Vulnerabilities > CVE-2011-1583 - Numeric Errors vulnerability in Citrix XEN
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_XEN-201105-110510.NASL description Collective May/2011 update for Xen Xen : - 691238 - L3: question on behaviour change xm list - 623680 - xen kernel freezes during boot when processor module is loaded - 680824 - dom0 can last seen 2020-06-01 modified 2020-06-02 plugin id 75776 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75776 title openSUSE Security Update : xen-201105 (openSUSE-SU-2011:0580-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xen-201105-4525. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75776); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-1146", "CVE-2011-1166", "CVE-2011-1486", "CVE-2011-1583"); script_name(english:"openSUSE Security Update : xen-201105 (openSUSE-SU-2011:0580-1)"); script_summary(english:"Check for the xen-201105-4525 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Collective May/2011 update for Xen Xen : - 691238 - L3: question on behaviour change xm list - 623680 - xen kernel freezes during boot when processor module is loaded - 680824 - dom0 can't recognize boot disk when IOMMU is enabled - 688473 - VUL-0: potential buffer overflow in tools - 679344 - VUL-0: Xen: multi-vCPU pv guest may crash host - 687981 - L3: mistyping model type when defining VIF crashes - 675817 - Kernel panic when creating HVM guests on AMD platforms with XSAVE - 678871 - dom0 hangs long time when starting hvm guests with memory >= 64GB - 675363 - Random lockups with kernel-xen. Possibly graphics related - 678229 - restore of sles HVM fails - 672833 - xen-tools bug causing problems with Ubuntu 10.10 under Xen 4. - 665610 - xm console > 1 to same VM messes up both consoles vm-install : - 688757 - SLED10SP4 fully virtualized in SLES10SP4 XEN - kernel panic - 678152 - Xen: virt-manager: harmless block device admin actions on FV guests mess up network (VIF) device type ==> network lost." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=623680" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=665610" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=672833" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675363" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675817" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678229" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678871" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=679344" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=680824" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=687981" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688473" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688757" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=691238" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-05/msg00066.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen-201105 packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vm-install"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"vm-install-0.4.30-0.4.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-devel-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-doc-html-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-doc-pdf-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-kmp-default-4.0.1_21326_08_k2.6.34.8_0.2-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-kmp-desktop-4.0.1_21326_08_k2.6.34.8_0.2-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-kmp-pae-4.0.1_21326_08_k2.6.34.8_0.2-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-libs-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-tools-4.0.1_21326_08-0.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"xen-tools-domU-4.0.1_21326_08-0.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-201105-110505.NASL description Collective May/2011 update for Xen Xen : - 679344: Xen: multi-vCPU pv guest may crash host - 675817: Kernel panic when creating HVM guests on AMD platforms with XSAVE - 678871: dom0 hangs long time when starting hvm guests with memory >= 64GB - 675363: Random lockups with kernel-xen. Possibly graphics related - 678229: restore of sles HVM fails - 672833: xen-tools bug causing problems with Ubuntu 10.10 under Xen 4. - 665610: xm console > 1 to same VM messes up both consoles - 687981: mistyping model type when defining VIF crashes VM - 688473: Fix potential buffer overflow in decode - 691238: revert accidental behaviour change in xm list - 680824: dom0 can last seen 2020-06-01 modified 2020-06-02 plugin id 54934 published 2011-06-01 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54934 title SuSE 11.1 Security Update : Xen (SAT Patch Number 4491) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(54934); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:43"); script_cve_id("CVE-2011-1146", "CVE-2011-1166", "CVE-2011-1486", "CVE-2011-1583"); script_name(english:"SuSE 11.1 Security Update : Xen (SAT Patch Number 4491)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Collective May/2011 update for Xen Xen : - 679344: Xen: multi-vCPU pv guest may crash host - 675817: Kernel panic when creating HVM guests on AMD platforms with XSAVE - 678871: dom0 hangs long time when starting hvm guests with memory >= 64GB - 675363: Random lockups with kernel-xen. Possibly graphics related - 678229: restore of sles HVM fails - 672833: xen-tools bug causing problems with Ubuntu 10.10 under Xen 4. - 665610: xm console > 1 to same VM messes up both consoles - 687981: mistyping model type when defining VIF crashes VM - 688473: Fix potential buffer overflow in decode - 691238: revert accidental behaviour change in xm list - 680824: dom0 can't recognize boot disk when IOMMU is enabled - 623680: xen kernel freezes during boot when processor module is loaded vm-install : - 678152: virt-manager: harmless block device admin actions on FV guests mess up network (VIF) device type ==> network lost. - 688757: SLED10SP4 fully virtualized in SLES10SP4 XEN - kernel panic libvirt : - 674371: qemu aio mode per disk - 675861: Force FLR on for buggy SR-IOV devices - 678406: libvirt: several API calls do not honour read-only - 684877: libvirt: error reporting in libvirtd is not thread safe - 686737: