Vulnerabilities > CVE-2013-0153 - Local Denial of Service vulnerability in Xen AMD IOMMU
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 8 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-2002.NASL description guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888), guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153](#910914) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-18 plugin id 64650 published 2013-02-18 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64650 title Fedora 17 : xen-4.1.4-4.fc17 (2013-2002) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-2002. # include("compat.inc"); if (description) { script_id(64650); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-0153", "CVE-2013-0215"); script_bugtraq_id(57742, 57745); script_xref(name:"FEDORA", value:"2013-2002"); script_name(english:"Fedora 17 : xen-4.1.4-4.fc17 (2013-2002)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888), guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153](#910914) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=906323" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=910903" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098831.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5c8727df" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"xen-4.1.4-4.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20130521_KERNEL_ON_SL5_X.NASL description This update fixes the following security issue : - A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed- through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) This update also fixes the following bugs : - When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a last seen 2020-03-18 modified 2013-05-23 plugin id 66551 published 2013-05-23 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66551 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130521) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(66551); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-0153"); script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130521)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following security issue : - A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed- through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) This update also fixes the following bugs : - When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a '-ENOTDIR' error. Consequently, the process failed to open the requested file. This update backports a patch that adds a test condition verifying validity of the GETATTR information. If the GETATTR information is invalid, it is obtained later and the process opens the requested file as expected. - Previously, the xdr routines in NFS version 2 and 3 conditionally updated the res->count variable. Read retry attempts after a short NFS read() call could fail to update the res->count variable, resulting in truncated read data being returned. With this update, the res->count variable is updated unconditionally so this bug can no longer occur. - When handling requests from Intelligent Platform Management Interface (IPMI) clients, the IPMI driver previously used two different locks for an IPMI request. If two IPMI clients sent their requests at the same time, each request could receive one of the locks and then wait for the second lock to become available. This resulted in a deadlock situation and the system became unresponsive. The problem could occur more likely in environments with many IPMI clients. This update modifies the IPMI driver to handle the received messages using tasklets so the driver now uses a safe locking technique when handling IPMI requests and the mentioned deadlock can no longer occur. - Incorrect locking around the cl_state_owners list could cause the NFSv4 state reclaimer thread to enter an infinite loop while holding the Big Kernel Lock (BLK). As a consequence, the NFSv4 client became unresponsive. With this update, safe list iteration is used, which prevents the NFSv4 client from hanging in this scenario. The system must be rebooted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1305&L=scientific-linux-errata&T=0&P=1682 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4b19e46c" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/14"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"kernel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-348.6.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0847.NASL description Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) Red Hat would like to thank the Xen project for reporting the CVE-2013-0153 issue. This update also fixes the following bugs : * When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a last seen 2020-06-01 modified 2020-06-02 plugin id 66536 published 2013-05-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66536 title RHEL 5 : kernel (RHSA-2013:0847) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0847. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(66536); script_version("1.11"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-0153"); script_bugtraq_id(57745); script_xref(name:"RHSA", value:"2013:0847"); script_name(english:"RHEL 5 : kernel (RHSA-2013:0847)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) Red Hat would like to thank the Xen project for reporting the CVE-2013-0153 issue. This update also fixes the following bugs : * When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a '-ENOTDIR' error. Consequently, the process failed to open the requested file. This update backports a patch that adds a test condition verifying validity of the GETATTR information. If the GETATTR information is invalid, it is obtained later and the process opens the requested file as expected. (BZ#947736) * Previously, the xdr routines in NFS version 2 and 3 conditionally updated the res->count variable. Read retry attempts after a short NFS read() call could fail to update the res->count variable, resulting in truncated read data being returned. With this update, the res->count variable is updated unconditionally so this bug can no longer occur. (BZ#952098) * When handling requests from Intelligent Platform Management Interface (IPMI) clients, the IPMI driver previously used two different locks for an IPMI request. If two IPMI clients sent their requests at the same time, each request could receive one of the locks and then wait for the second lock to become available. This resulted in a deadlock situation and the system became unresponsive. The problem could occur more likely in environments with many IPMI clients. This update modifies the IPMI