Vulnerabilities > CVE-2012-3497 - Improper Input Validation vulnerability in XEN 4.0.0/4.1.0/4.2.0

047910
CVSS 6.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
xen
CWE-20
nessus

Summary

(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.

Vulnerable Configurations

Part Description Count
OS
Xen
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-0446-1.NASL
    descriptionThe SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to
    last seen2020-06-05
    modified2015-05-20
    plugin id83616
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83616
    titleSUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2014:0446-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83616);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6885", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894");
      script_bugtraq_id(17600, 22967, 55410, 55442, 56289, 56498, 56794, 56796, 56797, 56798, 56803, 57159, 57223, 57420, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60282, 60701, 60702, 60703, 60721, 60799, 61424, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 65419);
    
      script_name(english:"SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor
    and toolset have been updated to fix various security issues and some
    bugs.
    
    The following security issues have been addressed :
    
    XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both
    problems with the overflow issue being present for more than just the
    suboperations listed above. (bnc#860163)
    
    XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1,
    while not affected by the above overflow, have a different
    overflow issue on FLASK_{GET,SET}BOOL and expose
    unreasonably large memory allocation to arbitrary guests.
    (bnc#860163)
    
    XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER
    and FLASK_CONTEXT_TO_SID suboperations of the flask
    hypercall are vulnerable to an integer overflow on the input
    size. The hypercalls attempt to allocate a buffer which is 1
    larger than this size and is therefore vulnerable to integer
    overflow and an attempt to allocate then access a zero byte
    buffer. (bnc#860163)
    
    XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through
    0Fh processors does not properly handle the interaction
    between locked instructions and write-combined memory types,
    which allows local users to cause a denial of service
    (system hang) via a crafted application, aka the errata 793
    issue. (bnc#853049)
    
    XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly
    4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1)
    does not properly prevent access to hypercalls, which allows
    local guest users to gain privileges via a crafted
    application running in ring 1 or 2. (bnc#849668)
    
    XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall
    in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always
    obtain the page_alloc_lock and mm_rwlock in the same order,
    which allows local guest administrators to cause a denial of
    service (host deadlock). (bnc#849667)
    
    XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x
    does not take the page_alloc_lock and grant_table.lock in
    the same order, which allows local guest administrators with
    access to multiple vcpus to cause a denial of service (host
    deadlock) via unspecified vectors. (bnc#848657)
    
    XSA-67: CVE-2013-4368: The outs instruction emulation in Xen
    3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS:
    segment override, uses an uninitialized variable as a
    segment base, which allows local 64-bit PV guests to obtain
    sensitive information (hypervisor stack content) via
    unspecified vectors related to stale data in a segment
    register. (bnc#842511)
    
    XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen
    3.3.x through 4.3.x does not use the correct variable for
    the source effective address, which allows local HVM guests
    to obtain hypervisor stack information by reading the values
    used by the instruction. (bnc#841766)
    
    XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not
    properly handle certain errors, which allows local HVM
    guests to obtain hypervisor stack memory via a (1) port or
    (2) memory mapped I/O write or (3) other unspecified
    operations related to addresses without associated memory.
    (bnc#840592)
    
    XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX
    or LWP capable CPUs, does not properly clear previous data
    from registers when using an XSAVE or XRSTOR to extend the
    state components of a saved or restored vCPU after touching
    other restored extended registers, which allows local guest
    OSes to obtain sensitive information by reading the
    registers. (bnc#839596)
    
    XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen
    4.0.x through 4.2.x, when IOMMU is disabled, provides access
    to a busmastering-capable PCI passthrough device before the
    IOMMU setup is complete, which allows local HVM guest
    domains to gain privileges or cause a denial of service via
    a DMA instruction. (bnc#839618)
    
    XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen
    3.3 through 4.3, when disabling chaches, allows local HVM
    guests with access to memory mapped I/O regions to cause a
    denial of service (CPU consumption and possibly hypervisor
    or guest kernel panic) via a crafted GFN range. (bnc#831120)
    
    XSA-58: CVE-2013-1918: Certain page table manipulation
    operations in Xen 4.1.x, 4.2.x, and earlier are not
    preemptible, which allows local PV kernels to cause a denial
    of service via vectors related to 'deep page table
    traversal.' (bnc#826882)
    
    XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the XSA-45
    patch is in place, does not properly maintain references on
    pages stored for deferred cleanup, which allows local PV
    guest kernels to cause a denial of service (premature page
    free and hypervisor crash) or possible gain privileges via
    unspecified vectors. (bnc#826882)
    
    XSA-57: CVE-2013-2211: The libxenlight (libxl) toolstack
    library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions
    for xenstore keys for paravirtualised and emulated serial
    console devices, which allows local guest administrators to
    modify the xenstore value via unspecified vectors.
    (bnc#823608)
    
    XSA-56: CVE-2013-2072: Buffer overflow in the Python
    bindings for the xc_vcpu_setaffinity call in Xen 4.0.x,
    4.1.x, and 4.2.x allows local administrators with
    permissions to configure VCPU affinity to cause a denial of
    service (memory corruption and xend toolstack crash) and
    possibly gain privileges via a crafted cpumap. (bnc#819416)
    
    XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities
    in the Elf parser (libelf) in Xen 4.2.x and earlier allow
    local guest administrators with certain permissions to have
    an unspecified impact via a crafted kernel, related to
    'other problems' that are not CVE-2013-2194 or
    CVE-2013-2195. (bnc#823011)
    
    XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen 4.2.x
    and earlier allow local guest administrators with certain
    permissions to have an unspecified impact via a crafted
    kernel, related to 'pointer dereferences' involving
    unexpected calculations. (bnc#823011)
    
    XSA-55: CVE-2013-2194: Multiple integer overflows in the Elf
    parser (libelf) in Xen 4.2.x and earlier allow local guest
    administrators with certain permissions to have an
    unspecified impact via a crafted kernel. (bnc#823011)
    
    XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x does not
    properly restrict the contents of a XRSTOR, which allows
    local PV guest users to cause a denial of service (unhandled
    exception and hypervisor crash) via unspecified vectors.
    (bnc#820919)
    
    XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x, when
    running on AMD64 processors, only save/restore the FOP, FIP,
    and FDP x87 registers in FXSAVE/FXRSTOR when an exception is
    pending, which allows one domain to determine portions of
    the state of floating point instructions of other domains,
    which can be leveraged to obtain sensitive information such
    as cryptographic keys, a similar vulnerability to
    CVE-2006-1056. NOTE: this is the documented behavior of
    AMD64 processors, but it is inconsistent with Intel
    processors in a security-relevant fashion that was not
    addressed by the kernels. (bnc#820917)
    
    XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly
    releases a grant reference when releasing a non-v1,
    non-transitive grant, which allows local guest
    administrators to cause a denial of service (host crash),
    obtain sensitive information, or possible have other impacts
    via unspecified vectors. (bnc#816156)
    
    XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d for a
    bus mastering capable PCI device, does not properly check
    the source when accessing a bridge device's interrupt
    remapping table entries for MSI interrupts, which allows
    local guest domains to cause a denial of service (interrupt
    injection) via unspecified vectors. (bnc#816163)
    
    XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when
    the hypervisor is running 'under memory pressure' and the
    Xen Security Module (XSM) is enabled, uses the wrong
    ordering of operations when extending the per-domain event
    channel tracking table, which causes a use-after-free and
    allows local guest kernels to inject arbitrary events and
    gain privileges via unspecified vectors. (bnc#813677)
    
    XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not properly
    restrict access to IRQs, which allows local stub domain
    clients to gain access to IRQs and cause a denial of service
    via vectors related to 'passed-through IRQs or PCI devices.'
    (bnc#813675)
    
    XSA-45: CVE-2013-1918: Certain page table manipulation
    operations in Xen 4.1.x, 4.2.x, and earlier are not
    preemptible, which allows local PV kernels to cause a denial
    of service via vectors related to 'deep page table
    traversal.' (bnc#816159)
    
    XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when running
    64-bit hosts on Intel CPUs, does not clear the NT flag when
    using an IRET after a SYSENTER instruction, which allows PV
    guest users to cause a denial of service (hypervisor crash)
    by triggering a #GP fault, which is not properly handled by
    another IRET instruction. (bnc#813673)
    
    XSA-41: CVE-2012-6075: Buffer overflow in the e1000_receive
    function in the e1000 device driver (hw/e1000.c) in QEMU
    1.3.0-rc2 and other versions, when the SBP and LPE flags are
    disabled, allows remote attackers to cause a denial of
    service (guest OS crash) and possibly execute arbitrary
    guest code via a large packet. (bnc#797523)
    
