Vulnerabilities > CVE-2012-4539 - Resource Management Errors vulnerability in XEN

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2012-18242.
#

include("compat.inc");

if (description)
{
  script_id(63009);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539");
  script_xref(name:"FEDORA", value:"2012-18242");

  script_name(english:"Fedora 17 : xen-4.1.3-6.fc17 (2012-18242)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A guest can block a cpu by setting a bad VCPU deadline [XSA 20,
CVE-2012-4535] (#876198) HVM guest can use invalid pirq values to
crash xen [XSA 21, CVE-2012-4536] (#876200) HVM guest can exhaust p2m
table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can
crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on
64-bit hypervisor can cause an hypervisor infinite loop [XSA-24,
CVE-2012-4539] (#876207)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870086"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870096"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870101"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870106"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870110"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092634.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?838f0a81"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"xen-4.1.3-6.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:0446-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83616);
  script_version("2.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6885", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894");
  script_bugtraq_id(17600, 22967, 55410, 55442, 56289, 56498, 56794, 56796, 56797, 56798, 56803, 57159, 57223, 57420, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60282, 60701, 60702, 60703, 60721, 60799, 61424, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 65419);

  script_name(english:"SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor
and toolset have been updated to fix various security issues and some
bugs.

The following security issues have been addressed :

XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both
problems with the overflow issue being present for more than just the
suboperations listed above. (bnc#860163)

XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1,
while not affected by the above overflow, have a different
overflow issue on FLASK_{GET,SET}BOOL and expose
unreasonably large memory allocation to arbitrary guests.
(bnc#860163)

XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER
and FLASK_CONTEXT_TO_SID suboperations of the flask
hypercall are vulnerable to an integer overflow on the input
size. The hypercalls attempt to allocate a buffer which is 1
larger than this size and is therefore vulnerable to integer
overflow and an attempt to allocate then access a zero byte
buffer. (bnc#860163)

XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through
0Fh processors does not properly handle the interaction
between locked instructions and write-combined memory types,
which allows local users to cause a denial of service
(system hang) via a crafted application, aka the errata 793
issue. (bnc#853049)

XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly
4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1)
does not properly prevent access to hypercalls, which allows
local guest users to gain privileges via a crafted
application running in ring 1 or 2. (bnc#849668)

XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall
in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always
obtain the page_alloc_lock and mm_rwlock in the same order,
which allows local guest administrators to cause a denial of
service (host deadlock). (bnc#849667)

XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x
does not take the page_alloc_lock and grant_table.lock in
the same order, which allows local guest administrators with
access to multiple vcpus to cause a denial of service (host
deadlock) via unspecified vectors. (bnc#848657)

XSA-67: CVE-2013-4368: The outs instruction emulation in Xen
3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS:
segment override, uses an uninitialized variable as a
segment base, which allows local 64-bit PV guests to obtain
sensitive information (hypervisor stack content) via
unspecified vectors related to stale data in a segment
register. (bnc#842511)

XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen
3.3.x through 4.3.x does not use the correct variable for
the source effective address, which allows local HVM guests
to obtain hypervisor stack information by reading the values
used by the instruction. (bnc#841766)

XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not
properly handle certain errors, which allows local HVM
guests to obtain hypervisor stack memory via a (1) port or
(2) memory mapped I/O write or (3) other unspecified
operations related to addresses without associated memory.
(bnc#840592)

XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX
or LWP capable CPUs, does not properly clear previous data
from registers when using an XSAVE or XRSTOR to extend the
state components of a saved or restored vCPU after touching
other restored extended registers, which allows local guest
OSes to obtain sensitive information by reading the
registers. (bnc#839596)

XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen
4.0.x through 4.2.x, when IOMMU is disabled, provides access
to a busmastering-capable PCI passthrough device before the
IOMMU setup is complete, which allows local HVM guest
domains to gain privileges or cause a denial of service via
a DMA instruction. (bnc#839618)

XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen
3.3 through 4.3, when disabling chaches, allows local HVM
guests with access to memory mapped I/O regions to cause a
denial of service (CPU consumption and possibly hypervisor
or guest kernel panic) via a crafted GFN range. (bnc#831120)