driver to handle the received messages using tasklets so the driver now uses a safe locking technique when handling IPMI requests and the mentioned deadlock can no longer occur. (BZ#953435) * Incorrect locking around the cl_state_owners list could cause the NFSv4 state reclaimer thread to enter an infinite loop while holding the Big Kernel Lock (BLK). As a consequence, the NFSv4 client became unresponsive. With this update, safe list iteration is used, which prevents the NFSv4 client from hanging in this scenario. (BZ#954296) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0847" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-0153" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0847"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-common-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-common-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-common-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-debuginfo-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-348.6.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0446-1.NASL description The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to last seen 2020-06-05 modified 2015-05-20 plugin id 83616 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83616 title SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:0446-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83616); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6885", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894"); script_bugtraq_id(17600, 22967, 55410, 55442, 56289, 56498, 56794, 56796, 56797, 56798, 56803, 57159, 57223, 57420, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60282, 60701, 60702, 60703, 60721, 60799, 61424, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 65419); script_name(english:"SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to 'deep page table traversal.' (bnc#826882) XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possible gain privileges via unspecified vectors. (bnc#826882) XSA-57: CVE-2013-2211: The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors. (bnc#823608) XSA-56: CVE-2013-2072: Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. (bnc#819416) XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to 'other problems' that are not CVE-2013-2194 or CVE-2013-2195. (bnc#823011) XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to 'pointer dereferences' involving unexpected calculations. (bnc#823011) XSA-55: CVE-2013-2194: Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. (bnc#823011) XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. (bnc#820919) XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. (bnc#820917) XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. (bnc#816156) XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. (bnc#816163) XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running 'under memory pressure' and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. (bnc#813677) XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to 'passed-through IRQs or PCI devices.' (bnc#813675) XSA-45: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to 'deep page table traversal.' (bnc#816159) XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. (bnc#813673) XSA-41: CVE-2012-6075: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. (bnc#797523) XSA-37: CVE-2013-0154: The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall. (bnc#797031) XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. (bnc#800275) XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. (bnc#794316) XSA-31: CVE-2012-5515: The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. (bnc#789950) XSA-30: CVE-2012-5514: The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. (bnc#789948) XSA-29: CVE-2012-5513: The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. (bnc#789951) XSA-27: CVE-2012-6333: Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. (bnc#789944) XSA-27: CVE-2012-5511: Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. (bnc#789944) XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. (bnc#789945) XSA-25: CVE-2012-4544: The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. (bnc#787163) XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka 'Grant table hypercall infinite loop DoS vulnerability.' (bnc#786520) XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. (bnc#786519) XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka 'Memory mapping failure DoS vulnerability.' (bnc#786517) XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an 'inappropriate deadline.' (bnc#786516) XSA-19: CVE-2012-4411: The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. (bnc#779212) XSA-15: CVE-2012-3497: (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. (bnc#777890) Also the following non-security bugs have been fixed : - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch. (bnc#805094) - guest 'disappears' after live migration Updated block-dmmd script. (bnc#777628) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b3fed2ec" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-1056.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-0998.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3497.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4411.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4535.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4537.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4538.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4539.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4544.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5510.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5511.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5513.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5514.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5634.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6075.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6333.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0153.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0154.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1432.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1442.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1917.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1918.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1919.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1920.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1952.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1964.