    XSA-37: CVE-2013-0154: The get_page_type function in
    xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled,
    allows local PV or HVM guest administrators to cause a
    denial of service (assertion failure and hypervisor crash)
    via unspecified vectors related to a hypercall. (bnc#797031)
    
    XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen 4.2.x,
    4.1.x, 3.3, and other versions, when using AMD-Vi for PCI
    passthrough, uses the same interrupt remapping table for the
    host and all guests, which allows guests to cause a denial
    of service by injecting an interrupt into other guests.
    (bnc#800275)
    
    XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0, when using
    Intel VT-d for PCI passthrough, does not properly configure
    VT-d when supporting a device that is behind a legacy PCI
    Bridge, which allows local guests to cause a denial of
    service to other guests by injecting an interrupt.
    (bnc#794316)
    
    XSA-31: CVE-2012-5515: The (1) XENMEM_decrease_reservation,
    (2) XENMEM_populate_physmap, and (3) XENMEM_exchange
    hypercalls in Xen 4.2 and earlier allow local guest
    administrators to cause a denial of service (long loop and
    hang) via a crafted extent_order value. (bnc#789950)
    
    XSA-30: CVE-2012-5514: The
    guest_physmap_mark_populate_on_demand function in Xen 4.2
    and earlier does not properly unlock the subject GFNs when
    checking if they are in use, which allows local guest HVM
    administrators to cause a denial of service (hang) via
    unspecified vectors. (bnc#789948)
    
    XSA-29: CVE-2012-5513: The XENMEM_exchange handler in Xen
    4.2 and earlier does not properly check the memory address,
    which allows local PV guest OS administrators to cause a
    denial of service (crash) or possibly gain privileges via
    unspecified vectors that overwrite memory in the hypervisor
    reserved range. (bnc#789951)
    
    XSA-27: CVE-2012-6333: Multiple HVM control operations in
    Xen 3.4 through 4.2 allow local HVM guest OS administrators
    to cause a denial of service (physical CPU consumption) via
    a large input. (bnc#789944)
    
    XSA-27: CVE-2012-5511: Stack-based buffer overflow in the
    dirty video RAM tracking functionality in Xen 3.4 through
    4.1 allows local HVM guest OS administrators to cause a
    denial of service (crash) via a large bitmap image.
    (bnc#789944)
    
    XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the grant
    table version, does not properly remove the status page from
    the tracking list when freeing the page, which allows local
    guest OS administrators to cause a denial of service
    (hypervisor crash) via unspecified vectors. (bnc#789945)
    
    XSA-25: CVE-2012-4544: The PV domain builder in Xen 4.2 and
    earlier does not validate the size of the kernel or ramdisk
    (1) before or (2) after decompression, which allows local
    guest administrators to cause a denial of service (domain 0
    memory consumption) via a crafted (a) kernel or (b) ramdisk.
    (bnc#787163)
    
    XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when running
    32-bit x86 PV guests on 64-bit hypervisors, allows local
    guest OS administrators to cause a denial of service
    (infinite loop and hang or crash) via invalid arguments to
    GNTTABOP_get_status_frames, aka 'Grant table hypercall
    infinite loop DoS vulnerability.' (bnc#786520)
    
    XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying hypercall
    in Xen 4.0, 4.1, and 4.2 does not properly check the
    pagetable state when running on shadow pagetables, which
    allows a local HVM guest OS to cause a denial of service
    (hypervisor crash) via unspecified vectors. (bnc#786519)
    
    XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and possibly
    earlier versions, does not properly synchronize the p2m and
    m2p tables when the set_p2m_entry function fails, which
    allows local HVM guest OS administrators to cause a denial
    of service (memory consumption and assertion failure), aka
    'Memory mapping failure DoS vulnerability.' (bnc#786517)
    
    XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly
    earlier versions, allows local guest OS administrators to
    cause a denial of service (Xen infinite loop and physical
    CPU consumption) by setting a VCPU with an 'inappropriate
    deadline.' (bnc#786516)
    
    XSA-19: CVE-2012-4411: The graphical console in Xen 4.0, 4.1
    and 4.2 allows local OS guest administrators to obtain
    sensitive host resource information via the qemu monitor.
    NOTE: this might be a duplicate of CVE-2007-0998.
    (bnc#779212)
    