XSA-58: CVE-2013-1918: Certain page table manipulation
operations in Xen 4.1.x, 4.2.x, and earlier are not
preemptible, which allows local PV kernels to cause a denial
of service via vectors related to 'deep page table
traversal.' (bnc#826882)

XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the XSA-45
patch is in place, does not properly maintain references on
pages stored for deferred cleanup, which allows local PV
guest kernels to cause a denial of service (premature page
free and hypervisor crash) or possible gain privileges via
unspecified vectors. (bnc#826882)

XSA-57: CVE-2013-2211: The libxenlight (libxl) toolstack
library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions
for xenstore keys for paravirtualised and emulated serial
console devices, which allows local guest administrators to
modify the xenstore value via unspecified vectors.
(bnc#823608)

XSA-56: CVE-2013-2072: Buffer overflow in the Python
bindings for the xc_vcpu_setaffinity call in Xen 4.0.x,
4.1.x, and 4.2.x allows local administrators with
permissions to configure VCPU affinity to cause a denial of
service (memory corruption and xend toolstack crash) and
possibly gain privileges via a crafted cpumap. (bnc#819416)

XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities
in the Elf parser (libelf) in Xen 4.2.x and earlier allow
local guest administrators with certain permissions to have
an unspecified impact via a crafted kernel, related to
'other problems' that are not CVE-2013-2194 or
CVE-2013-2195. (bnc#823011)

XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen 4.2.x
and earlier allow local guest administrators with certain
permissions to have an unspecified impact via a crafted
kernel, related to 'pointer dereferences' involving
unexpected calculations. (bnc#823011)

XSA-55: CVE-2013-2194: Multiple integer overflows in the Elf
parser (libelf) in Xen 4.2.x and earlier allow local guest
administrators with certain permissions to have an
unspecified impact via a crafted kernel. (bnc#823011)

XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x does not
properly restrict the contents of a XRSTOR, which allows
local PV guest users to cause a denial of service (unhandled
exception and hypervisor crash) via unspecified vectors.
(bnc#820919)

XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x, when
running on AMD64 processors, only save/restore the FOP, FIP,
and FDP x87 registers in FXSAVE/FXRSTOR when an exception is
pending, which allows one domain to determine portions of
the state of floating point instructions of other domains,
which can be leveraged to obtain sensitive information such
as cryptographic keys, a similar vulnerability to
CVE-2006-1056. NOTE: this is the documented behavior of
AMD64 processors, but it is inconsistent with Intel
processors in a security-relevant fashion that was not
addressed by the kernels. (bnc#820917)

XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly
releases a grant reference when releasing a non-v1,
non-transitive grant, which allows local guest
administrators to cause a denial of service (host crash),
obtain sensitive information, or possible have other impacts
via unspecified vectors. (bnc#816156)

XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d for a
bus mastering capable PCI device, does not properly check
the source when accessing a bridge device's interrupt
remapping table entries for MSI interrupts, which allows
local guest domains to cause a denial of service (interrupt
injection) via unspecified vectors. (bnc#816163)

XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when
the hypervisor is running 'under memory pressure' and the
Xen Security Module (XSM) is enabled, uses the wrong
ordering of operations when extending the per-domain event
channel tracking table, which causes a use-after-free and
allows local guest kernels to inject arbitrary events and
gain privileges via unspecified vectors. (bnc#813677)

XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not properly
restrict access to IRQs, which allows local stub domain
clients to gain access to IRQs and cause a denial of service
via vectors related to 'passed-through IRQs or PCI devices.'
(bnc#813675)

XSA-45: CVE-2013-1918: Certain page table manipulation
operations in Xen 4.1.x, 4.2.x, and earlier are not
preemptible, which allows local PV kernels to cause a denial
of service via vectors related to 'deep page table
traversal.' (bnc#816159)

XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when running
64-bit hosts on Intel CPUs, does not clear the NT flag when
using an IRET after a SYSENTER instruction, which allows PV
guest users to cause a denial of service (hypervisor crash)
by triggering a #GP fault, which is not properly handled by
another IRET instruction. (bnc#813673)