virsh: Add option 'model' to attach-interface - 681546: Fix xmdomain.cfg to libvirt XML format conversion - 688306: Handle support for recent KVM versions" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=623680" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=665610" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=672833" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=674371" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675363" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675817" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=675861" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678229" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678406" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=678871" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=679344" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=680824" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=681546" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=684877" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=686737" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=687981" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688306" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688473" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688757" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=691238" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1146.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1166.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1486.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-1583.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4491."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libvirt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libvirt-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:vm-install"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1"); flag = 0; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libvirt-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libvirt-doc-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libvirt-python-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"vm-install-0.4.30-0.3.2")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-kmp-pae-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-libs-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-tools-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"xen-tools-domU-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libvirt-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libvirt-doc-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libvirt-python-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"vm-install-0.4.30-0.3.2")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-libs-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-tools-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"xen-tools-domU-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"libvirt-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"libvirt-doc-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"libvirt-python-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"vm-install-0.4.30-0.3.2")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-doc-html-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-doc-pdf-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-kmp-pae-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-libs-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-tools-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"xen-tools-domU-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libvirt-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libvirt-doc-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libvirt-python-0.7.6-1.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"vm-install-0.4.30-0.3.2")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-doc-html-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-doc-pdf-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-kmp-default-4.0.1_21326_08_2.6.32.36_0.5-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-libs-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-tools-4.0.1_21326_08-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"xen-tools-domU-4.0.1_21326_08-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2011-0007.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Integer overflows and lack of checking of length fields (CVE-2011-1583) last seen 2020-06-01 modified 2020-06-02 plugin id 79473 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79473 title OracleVM 2.2 : xen (OVMSA-2011-0007) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2011-0007. # include("compat.inc"); if (description) { script_id(79473); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2011-1583"); script_bugtraq_id(47779); script_name(english:"OracleVM 2.2 : xen (OVMSA-2011-0007)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - Integer overflows and lack of checking of length fields (CVE-2011-1583)" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2011-May/000061.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-pvhvm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/12"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); flag = 0; if (rpm_check(release:"OVS2.2", reference:"xen-3.4.0-0.1.31.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-64-3.4.0-0.1.31.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-debugger-3.4.0-0.1.31.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-devel-3.4.0-0.1.31.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-pvhvm-devel-3.4.0-0.1.31.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-tools-3.4.0-0.1.31.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2337.NASL description Several vulnerabilities were discovered in the Xen virtual machine hypervisor. - CVE-2011-1166 A 64-bit guest can get one of its vCPUs into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. - CVE-2011-1583, CVE-2011-3262 Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image. - CVE-2011-1898 When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS users can gain host OS privileges by writing to the interrupt injection registers. The oldstable distribution (lenny) contains a different version of Xen not affected by these problems. last seen 2020-03-17 modified 2011-11-07 plugin id 56716 published 2011-11-07 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56716 title Debian DSA-2337-1 : xen - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2337. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(56716); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-1166", "CVE-2011-1583", "CVE-2011-1898", "CVE-2011-3262"); script_bugtraq_id(47779, 48058, 48515); script_xref(name:"DSA", value:"2337"); script_name(english:"Debian DSA-2337-1 : xen - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities were discovered in the Xen virtual machine hypervisor. - CVE-2011-1166 A 64-bit guest can get one of its vCPUs into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. - CVE-2011-1583, CVE-2011-3262 Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image. - CVE-2011-1898 When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS users can gain host OS privileges by writing to the interrupt injection registers. The oldstable distribution (lenny) contains a different version of Xen not affected by these problems." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-1166" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-1583" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-3262" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-1898" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/xen" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2011/dsa-2337" ); script_set_attribute( attribute:"solution", value: "Upgrade the xen packages. For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-4." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libxen-dev", reference:"4.0.1-4")) flag++; if (deb_check(release:"6.0", prefix:"libxenstore3.0", reference:"4.0.1-4")) flag++; if (deb_check(release:"6.0", prefix:"xen-docs-4.0", reference:"4.0.1-4")) flag++; if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-amd64", reference:"4.0.1-4")) flag++; if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-i386", reference:"4.0.1-4")) flag++; if (deb_check(release:"6.0", prefix:"xen-utils-4.0", reference:"4.0.1-4")) flag++; if (deb_check(release:"6.0", prefix:"xenstore-utils", reference:"4.0.1-4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Scientific Linux Local Security Checks NASL id SL_20110509_XEN_ON_SL5_X.NASL description It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 61034 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61034 title Scientific Linux Security Update : xen on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61034); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:19"); script_cve_id("CVE-2011-1583"); script_name(english:"Scientific Linux Security Update : xen on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) The system must be rebooted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1105&L=scientific-linux-errata&T=0&P=606 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4bc10770" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"e4fsprogs-1.41.9-3.el5")) flag++; if (rpm_check(release:"SL5", reference:"e4fsprogs-devel-1.41.9-3.el5")) flag++; if (rpm_check(release:"SL5", reference:"e4fsprogs-libs-1.41.9-3.el5")) flag++; if (rpm_check(release:"SL5", reference:"xen-3.0.3-120.el5_6.2")) flag++; if (rpm_check(release:"SL5", reference:"xen-devel-3.0.3-120.el5_6.2")) flag++; if (rpm_check(release:"SL5", reference:"xen-libs-3.0.3-120.el5_6.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0496.NASL description From Red Hat Security Advisory 2011:0496 : Updated xen packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) All xen users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68272 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68272 title Oracle Linux 5 : xen (ELSA-2011-0496) NASL family Fedora Local Security Checks NASL id FEDORA_2011-6914.NASL description gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest. [CVE-2011-1583] Don last seen 2020-06-01 modified 2020-06-02 plugin id 54634 published 2011-05-25 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54634 title Fedora 14 : xen-4.0.1-11.fc14 (2011-6914) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0496.NASL description Updated xen packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) All xen users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 53853 published 2011-05-10 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53853 title RHEL 5 : xen (RHSA-2011:0496) NASL family SuSE Local Security Checks NASL id SUSE_11_4_XEN-201105-110510.NASL description Collective May/2011 update for Xen Xen : - 675363 - Random lockups with kernel-xen. Possibly graphics related. - 679344 - Xen: multi-vCPU pv guest may crash host - 681044 - update xenpaging.autostart.patch - 681302 - xm create -x <guest> returns last seen 2020-06-01 modified 2020-06-02 plugin id 76048 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76048 title openSUSE Security Update : xen-201105 (openSUSE-SU-2011:0578-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0496.NASL description Updated xen packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) All xen users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 53870 published 2011-05-12 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53870 title CentOS 5 : xen (CESA-2011:0496) NASL family Fedora Local Security Checks NASL id FEDORA_2011-6859.NASL description Overflows in kernel decompression can allow root on xen PV guest to gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest. [CVE-2011-1583] Don last seen 2020-06-01 modified 2020-06-02 plugin id 54574 published 2011-05-19 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54574 title Fedora 15 : xen-4.1.0-2.fc15 (2011-6859) NASL family Fedora Local Security Checks NASL id FEDORA_2011-7421.NASL description gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest. [CVE-2011-1583] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 54947 published 2011-06-03 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54947 title Fedora 13 : xen-3.4.3-3.fc13 (2011-7421)
Redhat
advisories |
| ||||
rpms |
|