    XSA-15: CVE-2012-3497: (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2)
    TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS
    and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in
    Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a
    denial of service (NULL pointer dereference or memory
    corruption and host crash) or possibly have other
    unspecified impacts via a NULL client id. (bnc#777890)
    
    Also the following non-security bugs have been fixed :
    
      - xen hot plug attach/detach fails modified
        blktap-pv-cdrom.patch. (bnc#805094)
    
      - guest 'disappears' after live migration Updated
        block-dmmd script. (bnc#777628)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b3fed2ec"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-1056.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0998.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3497.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4411.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4535.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4537.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4538.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4539.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4544.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5510.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5511.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5513.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5514.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5515.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5634.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-6075.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-6333.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0153.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0154.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1432.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1442.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1917.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1918.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1919.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1920.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1952.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1964.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2072.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2076.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2077.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2194.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2195.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2196.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2211.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2212.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4329.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4355.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4361.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4368.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4494.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4553.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4554.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6885.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-1891.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-1892.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-1893.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-1894.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/777628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/777890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/779212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/786516"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/786517"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/786519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/786520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/787163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789951"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/794316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/797031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/797523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/800275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/805094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/813673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/813675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/813677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/816156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/816159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/816163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/819416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/823011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/823608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/826882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/831120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/839596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/839618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/840592"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/841766"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/842511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849668"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/860163"
      );
      # https://www.suse.com/support/update/announcement/2014/suse-su-20140446-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e4176238"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11 SP1 LTSS :
    
    zypper in -t patch slessp1-xen-201402-8963
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0068.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id84140
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84140
    titleOracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2015-0068.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84140);
      script_version("2.18");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-0029", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-0153", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1950", "CVE-2014-3566", "CVE-2014-5146", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2752", "CVE-2015-2756", "CVE-2015-3209", "CVE-2015-3456", "CVE-2015-4164");
      script_bugtraq_id(17600, 22967, 51642, 53650, 53961, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 56289, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 57223, 57742, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 64195, 65419, 65529, 69198, 70057, 70062, 70198, 70574, 72577, 72954, 72955, 73015, 73448, 74640, 75123, 75149);
    
      script_name(english:"OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2015-0068 for details."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000317.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xen / xen-devel / xen-tools packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.127.52")) flag++;
    if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.127.52")) flag++;
    if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.127.52")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-24.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have &ldquo;tmem&rdquo; specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036
    last seen2020-06-01
    modified2020-06-02
    plugin id70184
    published2013-09-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70184
    titleGLSA-201309-24 : Xen: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201309-24.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70184);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2011-2901", "CVE-2011-3262", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5525", "CVE-2012-5634", "CVE-2012-6030", "CVE-2012-6031", "CVE-2012-6032", "CVE-2012-6033", "CVE-2012-6034", "CVE-2012-6035", "CVE-2012-6036", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0151", "CVE-2013-0152", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211");
      script_bugtraq_id(49370, 53856, 53955, 53961, 54691, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 55442, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 56805, 57159, 57223, 57420, 57494, 57495, 57742, 57745, 58880, 59070, 59291, 59292, 59293, 59615, 59617, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799);
      script_xref(name:"GLSA", value:"201309-24");
    
      script_name(english:"GLSA-201309-24 : Xen: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201309-24
    (Xen: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Xen. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        Guest domains could possibly gain privileges, execute arbitrary code, or
          cause a Denial of Service on the host domain (Dom0). Additionally, guest
          domains could gain information about other virtual machines running on
          the same host or read arbitrary files on the host.
      
    Workaround :
    