XSA-41: CVE-2012-6075: Buffer overflow in the e1000_receive
function in the e1000 device driver (hw/e1000.c) in QEMU
1.3.0-rc2 and other versions, when the SBP and LPE flags are
disabled, allows remote attackers to cause a denial of
service (guest OS crash) and possibly execute arbitrary
guest code via a large packet. (bnc#797523)

XSA-37: CVE-2013-0154: The get_page_type function in
xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled,
allows local PV or HVM guest administrators to cause a
denial of service (assertion failure and hypervisor crash)
via unspecified vectors related to a hypercall. (bnc#797031)

XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen 4.2.x,
4.1.x, 3.3, and other versions, when using AMD-Vi for PCI
passthrough, uses the same interrupt remapping table for the
host and all guests, which allows guests to cause a denial
of service by injecting an interrupt into other guests.
(bnc#800275)

XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0, when using
Intel VT-d for PCI passthrough, does not properly configure
VT-d when supporting a device that is behind a legacy PCI
Bridge, which allows local guests to cause a denial of
service to other guests by injecting an interrupt.
(bnc#794316)

XSA-31: CVE-2012-5515: The (1) XENMEM_decrease_reservation,
(2) XENMEM_populate_physmap, and (3) XENMEM_exchange
hypercalls in Xen 4.2 and earlier allow local guest
administrators to cause a denial of service (long loop and
hang) via a crafted extent_order value. (bnc#789950)

XSA-30: CVE-2012-5514: The
guest_physmap_mark_populate_on_demand function in Xen 4.2
and earlier does not properly unlock the subject GFNs when
checking if they are in use, which allows local guest HVM
administrators to cause a denial of service (hang) via
unspecified vectors. (bnc#789948)

XSA-29: CVE-2012-5513: The XENMEM_exchange handler in Xen
4.2 and earlier does not properly check the memory address,
which allows local PV guest OS administrators to cause a
denial of service (crash) or possibly gain privileges via
unspecified vectors that overwrite memory in the hypervisor
reserved range. (bnc#789951)

XSA-27: CVE-2012-6333: Multiple HVM control operations in
Xen 3.4 through 4.2 allow local HVM guest OS administrators
to cause a denial of service (physical CPU consumption) via
a large input. (bnc#789944)

XSA-27: CVE-2012-5511: Stack-based buffer overflow in the
dirty video RAM tracking functionality in Xen 3.4 through
4.1 allows local HVM guest OS administrators to cause a
denial of service (crash) via a large bitmap image.
(bnc#789944)

XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the grant
table version, does not properly remove the status page from
the tracking list when freeing the page, which allows local
guest OS administrators to cause a denial of service
(hypervisor crash) via unspecified vectors. (bnc#789945)

XSA-25: CVE-2012-4544: The PV domain builder in Xen 4.2 and
earlier does not validate the size of the kernel or ramdisk
(1) before or (2) after decompression, which allows local
guest administrators to cause a denial of service (domain 0
memory consumption) via a crafted (a) kernel or (b) ramdisk.
(bnc#787163)

XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when running
32-bit x86 PV guests on 64-bit hypervisors, allows local
guest OS administrators to cause a denial of service
(infinite loop and hang or crash) via invalid arguments to
GNTTABOP_get_status_frames, aka 'Grant table hypercall
infinite loop DoS vulnerability.' (bnc#786520)

XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying hypercall
in Xen 4.0, 4.1, and 4.2 does not properly check the
pagetable state when running on shadow pagetables, which
allows a local HVM guest OS to cause a denial of service
(hypervisor crash) via unspecified vectors. (bnc#786519)

XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and possibly
earlier versions, does not properly synchronize the p2m and
m2p tables when the set_p2m_entry function fails, which
allows local HVM guest OS administrators to cause a denial
of service (memory consumption and assertion failure), aka
'Memory mapping failure DoS vulnerability.' (bnc#786517)

XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly
earlier versions, allows local guest OS administrators to
cause a denial of service (Xen infinite loop and physical
CPU consumption) by setting a VCPU with an 'inappropriate
deadline.' (bnc#786516)