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2072.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2076.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2077.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2194.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2195.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2196.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2211.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2212.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4329.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4355.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4361.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4368.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4494.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4553.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4554.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6885.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1891.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1892.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1893.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1894.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/777628" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/777890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/779212" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786517" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786519" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/787163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789944" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789945" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789948" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789951" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/794316" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/797031" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/797523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/800275" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/805094" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813673" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813677" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816159" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/819416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820917" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/823011" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/823608" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/826882" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/831120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839596" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/840592" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/841766" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/842511" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848657" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849667" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849668" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853049" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/860163" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20140446-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e4176238" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11 SP1 LTSS : zypper in -t patch slessp1-xen-201402-8963 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-310.NASL description XEN was updated to fix various bugs and security issues : Security issues fixed : - bnc#800275 - CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs - bnc#797523 - CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions - bnc#797031 - Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) - bnc#794316 - CVE-2012-5634: xen: VT-d interrupt remapping source validation flaw (XSA-33) Bugs fixed : - Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_exte nded_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another- cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-value s.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.p atch 26683-credit1-Use-atomic-bit-operations-for-the-flags-st ructure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch - bnc#805094 - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch - bnc#802690 - domain locking can prevent a live migration from completing modified xend-domain-lock.patch - bnc#797014 - no way to control live migrations 26547-tools-xc_fix_logic_error_in_stdiostream_progress.p atch 26548-tools-xc_handle_tty_output_differently_in_stdiostr eam_progress.patch 26549-tools-xc_turn_XCFLAGS__into_shifts.patch 26550-tools-xc_restore_logging_in_xc_save.patch 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patc h 26675-tools-xentoollog_update_tty_detection_in_stdiostre am_progress.patch xen.migrate.tools-xc_print_messages_from_xc_save_with_xc _report.patch xen.migrate.tools-xc_document_printf_calls_in_xc_restore .patch xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirt y.patch xen.migrate.tools_set_migration_constraints_from_cmdline .patch xen.migrate.tools_add_xm_migrate_--log_progress_option.p atch - remove old patches: xen.xc.progress.patch xen.xc_save.details.patch xen.migration.abort_if_busy.patch - bnc#806736: enabling xentrace crashes hypervisor 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.pat ch - Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) - bnc#798188 - Add $network to xend initscript dependencies - bnc#797014 - no way to control live migrations - fix logic error in stdiostream_progress xen.xc.progress.patch - restore logging in xc_save xen.xc_save.details.patch - add options to control migration tunables --max_iters, --max_factor, --abort_if_busy xen.migration.abort_if_busy.patch - bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4 - bnc#800156 - L3: HP iLo Generate NMI function not working in XEN kernel 26440-x86-forward-SERR.patch - Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch - bnc#793927 - Xen VMs with more than 2 disks randomly fail to start 25590-hotplug-locking.patch 25595-hotplug-locking.patch 26079-hotplug-locking.patch - Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch - Update to Xen 4.1.4 c/s 23432 - Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures - Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch - Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. EFI-makefile-cflags-filter.patch last seen 2020-06-05 modified 2014-06-13 plugin id 74966 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74966 title openSUSE Security Update : xen (openSUSE-SU-2013:0636-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-310. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74966); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2013-0153", "CVE-2013-0154"); script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2013:0636-1)"); script_summary(english:"Check for the openSUSE-2013-310 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "XEN was updated to fix various bugs and security issues : Security issues fixed : - bnc#800275 - CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs - bnc#797523 - CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions - bnc#797031 - Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) - bnc#794316 - CVE-2012-5634: xen: VT-d interrupt remapping source validation flaw (XSA-33) Bugs fixed : - Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_exte nded_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another- cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-value s.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.p atch 26683-credit1-Use-atomic-bit-operations-for-the-flags-st ructure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch - bnc#805094 - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch - bnc#802690 - domain locking can prevent a live migration from completing modified xend-domain-lock.patch - bnc#797014 - no way to control live migrations 26547-tools-xc_fix_logic_error_in_stdiostream_progress.p atch 26548-tools-xc_handle_tty_output_differently_in_stdiostr eam_progress.patch 26549-tools-xc_turn_XCFLAGS__into_shifts.patch 26550-tools-xc_restore_logging_in_xc_save.patch 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patc h 26675-tools-xentoollog_update_tty_detection_in_stdiostre am_progress.patch xen.migrate.tools-xc_print_messages_from_xc_save_with_xc _report.patch xen.migrate.tools-xc_document_printf_calls_in_xc_restore .patch xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirt y.patch xen.migrate.tools_set_migration_constraints_from_cmdline .patch xen.migrate.tools_add_xm_migrate_--log_progress_option.p atch - remove old patches: xen.xc.progress.patch xen.xc_save.details.patch xen.migration.abort_if_busy.patch - bnc#806736: enabling xentrace crashes hypervisor 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.pat ch - Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) - bnc#798188 - Add $network to xend initscript dependencies - bnc#797014 - no way to control live migrations - fix logic error in stdiostream_progress xen.xc.progress.patch - restore logging in xc_save xen.xc_save.details.patch - add options to control migration tunables --max_iters, --max_factor, --abort_if_busy xen.migration.abort_if_busy.patch - bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4 - bnc#800156 - L3: HP iLo Generate NMI function not working in XEN kernel 26440-x86-forward-SERR.patch - Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch - bnc#793927 - Xen VMs with more than 2 disks randomly fail to start 25590-hotplug-locking.patch 25595-hotplug-locking.patch 26079-hotplug-locking.patch - Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch - Update to Xen 4.1.4 c/s 23432 - Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures - Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch - Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. EFI-makefile-cflags-filter.patch" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=793927" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=794316" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797031" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=799694" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=800156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=800275" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=802690" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=805094" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=806736" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html" ); script_set_attribute(attribute:"solution", value:"Update the affected xen packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"xen-debugsource-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-devel-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-kmp-default-4.1.4_02_k3.1.10_1.19-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-kmp-default-debuginfo-4.1.4_02_k3.1.10_1.19-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-kmp-desktop-4.1.4_02_k3.1.10_1.19-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-kmp-desktop-debuginfo-4.1.4_02_k3.1.10_1.19-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-kmp-pae-4.1.4_02_k3.1.10_1.19-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-kmp-pae-debuginfo-4.1.4_02_k3.1.10_1.19-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-libs-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-libs-debuginfo-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-tools-domU-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"xen-tools-domU-debuginfo-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xen-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xen-doc-html-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xen-doc-pdf-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xen-libs-32bit-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xen-tools-4.1.4_02-1.29.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.1.4_02-1.29.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0068.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 84140 published 2015-06-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84140 title OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2015-0068. # include("compat.inc"); if (description) { script_id(84140); script_version("2.18"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-0029", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-0153", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1950", "CVE-2014-3566", "CVE-2014-5146", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2752", "CVE-2015-2756", "CVE-2015-3209", "CVE-2015-3456", "CVE-2015-4164"); script_bugtraq_id(17600, 22967, 51642, 53650, 53961, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 56289, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 57223, 57742, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 64195, 65419, 65529, 69198, 70057, 70062, 70198, 70574, 72577, 72954, 72955, 73015, 73448, 74640, 75123, 75149); script_name(english:"OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000317.