        The CVEs listed below do not currently have fixes, but only apply to Xen
          setups which have &ldquo;tmem&rdquo; specified on the hypervisor command line.
          TMEM is not currently supported for use in production systems, and
          administrators using tmem should disable it.
          Relevant CVEs:
          * CVE-2012-2497
          * CVE-2012-6030
          * CVE-2012-6031
          * CVE-2012-6032
          * CVE-2012-6033
          * CVE-2012-6034
          * CVE-2012-6035
          * CVE-2012-6036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201309-24"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Xen users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.2-r1'
        All Xen-tools users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/xen-tools-4.2.2-r3'
        All Xen-pvgrub users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/xen-pvgrub-4.2.2-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'FreeBSD Intel SYSRET Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-pvgrub");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-emulation/xen-pvgrub", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
    if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
    if (qpkg_check(package:"app-emulation/xen-tools", unaffected:make_list("ge 4.2.2-r3"), vulnerable:make_list("lt 4.2.2-r3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XEN-201211-8359.NASL
    descriptionXEN received various security and bugfixes : - xen: Timer overflow DoS vulnerability (XSA-20). (CVE-2012-4535) - xen: Memory mapping failure DoS vulnerability (XSA-22) The following additional bugs have beenfixed:. (CVE-2012-4537) - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch. (bnc#784087) - Upstream patches from Jan 25927-x86-domctl-ioport-mapping-range.patch 25931-x86-domctl-iomem-mapping-checks.patch 26061-x86-oprof-counter-range.patch 25431-x86-EDD-MBR-sig-check.patch 25480-x86_64-sysret-canonical.patch 25481-x86_64-AMD-erratum-121.patch 25485-x86_64-canonical-checks.patch 25587-param-parse-limit.patch 25589-pygrub-size-limits.patch 25744-hypercall-return-long.patch 25765-x86_64-allow-unsafe-adjust.patch 25773-x86-honor-no-real-mode.patch 25786-x86-prefer-multiboot-meminfo-over-e801.patch 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 24742-gnttab-misc.patch 25098-x86-emul-lock-UD.patch 25200-x86_64-trap-bounce-flags.patch 25271-x86_64-IST-index.patch - win2k8 guests are unable to restore after saving the vms state ept-novell-x64.patch 23800-x86_64-guest-addr-range.patch 24168-x86-vioapic-clear-remote_irr.patch 24453-x86-vIRQ-IRR-TMR-race.patch 24456-x86-emul-lea.patch. (bnc#651093) - Unable to install RHEL 6.1 x86 as a paravirtualized guest OS on SLES 10 SP4 x86 vm-install-0.2.19.tar.bz2. (bnc#713555)
    last seen2020-06-05
    modified2012-11-19
    plugin id62963
    published2012-11-19
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62963
    titleSuSE 10 Security Update : Xen (ZYPP Patch Number 8359)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62963);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544");
    
      script_name(english:"SuSE 10 Security Update : Xen (ZYPP Patch Number 8359)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "XEN received various security and bugfixes :
    
      - xen: Timer overflow DoS vulnerability (XSA-20).
        (CVE-2012-4535)
    
      - xen: Memory mapping failure DoS vulnerability (XSA-22)
        The following additional bugs have beenfixed:.
        (CVE-2012-4537)
    
      - L3: Xen BUG at io_apic.c:129
        26102-x86-IOAPIC-legacy-not-first.patch. (bnc#784087)
    
      - Upstream patches from Jan
        25927-x86-domctl-ioport-mapping-range.patch
        25931-x86-domctl-iomem-mapping-checks.patch
        26061-x86-oprof-counter-range.patch
        25431-x86-EDD-MBR-sig-check.patch
        25480-x86_64-sysret-canonical.patch
        25481-x86_64-AMD-erratum-121.patch
        25485-x86_64-canonical-checks.patch
        25587-param-parse-limit.patch
        25589-pygrub-size-limits.patch
        25744-hypercall-return-long.patch
        25765-x86_64-allow-unsafe-adjust.patch
        25773-x86-honor-no-real-mode.patch
        25786-x86-prefer-multiboot-meminfo-over-e801.patch
        25808-domain_create-return-value.patch
        25814-x86_64-set-debugreg-guest.patch
        24742-gnttab-misc.patch 25098-x86-emul-lock-UD.patch
        25200-x86_64-trap-bounce-flags.patch
        25271-x86_64-IST-index.patch
    
      - win2k8 guests are unable to restore after saving the vms
        state ept-novell-x64.patch
        23800-x86_64-guest-addr-range.patch
        24168-x86-vioapic-clear-remote_irr.patch
        24453-x86-vIRQ-IRR-TMR-race.patch
        24456-x86-emul-lea.patch. (bnc#651093)
    