XSA-19: CVE-2012-4411: The graphical console in Xen 4.0, 4.1
and 4.2 allows local OS guest administrators to obtain
sensitive host resource information via the qemu monitor.
NOTE: this might be a duplicate of CVE-2007-0998.
(bnc#779212)

XSA-15: CVE-2012-3497: (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2)
TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS
and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in
Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a
denial of service (NULL pointer dereference or memory
corruption and host crash) or possibly have other
unspecified impacts via a NULL client id. (bnc#777890)

Also the following non-security bugs have been fixed :

  - xen hot plug attach/detach fails modified
    blktap-pv-cdrom.patch. (bnc#805094)

  - guest 'disappears' after live migration Updated
    block-dmmd script. (bnc#777628)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b3fed2ec"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-1056.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-0998.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3497.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4411.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4535.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4538.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4539.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4544.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5510.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5513.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5514.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5515.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5634.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6075.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6333.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0153.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0154.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1432.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1442.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1917.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1918.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1919.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1920.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1952.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1964.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2072.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2076.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2077.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2194.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2195.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2196.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2211.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2212.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4329.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4355.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4361.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4368.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4494.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4553.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4554.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6885.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1891.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1892.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1893.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1894.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/777628"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/777890"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/779212"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786516"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786517"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786519"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786520"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/787163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789944"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789948"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789951"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/794316"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/797031"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/797523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/800275"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813677"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816156"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/819416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820917"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820919"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823011"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823608"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/831120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/839596"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/839618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/840592"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/841766"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/842511"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848657"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849667"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853049"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/860163"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20140446-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e4176238"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP1 LTSS :

zypper in -t patch slessp1-xen-201402-8963

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201309-24.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(70184);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/12 17:35:38");

  script_cve_id("CVE-2011-2901", "CVE-2011-3262", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5525", "CVE-2012-5634", "CVE-2012-6030", "CVE-2012-6031", "CVE-2012-6032", "CVE-2012-6033", "CVE-2012-6034", "CVE-2012-6035", "CVE-2012-6036", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0151", "CVE-2013-0152", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211");
  script_bugtraq_id(49370, 53856, 53955, 53961, 54691, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 55442, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 56805, 57159, 57223, 57420, 57494, 57495, 57742, 57745, 58880, 59070, 59291, 59292, 59293, 59615, 59617, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799);
  script_xref(name:"GLSA", value:"201309-24");

  script_name(english:"GLSA-201309-24 : Xen: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201309-24
(Xen: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Xen. Please review the
      CVE identifiers referenced below for details.
  
Impact :

    Guest domains could possibly gain privileges, execute arbitrary code, or
      cause a Denial of Service on the host domain (Dom0). Additionally, guest
      domains could gain information about other virtual machines running on
      the same host or read arbitrary files on the host.
  
Workaround :

    The CVEs listed below do not currently have fixes, but only apply to Xen
      setups which have “tmem” specified on the hypervisor command line.
      TMEM is not currently supported for use in production systems, and
      administrators using tmem should disable it.
      Relevant CVEs:
      * CVE-2012-2497
      * CVE-2012-6030
      * CVE-2012-6031
      * CVE-2012-6032
      * CVE-2012-6033
      * CVE-2012-6034
      * CVE-2012-6035
      * CVE-2012-6036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201309-24"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Xen users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.2-r1'
    All Xen-tools users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=app-emulation/xen-tools-4.2.2-r3'
    All Xen-pvgrub users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=app-emulation/xen-pvgrub-4.2.2-r1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'FreeBSD Intel SYSRET Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-pvgrub");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-emulation/xen-pvgrub", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
if (qpkg_check(package:"app-emulation/xen-tools", unaffected:make_list("ge 4.2.2-r3"), vulnerable:make_list("lt 4.2.2-r3"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2012-18249.
#

include("compat.inc");

if (description)
{
  script_id(63010);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539");
  script_xref(name:"FEDORA", value:"2012-18249");