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.127.52")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.127.52")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.127.52")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-24.NASL description The remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have “tmem” specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036 last seen 2020-06-01 modified 2020-06-02 plugin id 70184 published 2013-09-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70184 title GLSA-201309-24 : Xen: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201309-24. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(70184); script_version("1.15"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2011-2901", "CVE-2011-3262", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5525", "CVE-2012-5634", "CVE-2012-6030", "CVE-2012-6031", "CVE-2012-6032", "CVE-2012-6033", "CVE-2012-6034", "CVE-2012-6035", "CVE-2012-6036", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0151", "CVE-2013-0152", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211"); script_bugtraq_id(49370, 53856, 53955, 53961, 54691, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 55442, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 56805, 57159, 57223, 57420, 57494, 57495, 57742, 57745, 58880, 59070, 59291, 59292, 59293, 59615, 59617, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799); script_xref(name:"GLSA", value:"201309-24"); script_name(english:"GLSA-201309-24 : Xen: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have “tmem” specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036" ); script_set_attribute( attribute:"see_also", value:"https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201309-24" ); script_set_attribute( attribute:"solution", value: "All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.2-r1' All Xen-tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-tools-4.2.2-r3' All Xen-pvgrub users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-pvgrub-4.2.2-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'FreeBSD Intel SYSRET Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-pvgrub"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/xen-pvgrub", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++; if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++; if (qpkg_check(package:"app-emulation/xen-tools", unaffected:make_list("ge 4.2.2-r3"), vulnerable:make_list("lt 4.2.2-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0847.NASL description Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) Red Hat would like to thank the Xen project for reporting the CVE-2013-0153 issue. This update also fixes the following bugs : * When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a last seen 2020-06-01 modified 2020-06-02 plugin id 66528 published 2013-05-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66528 title CentOS 5 : kernel (CESA-2013:0847) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0847 and # CentOS Errata and Security Advisory 2013:0847 respectively. # include("compat.inc"); if (description) { script_id(66528); script_version("1.8"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2013-0153"); script_bugtraq_id(57745); script_xref(name:"RHSA", value:"2013:0847"); script_name(english:"CentOS 5 : kernel (CESA-2013:0847)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) Red Hat would like to thank the Xen project for reporting the CVE-2013-0153 issue. This update also fixes the following bugs : * When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a '-ENOTDIR' error. Consequently, the process failed to open the requested file. This update backports a patch that adds a test condition verifying validity of the GETATTR information. If the GETATTR information is invalid, it is obtained later and the process opens the requested file as expected. (BZ#947736) * Previously, the xdr routines in NFS version 2 and 3 conditionally updated the res->count variable. Read retry attempts after a short NFS read() call could fail to update the res->count variable, resulting in truncated read data being returned. With this update, the res->count variable is updated unconditionally so this bug can no longer occur. (BZ#952098) * When handling requests from Intelligent Platform Management Interface (IPMI) clients, the IPMI driver previously used two different locks for an IPMI request. If two IPMI clients sent their requests at the same time, each request could receive one of the locks and then wait for the second lock to become available. This resulted in a deadlock situation and the system became unresponsive. The problem could occur more likely in environments with many IPMI clients. This update modifies the IPMI driver to handle the received messages using tasklets so the driver now uses a safe locking technique when handling IPMI requests and the mentioned deadlock can no longer occur. (BZ#953435) * Incorrect locking around the cl_state_owners list could cause the NFSv4 state reclaimer thread to enter an infinite loop while holding the Big Kernel Lock (BLK). As a consequence, the NFSv4 client became unresponsive. With this update, safe list iteration is used, which prevents the NFSv4 client from hanging in this scenario. (BZ#954296) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2013-May/019735.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?36f81774" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0153"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/14"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-348.6.1.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-348.6.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc"); }
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0011.