE_11_4_XEN-201105-110510.NASL description Collective May/2011 update for Xen Xen : - 675363 - Random lockups with kernel-xen. Possibly graphics related. - 679344 - Xen: multi-vCPU pv guest may crash host - 681044 - update xenpaging.autostart.patch - 681302 - xm create -x <guest> returns last seen 2020-06-01 modified 2020-06-02 plugin id 76048 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76048 title openSUSE Security Update : xen-201105 (openSUSE-SU-2011:0578-1) NASL family Scientific Linux Local Security Checks NASL id SL_20110531_KERNEL_ON_SL5_X.NASL description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) - Multiple buffer overflow flaws were found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 61059 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61059 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0833.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) * Multiple buffer overflow flaws were found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 54925 published 2011-06-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54925 title RHEL 5 : kernel (RHSA-2011:0833)
Redhat
| advisories |
| ||||
| rpms |
|