  script_name(english:"Fedora 16 : xen-4.1.3-4.fc16 (2012-18249)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A guest can block a cpu by setting a bad VCPU deadline [XSA 20,
CVE-2012-4535] (#876198) HVM guest can use invalid pirq values to
crash xen [XSA 21, CVE-2012-4536] (#876200) HVM guest can exhaust p2m
table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can
crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on
64-bit hypervisor can cause an hypervisor infinite loop [XSA-24,
CVE-2012-4539] (#876207)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870086"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870096"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870101"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870106"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=870110"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092624.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?33f5ee44"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC16", reference:"xen-4.1.3-4.fc16")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2012-0051.
#

include("compat.inc");

if (description)
{
  script_id(79489);
  script_version("1.4");
  script_cvs_date("Date: 2019/09/27 13:00:34");

  script_cve_id("CVE-2012-2625", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544");
  script_bugtraq_id(53650, 56289, 56498);

  script_name(english:"OracleVM 3.1 : xen (OVMSA-2012-0051)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - libxc: builder: limit maximum size of kernel/ramdisk.
    Allowing user supplied kernels of arbitrary sizes,
    especially during decompression, can swallow up dom0
    memory leading to either virtual address space
    exhaustion in the builder process or allocation
    failures/OOM killing of both toolstack and unrelated
    processes. We disable these checks when building in a
    stub domain for pvgrub since this uses the guest's own
    memory and is isolated. Decompression of gzip compressed
    kernels and ramdisks has been safe since
    14954:58205257517d (Xen 3.1.0 onwards). This is XSA-25 /
    CVE-2012-4544. Also make explicit checks for buffer
    overflows in various decompression routines. These were
    already ruled out due to other properties of the code
    but check them as a belt-and-braces measure.

    [ Includes 25589:60f09d1ab1fe for CVE-2012-2625]
    (CVE-2012-4544)

  - compat/gnttab: Prevent infinite loop in compat code c/s
    20281:95ea2052b41b, which introduces Grant Table version
    2 hypercalls introduces a vulnerability whereby the
    compat hypercall handler can fall into an infinite loop.
    If the watchdog is enabled, Xen will die after the
    timeout. This is a security problem, XSA-24 /
    CVE-2012-4539. (CVE-2012-4539)

  - xen/mm/shadow: check toplevel pagetables are present
    before unhooking them. If the guest has not fully
    populated its top-level PAE entries when it calls
    HVMOP_pagetable_dying, the shadow code could try to
    unhook entries from MFN 0. Add a check to avoid that
    case. This issue was introduced by c/s
    21239:b9d2db109cf5. This is a security problem, XSA-23 /
    CVE-2012-4538. (CVE-2012-4538)

  - x86/physmap: Prevent incorrect updates of m2p mappings
    In certain conditions, such as low memory, set_p2m_entry
    can fail. Currently, the p2m and m2p tables will get out
    of sync because we still update the m2p table after the
    p2m update has failed. If that happens, subsequent
    guest-invoked memory operations can cause BUGs and
    ASSERTs to kill Xen. This is fixed by only updating the
    m2p table iff the p2m was successfully updated. This is
    a security problem, XSA-22 / CVE-2012-4537.
    (CVE-2012-4537)

  - x86/physdev: Range check pirq parameter from guests
    Otherwise Xen will read beyond either end of the struct
    domain.arch.pirq_emuirq array, usually resulting in a
    fatal page fault. This vulnerability was introduced by
    c/s 23241:d21100f1d00e, which adds a call to
    domain_pirq_to_emuirq which uses the guest provided pirq
    value before range checking it, and was fixed by c/s
    23573:584c2e5e03d9 which changed the behaviour of the
    domain_pirq_to_emuirq macro to use radix trees instead
    of a flat array. This is XSA-21 / CVE-2012-4536.
    (CVE-2012-4536)

  - VCPU/timers: Prevent overflow in calculations, leading
    to DoS vulnerability The timer action for a vcpu
    periodic timer is to calculate the next expiry time, and
    to reinsert itself into the timer queue. If the deadline
    ends up in the past, Xen never leaves __do_softirq. The
    affected PCPU will stay in an infinite loop until Xen is
    killed by the watchdog (if enabled). This is a security
    problem, XSA-20 / CVE-2012-4535. (CVE-2012-4535)