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - oxenstored incorrect handling of certain Xenbus ring states Xen Security Advisory 38 (CVE-2013-0215) Patch xsa38.patch The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM. Signed-off-by Chuck Anderson (CVE-2013-0215) - ACPI: acpi_table_parse should return handler last seen 2020-06-01 modified 2020-06-02 plugin id 79500 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79500 title OracleVM 3.2 : xen (OVMSA-2013-0011) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2013-0011. # include("compat.inc"); if (description) { script_id(79500); script_version("1.3"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2013-0153", "CVE-2013-0215"); script_bugtraq_id(57742, 57745); script_name(english:"OracleVM 3.2 : xen (OVMSA-2013-0011)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - oxenstored incorrect handling of certain Xenbus ring states Xen Security Advisory 38 (CVE-2013-0215) Patch xsa38.patch The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM. Signed-off-by Chuck Anderson (CVE-2013-0215) - ACPI: acpi_table_parse should return handler's error code Currently, the error code returned by acpi_table_parse's handler is ignored. This patch will propagate handler's return value to acpi_table_parse's caller. AMD,IOMMU: Clean up old entries in remapping tables when creating new interrupt mapping. When changing the affinity of an IRQ associated with a passed through PCI device, clear previous mapping. In addition, because some BIOSes may incorrectly program IVRS entries for IOAPIC try to check for entry's consistency. Specifically, if conflicting entries are found disable IOMMU if per-device remapping table is used. If entries refer to bogus IOAPIC IDs disable IOMMU unconditionally AMD,IOMMU: Disable IOMMU if SATA Combined mode is on AMD's SP5100 chipset can be placed into SATA Combined mode that may cause prevent dom0 from booting when IOMMU is enabled and per-device interrupt remapping table is used. While SP5100 erratum 28 requires BIOSes to disable this mode, some may still use it. This patch checks whether this mode is on and, if per-device table is in use, disables IOMMU. AMD,IOMMU: Make per-device interrupt remapping table default Using global interrupt remapping table may be insecure, as described by XSA-36. This patch makes per-device mode default. This is XSA-36 / CVE-2013-0153. (CVE-2013-0153)" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2013-February/000124.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bf9cda33" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/14"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.3")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.3")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2013-6723.NASL description - Thu Apr 25 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.5-1 - update to xen-4.1.5 includes fixes for passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) grant releases can release more than intended potentially crashing xen [XSA-50, CVE-2013-1964] (#953632) - remove patches that are included in 4.1.5 - allow xendomains to work with xl saved images - Thu Apr 4 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-7 - make xendomains systemd script executable (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920] - Fri Feb 22 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-6 - patch for [XSA-36, CVE-2013-0153] can cause boot time crash - backport the fixes discovered when building with gcc 4.8 - Fri Feb 15 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-5 - patch for [XSA-38, CVE-2013-0215] was flawed - Wed Feb 6 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-4 - guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - Thu Jan 17 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-3 - Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845) - fix a bug introduced by fix for XSA-27 - Fri Jan 11 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-2 - VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - Tue Dec 18 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-1 - update to xen-4.1.4 - remove patches that are included in 4.1.4 - Tue Dec 4 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.3-7 - 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) An HVM guest can cause xen to crash or leak information [XSA-28, CVE-2012-5512] (#883085) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) - Tue Nov 13 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.3-6 - 5 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) [plus 60 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-05-05 plugin id 66321 published 2013-05-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66321 title Fedora 17 : xen-4.1.5-1.fc17 (2013-6723) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-6723. # include("compat.inc"); if (description) { script_id(66321); script_version("1.16"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1917", "CVE-2013-1919", "CVE-2013-1964"); script_bugtraq_id(59291, 59292, 59293); script_xref(name:"FEDORA", value:"2013-6723"); script_name(english:"Fedora 17 : xen-4.1.5-1.fc17 (2013-6723)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Apr 25 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.5-1 - update to xen-4.1.5 includes fixes for passed through IRQs or PCI devices might allow denial of service attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in 32-bit PV guests on 64-bit xen can crash hypervisor [XSA-44, CVE-2013-1917] (#953569) grant releases can release more than intended potentially crashing xen [XSA-50, CVE-2013-1964] (#953632) - remove patches that are included in 4.1.5 - allow xendomains to work with xl saved images - Thu Apr 4 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-7 - make xendomains systemd script executable (#919705) - Potential use of freed memory in event channel operations [XSA-47, CVE-2013-1920] - Fri Feb 22 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-6 - patch for [XSA-36, CVE-2013-0153] can cause boot time crash - backport the fixes discovered when building with gcc 4.8 - Fri Feb 15 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-5 - patch for [XSA-38, CVE-2013-0215] was flawed - Wed Feb 6 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-4 - guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888) - guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914) - Thu Jan 17 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-3 - Buffer overflow when processing large packets in qemu e1000 device driver [XSA-41, CVE-2012-6075] (#910845) - fix a bug introduced by fix for XSA-27 - Fri Jan 11 2013 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-2 - VT-d interrupt remapping source validation flaw [XSA-33, CVE-2012-5634] (#893568) - Tue Dec 18 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.4-1 - update to xen-4.1.4 - remove patches that are included in 4.1.4 - Tue Dec 4 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.3-7 - 6 security fixes A guest can cause xen to crash [XSA-26, CVE-2012-5510] (#883082) An HVM guest can cause xen to run slowly or crash [XSA-27, CVE-2012-5511] (#883084) An HVM guest can cause xen to crash or leak information [XSA-28, CVE-2012-5512] (#883085) A PV guest can cause xen to crash and might be able escalate privileges [XSA-29, CVE-2012-5513] (#883088) An HVM guest can cause xen to hang [XSA-30, CVE-2012-5514] (#883091) A guest can cause xen to hang [XSA-31, CVE-2012-5515] (#883092) - Tue Nov 13 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.3-6 - 5 security fixes A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) [plus 60 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=950668" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=950686" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=953632" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?21e17665" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/13"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"xen-4.1.5-1.