      - Unable to install RHEL 6.1 x86 as a paravirtualized
        guest OS on SLES 10 SP4 x86 vm-install-0.2.19.tar.bz2.
        (bnc#713555)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3497.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4411.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4535.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4536.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4537.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4538.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4539.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4544.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8359.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-devel-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-doc-html-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-doc-pdf-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-doc-ps-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-kmp-bigsmp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-libs-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-tools-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-tools-domU-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-tools-ioemu-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-devel-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-doc-html-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-doc-pdf-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-doc-ps-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-libs-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-libs-32bit-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-tools-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-tools-domU-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-tools-ioemu-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-devel-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-doc-html-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-doc-pdf-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-doc-ps-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-bigsmp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-kdumppae-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-vmi-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-vmipae-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-libs-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-tools-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-tools-domU-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-tools-ioemu-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-devel-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-doc-html-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-doc-pdf-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-doc-ps-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-libs-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-libs-32bit-3.2.3_17040_42-0.7.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-tools-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-tools-domU-3.2.3_17040_42-0.7.2")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-tools-ioemu-3.2.3_17040_42-0.7.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_XEN-201211-121102.NASL
    descriptionXEN was updated to fix various bugs and security issues : The following security issues have been fixed : - xen: Domain builder Out-of-memory due to malicious kernel/ramdisk (XSA 25). (CVE-2012-4544) - XEN / qemu: guest administrator can access qemu monitor console (XSA-19). (CVE-2012-4411) - xen: Timer overflow DoS vulnerability (XSA 20). (CVE-2012-4535) - xen: pirq range check DoS vulnerability (XSA 21). (CVE-2012-4536) - xen: Memory mapping failure DoS vulnerability (XSA 22). (CVE-2012-4537) - xen: Unhooking empty PAE entries DoS vulnerability (XSA 23). (CVE-2012-4538) - xen: Grant table hypercall infinite loop DoS vulnerability (XSA 24). (CVE-2012-4539) - xen: multiple TMEM hypercall vulnerabilities (XSA-15) Also the following bugs have been fixed and upstream patches have been applied:. (CVE-2012-3497) - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch. (bnc#784087) - Upstream patches merged: 26054-x86-AMD-perf-ctr-init.patch 26055-x86-oprof-hvm-mode.patch 26056-page-alloc-flush-filter.patch 26061-x86-oprof-counter-range.patch 26062-ACPI-ERST-move-data.patch 26063-x86-HPET-affinity-lock.patch 26093-HVM-PoD-grant-mem-type.patch 25931-x86-domctl-iomem-mapping-checks.patch 25952-x86-MMIO-remap-permissions.patch 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 25815-x86-PoD-no-bug-in-non-translated.patch 25816-x86-hvm-map-pirq-range-check.patch 25833-32on64-bogus-pt_base-adjust.patch 25834-x86-S3-MSI-resume.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25883-pt-MSI-cleanup.patch 25927-x86-domctl-ioport-mapping-range.patch 25929-tmem-restore-pool-version.patch - first XEN-PV VM fails to spawn xend: Increase wait time for disk to appear in host bootloader Modified existing xen-domUloader.diff. (bnc#778105) 25752-ACPI-pm-op-valid-cpu.patch 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch 25756-x86-MMIO-max-mapped-pfn.patch