  - Correct RTC time offset update error for HVM guest
    changeset 24947:b198ada9689d

  - always release vm running lock on VM shutdown Before
    this patch, when xend restarted, the VM running lock
    will not be released on shutdown, so the VM could never
    start again. Talked with Junjie, we recommend always
    releasing the lock on VM shutdown. So even when xend
    restarted, there should be no stale lock leaving there."
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2012-November/000109.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6907b516"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xen / xen-devel / xen-tools packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.1" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.1", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.1", reference:"xen-4.1.2-18.el5.24")) flag++;
if (rpm_check(release:"OVS3.1", reference:"xen-devel-4.1.2-18.el5.24")) flag++;
if (rpm_check(release:"OVS3.1", reference:"xen-tools-4.1.2-18.el5.24")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(62963);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544");

  script_name(english:"SuSE 10 Security Update : Xen (ZYPP Patch Number 8359)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"XEN received various security and bugfixes :

  - xen: Timer overflow DoS vulnerability (XSA-20).
    (CVE-2012-4535)

  - xen: Memory mapping failure DoS vulnerability (XSA-22)
    The following additional bugs have beenfixed:.
    (CVE-2012-4537)

  - L3: Xen BUG at io_apic.c:129
    26102-x86-IOAPIC-legacy-not-first.patch. (bnc#784087)

  - Upstream patches from Jan
    25927-x86-domctl-ioport-mapping-range.patch
    25931-x86-domctl-iomem-mapping-checks.patch
    26061-x86-oprof-counter-range.patch
    25431-x86-EDD-MBR-sig-check.patch
    25480-x86_64-sysret-canonical.patch
    25481-x86_64-AMD-erratum-121.patch
    25485-x86_64-canonical-checks.patch
    25587-param-parse-limit.patch
    25589-pygrub-size-limits.patch
    25744-hypercall-return-long.patch
    25765-x86_64-allow-unsafe-adjust.patch
    25773-x86-honor-no-real-mode.patch
    25786-x86-prefer-multiboot-meminfo-over-e801.patch
    25808-domain_create-return-value.patch
    25814-x86_64-set-debugreg-guest.patch
    24742-gnttab-misc.patch 25098-x86-emul-lock-UD.patch
    25200-x86_64-trap-bounce-flags.patch
    25271-x86_64-IST-index.patch

  - win2k8 guests are unable to restore after saving the vms
    state ept-novell-x64.patch
    23800-x86_64-guest-addr-range.patch
    24168-x86-vioapic-clear-remote_irr.patch
    24453-x86-vIRQ-IRR-TMR-race.patch
    24456-x86-emul-lea.patch. (bnc#651093)

  - Unable to install RHEL 6.1 x86 as a paravirtualized
    guest OS on SLES 10 SP4 x86 vm-install-0.2.19.tar.bz2.
    (bnc#713555)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3497.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4411.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4535.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4536.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4538.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4539.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4544.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8359.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-devel-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-doc-html-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-doc-pdf-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-doc-ps-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-kmp-bigsmp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-libs-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-tools-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-tools-domU-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"xen-tools-ioemu-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-devel-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-doc-html-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-doc-pdf-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-doc-ps-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-libs-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-libs-32bit-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-tools-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-tools-domU-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"xen-tools-ioemu-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-devel-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-doc-html-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-doc-pdf-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-doc-ps-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-bigsmp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-kdumppae-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-vmi-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-kmp-vmipae-3.2.3_17040_42_2.6.16.60_0.99.8-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-libs-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-tools-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-tools-domU-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"xen-tools-ioemu-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-devel-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-doc-html-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-doc-pdf-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-doc-ps-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-kmp-debug-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-kmp-default-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-kmp-kdump-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-kmp-smp-3.2.3_17040_42_2.6.16.60_0.99.11-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-libs-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-libs-32bit-3.2.3_17040_42-0.7.1")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-tools-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-tools-domU-3.2.3_17040_42-0.7.2")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"xen-tools-ioemu-3.2.3_17040_42-0.7.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else exit(0, "The host is not affected.");