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0847-1.NASL description From Red Hat Security Advisory 2013:0847 : Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) Red Hat would like to thank the Xen project for reporting the CVE-2013-0153 issue. This update also fixes the following bugs : * When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a last seen 2020-06-01 modified 2020-06-02 plugin id 68825 published 2013-07-12 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68825 title Oracle Linux 5 : kernel (ELSA-2013-0847-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0847 and # Oracle Linux Security Advisory ELSA-2013-0847-1 respectively. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(68825); script_version("1.6"); script_cvs_date("Date: 2018/07/18 17:43:57"); script_cve_id("CVE-2013-0153"); script_bugtraq_id(57745); script_xref(name:"RHSA", value:"2013:0847"); script_name(english:"Oracle Linux 5 : kernel (ELSA-2013-0847-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0847 : Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) Red Hat would like to thank the Xen project for reporting the CVE-2013-0153 issue. This update also fixes the following bugs : * When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a '-ENOTDIR' error. Consequently, the process failed to open the requested file. This update backports a patch that adds a test condition verifying validity of the GETATTR information. If the GETATTR information is invalid, it is obtained later and the process opens the requested file as expected. (BZ#947736) * Previously, the xdr routines in NFS version 2 and 3 conditionally updated the res->count variable. Read retry attempts after a short NFS read() call could fail to update the res->count variable, resulting in truncated read data being returned. With this update, the res->count variable is updated unconditionally so this bug can no longer occur. (BZ#952098) * When handling requests from Intelligent Platform Management Interface (IPMI) clients, the IPMI driver previously used two different locks for an IPMI request. If two IPMI clients sent their requests at the same time, each request could receive one of the locks and then wait for the second lock to become available. This resulted in a deadlock situation and the system became unresponsive. The problem could occur more likely in environments with many IPMI clients. This update modifies the IPMI driver to handle the received messages using tasklets so the driver now uses a safe locking technique when handling IPMI requests and the mentioned deadlock can no longer occur. (BZ#953435) * Incorrect locking around the cl_state_owners list could cause the NFSv4 state reclaimer thread to enter an infinite loop while holding the Big Kernel Lock (BLK). As a consequence, the NFSv4 client became unresponsive. With this update, safe list iteration is used, which prevents the NFSv4 client from hanging in this scenario. (BZ#954296) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-May/003480.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-348.6.1.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-348.6.1.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-348.6.1.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-348.6.1.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-348.6.1.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-348.6.1.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-348.6.1.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-348.6.1.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-348.6.1.0.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-348.6.1.0.1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0847.NASL description From Red Hat Security Advisory 2013:0847 : Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) Red Hat would like to thank the Xen project for reporting the CVE-2013-0153 issue. This update also fixes the following bugs : * When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a last seen 2020-06-01 modified 2020-06-02 plugin id 68826 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68826 title Oracle Linux 5 : kernel (ELSA-2013-0847) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0847 and # Oracle Linux Security Advisory ELSA-2013-0847 respectively. # include("compat.inc"); if (description) { script_id(68826); script_version("1.11"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2013-0153"); script_bugtraq_id(57745); script_xref(name:"RHSA", value:"2013:0847"); script_name(english:"Oracle Linux 5 : kernel (ELSA-2013-0847)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0847 : Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue : * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) Red Hat would like to thank the Xen project for reporting the CVE-2013-0153 issue. This update also fixes the following bugs : * When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a '-ENOTDIR' error. Consequently, the process failed to open the requested file. This update backports a patch that adds a test condition verifying validity of the GETATTR information. If the GETATTR information is invalid, it is obtained later and the process opens the requested file as expected. (BZ#947736) * Previously, the xdr routines in NFS version 2 and 3 conditionally updated the res->count variable. Read retry attempts after a short NFS read() call could fail to update the res->count variable, resulting in truncated read data being returned. With this update, the res->count variable is updated unconditionally so this bug can no longer occur. (BZ#952098) * When handling requests from Intelligent Platform Management Interface (IPMI) clients, the IPMI driver previously used two different locks for an IPMI request. If two IPMI clients sent their requests at the same time, each request could receive one of the locks and then wait for the second lock to become available. This resulted in a deadlock situation and the system became unresponsive. The problem could occur more likely in environments with many IPMI clients. This update modifies the IPMI driver to handle the received messages using tasklets so the driver now uses a safe locking technique when handling IPMI requests and the mentioned deadlock can no longer occur. (BZ#953435) * Incorrect locking around the cl_state_owners list could cause the NFSv4 state reclaimer thread to enter an infinite loop while holding the Big Kernel Lock (BLK). As a consequence, the NFSv4 client became unresponsive. With this update, safe list iteration is used, which prevents the NFSv4 client from hanging in this scenario. (BZ#954296) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-May/003479.