    last seen2020-06-05
    modified2013-01-25
    plugin id64238
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64238
    titleSuSE 11.2 Security Update : Xen (SAT Patch Number 7018)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-812.NASL
    descriptionThis security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc#787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk (XSA 25) CVE-2012-4544-xsa25.patch - bnc#779212 - CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) CVE-2012-4411-xsa19.patch - bnc#786516 - CVE-2012-4535: xen: Timer overflow DoS vulnerability CVE-2012-4535-xsa20.patch - bnc#786518 - CVE-2012-4536: xen: pirq range check DoS vulnerability CVE-2012-4536-xsa21.patch - bnc#786517 - CVE-2012-4537: xen: Memory mapping failure DoS vulnerability CVE-2012-4537-xsa22.patch - bnc#786519 - CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability CVE-2012-4538-xsa23.patch - bnc#786520 - CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability CVE-2012-4539-xsa24.patch - bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch - Upstream patches from Jan 26054-x86-AMD-perf-ctr-init.patch 26055-x86-oprof-hvm-mode.patch 26056-page-alloc-flush-filter.patch 26061-x86-oprof-counter-range.patch 26062-ACPI-ERST-move-data.patch 26063-x86-HPET-affinity-lock.patch 26093-HVM-PoD-grant-mem-type.patch - Upstream patches from Jan 25931-x86-domctl-iomem-mapping-checks.patch 25952-x86-MMIO-remap-permissions.patch ------------------------------------------------------------------- Mon Sep 24 16:41:58 CEST 2012 - [email protected] - use BuildRequires: gcc46 only in sles11sp2 or 12.1 to fix build in 11.4 ------------------------------------------------------------------- Thu Sep 20 10:03:40 MDT 2012 - [email protected] - Upstream patches from Jan 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 25815-x86-PoD-no-bug-in-non-translated.patch 25816-x86-hvm-map-pirq-range-check.patch 25833-32on64-bogus-pt_base-adjust.patch 25834-x86-S3-MSI-resume.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25883-pt-MSI-cleanup.patch 25927-x86-domctl-ioport-mapping-range.patch 25929-tmem-restore-pool-version.patch - bnc#778105 - first XEN-PV VM fails to spawn xend: Increase wait time for disk to appear in host bootloader Modified existing xen-domUloader.diff - Upstream patches from Jan 25752-ACPI-pm-op-valid-cpu.patch 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch 25756-x86-MMIO-max-mapped-pfn.patch 25757-x86-EPT-PoD-1Gb-assert.patch 25764-x86-unknown-cpu-no-sysenter.patch 25765-x86_64-allow-unsafe-adjust.patch 25771-grant-copy-status-paged-out.patch 25773-x86-honor-no-real-mode.patch 25786-x86-prefer-multiboot-meminfo-over-e801.patch - bnc#777890 - CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15) CVE-2012-3497-tmem-xsa-15-1.patch CVE-2012-3497-tmem-xsa-15-2.patch CVE-2012-3497-tmem-xsa-15-3.patch CVE-2012-3497-tmem-xsa-15-4.patch CVE-2012-3497-tmem-xsa-15-5.patch CVE-2012-3497-tmem-xsa-15-6.patch CVE-2012-3497-tmem-xsa-15-7.patch CVE-2012-3497-tmem-xsa-15-8.patch CVE-2012-3497-tmem-xsa-15-9.patch tmem-missing-break.patch
    last seen2020-06-05
    modified2014-06-13
    plugin id74821
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74821
    titleopenSUSE Security Update : XEN (openSUSE-SU-2012:1573-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBVIRT-201211-121102.NASL
    descriptionlibvirt received security and bugfixes : - Fixed a libvirt remote denial of service (crash) problem. The following bugs have been fixed :. (CVE-2012-4423) - qemu: Fix probing for guest capabilities - xen-xm: Generate UUID if not specified - xenParseXM: don
    last seen2020-06-05
    modified2013-01-25
    plugin id64201
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64201
    titleSuSE 11.2 Security Update : libvirt (SAT Patch Number 7015)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201604-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201604-03 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id90380
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90380
    titleGLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2012-1487-1.NASL
    descriptionXEN received various security and bugfixes : - CVE-2012-4535: xen: Timer overflow DoS vulnerability (XSA-20) - CVE-2012-4537: xen: Memory mapping failure DoS vulnerability (XSA-22) The following additional bugs have been fixed : - bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch - Upstream patches from Jan 25927-x86-domctl-ioport-mapping-range.patch 25931-x86-domctl-iomem-mapping-checks.patch 26061-x86-oprof-counter-range.patch 25431-x86-EDD-MBR-sig-check.patch 25480-x86_64-sysret-canonical.patch 25481-x86_64-AMD-erratum-121.patch 25485-x86_64-canonical-checks.patch 25587-param-parse-limit.patch 25589-pygrub-size-limits.patch 25744-hypercall-return-long.patch 25765-x86_64-allow-unsafe-adjust.patch 25773-x86-honor-no-real-mode.patch 25786-x86-prefer-multiboot-meminfo-over-e801.patch 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 24742-gnttab-misc.patch 25098-x86-emul-lock-UD.patch 25200-x86_64-trap-bounce-flags.patch 25271-x86_64-IST-index.patch bnc#651093 - win2k8 guests are unable to restore after saving the vms state ept-novell-x64.patch 23800-x86_64-guest-addr-range.patch 24168-x86-vioapic-clear-remote_irr.patch 24453-x86-vIRQ-IRR-TMR-race.patch 24456-x86-emul-lea.patch bnc#713555 - Unable to install RHEL 6.1 x86 as a paravirtualized guest OS on SLES 10 SP4 x86 vm-install-0.2.19.tar.bz2 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83564
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83564
    titleSUSE SLED10 / SLES10 Security Update : Xen (SUSE-SU-2012:1487-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-811.NASL
    descriptionThis security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc#787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk (XSA 25) CVE-2012-4544-xsa25.patch - bnc#779212 - CVE-2012-4411: XEN / qemu: guest administrator can access qemu monitor console (XSA-19) CVE-2012-4411-xsa19.patch - bnc#786516 - CVE-2012-4535: xen: Timer overflow DoS vulnerability CVE-2012-4535-xsa20.patch - bnc#786518 - CVE-2012-4536: xen: pirq range check DoS vulnerability CVE-2012-4536-xsa21.patch - bnc#786517 - CVE-2012-4537: xen: Memory mapping failure DoS vulnerability CVE-2012-4537-xsa22.patch - bnc#786519 - CVE-2012-4538: xen: Unhooking empty PAE entries DoS vulnerability CVE-2012-4538-xsa23.patch - bnc#786520 - CVE-2012-4539: xen: Grant table hypercall infinite loop DoS vulnerability CVE-2012-4539-xsa24.patch - bnc#784087 - L3: Xen BUG at io_apic.c:129 26102-x86-IOAPIC-legacy-not-first.patch - Upstream patches from Jan 26054-x86-AMD-perf-ctr-init.patch 26055-x86-oprof-hvm-mode.patch 26056-page-alloc-flush-filter.patch 26061-x86-oprof-counter-range.patch 26062-ACPI-ERST-move-data.patch 26063-x86-HPET-affinity-lock.patch 26093-HVM-PoD-grant-mem-type.patch - Upstream patches from Jan 25931-x86-domctl-iomem-mapping-checks.patch 25952-x86-MMIO-remap-permissions.patch - Upstream patches from Jan 25808-domain_create-return-value.patch 25814-x86_64-set-debugreg-guest.patch 25815-x86-PoD-no-bug-in-non-translated.patch 25816-x86-hvm-map-pirq-range-check.patch 25833-32on64-bogus-pt_base-adjust.patch 25834-x86-S3-MSI-resume.patch 25835-adjust-rcu-lock-domain.patch 25836-VT-d-S3-MSI-resume.patch 25850-tmem-xsa-15-1.patch 25851-tmem-xsa-15-2.patch 25852-tmem-xsa-15-3.patch 25853-tmem-xsa-15-4.patch 25854-tmem-xsa-15-5.patch 25855-tmem-xsa-15-6.patch 25856-tmem-xsa-15-7.patch 25857-tmem-xsa-15-8.patch 25858-tmem-xsa-15-9.patch 25859-tmem-missing-break.patch 25860-tmem-cleanup.patch 25883-pt-MSI-cleanup.patch 25927-x86-domctl-ioport-mapping-range.patch 25929-tmem-restore-pool-version.patch - bnc#778105 - first XEN-PV VM fails to spawn xend: Increase wait time for disk to appear in host bootloader Modified existing xen-domUloader.diff - Upstream patches from Jan 25752-ACPI-pm-op-valid-cpu.patch 25754-x86-PoD-early-access.patch 25755-x86-PoD-types.patch 25756-x86-MMIO-max-mapped-pfn.patch 25757-x86-EPT-PoD-1Gb-assert.patch 25764-x86-unknown-cpu-no-sysenter.patch 25765-x86_64-allow-unsafe-adjust.patch 25771-grant-copy-status-paged-out.patch 25773-x86-honor-no-real-mode.patch 25786-x86-prefer-multiboot-meminfo-over-e801.patch - bnc#777890 - CVE-2012-3497: xen: multiple TMEM hypercall vulnerabilities (XSA-15) CVE-2012-3497-tmem-xsa-15-1.patch CVE-2012-3497-tmem-xsa-15-2.patch CVE-2012-3497-tmem-xsa-15-3.patch CVE-2012-3497-tmem-xsa-15-4.patch CVE-2012-3497-tmem-xsa-15-5.patch CVE-2012-3497-tmem-xsa-15-6.patch CVE-2012-3497-tmem-xsa-15-7.patch CVE-2012-3497-tmem-xsa-15-8.patch CVE-2012-3497-tmem-xsa-15-9.patch tmem-missing-break.patch
    last seen2020-06-05
    modified2014-06-13
    plugin id74820
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74820
    titleopenSUSE Security Update : XEN (openSUSE-SU-2012:1572-1)