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/14"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2013-0153"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2013-0847"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-348.6.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-348.6.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-348.6.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-348.6.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-348.6.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-348.6.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-348.6.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-348.6.1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2636.NASL description Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-4544 Insufficient validation of kernel or ramdisk sizes in the Xen PV domain builder could result in denial of service. - CVE-2012-5511 Several HVM control operations performed insufficient validation of input, which could result in denial of service through resource exhaustion. - CVE-2012-5634 Incorrect interrupt handling when using VT-d hardware could result in denial of service. - CVE-2013-0153 Insufficient restriction of interrupt access could result in denial of service. last seen 2020-03-17 modified 2013-03-04 plugin id 64973 published 2013-03-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64973 title Debian DSA-2636-2 : xen - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2636. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(64973); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4544", "CVE-2012-5511", "CVE-2012-5634", "CVE-2013-0153"); script_bugtraq_id(56289, 56796, 57223, 57745); script_xref(name:"DSA", value:"2636"); script_name(english:"Debian DSA-2636-2 : xen - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-4544 Insufficient validation of kernel or ramdisk sizes in the Xen PV domain builder could result in denial of service. - CVE-2012-5511 Several HVM control operations performed insufficient validation of input, which could result in denial of service through resource exhaustion. - CVE-2012-5634 Incorrect interrupt handling when using VT-d hardware could result in denial of service. - CVE-2013-0153 Insufficient restriction of interrupt access could result in denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-4544" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-5511" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-5634" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-0153" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/xen" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2636" ); script_set_attribute( attribute:"solution", value: "Upgrade the xen packages. For the stable distribution (squeeze), these problems have been fixed in version 4.0.1-5.8." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libxen-dev", reference:"4.0.1-5.8")) flag++; if (deb_check(release:"6.0", prefix:"libxenstore3.0", reference:"4.0.1-5.8")) flag++; if (deb_check(release:"6.0", prefix:"xen-docs-4.0", reference:"4.0.1-5.8")) flag++; if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-amd64", reference:"4.0.1-5.8")) flag++; if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-i386", reference:"4.0.1-5.8")) flag++; if (deb_check(release:"6.0", prefix:"xen-utils-4.0", reference:"4.0.1-5.8")) flag++; if (deb_check(release:"6.0", prefix:"xenstore-utils", reference:"4.0.1-5.8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0009.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - oxenstored incorrect handling of certain Xenbus ring states Xen Security Advisory 38 (CVE-2013-0215) Patch xsa38.patch The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM. Signed-off-by Chuck Anderson (CVE-2013-0215) - ACPI: acpi_table_parse should return handler last seen 2020-06-01 modified 2020-06-02 plugin id 79498 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79498 title OracleVM 3.1 : xen (OVMSA-2013-0009) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2013-0009. # include("compat.inc"); if (description) { script_id(79498); script_version("1.3"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2013-0153", "CVE-2013-0215"); script_bugtraq_id(57742, 57745); script_name(english:"OracleVM 3.1 : xen (OVMSA-2013-0009)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - oxenstored incorrect handling of certain Xenbus ring states Xen Security Advisory 38 (CVE-2013-0215) Patch xsa38.patch The oxenstored daemon (the ocaml version of the xenstore daemon) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause oxenstored to read past the end of the ring (and very likely crash) or to allocate large amounts of RAM. Signed-off-by Chuck Anderson (CVE-2013-0215) - ACPI: acpi_table_parse should return handler's error code Currently, the error code returned by acpi_table_parse's handler is ignored. This patch will propagate handler's return value to acpi_table_parse's caller. AMD,IOMMU: Clean up old entries in remapping tables when creating new interrupt mapping. When changing the affinity of an IRQ associated with a passed through PCI device, clear previous mapping. In addition, because some BIOSes may incorrectly program IVRS entries for IOAPIC try to check for entry's consistency. Specifically, if conflicting entries are found disable IOMMU if per-device remapping table is used. If entries refer to bogus IOAPIC IDs disable IOMMU unconditionally AMD,IOMMU: Disable IOMMU if SATA Combined mode is on AMD's SP5100 chipset can be placed into SATA Combined mode that may cause prevent dom0 from booting when IOMMU is enabled and per-device interrupt remapping table is used. While SP5100 erratum 28 requires BIOSes to disable this mode, some may still use it. This patch checks whether this mode is on and, if per-device table is in use, disables IOMMU. AMD,IOMMU: Make per-device interrupt remapping table default Using global interrupt remapping table may be insecure, as described by XSA-36. This patch makes per-device mode default. This is XSA-36 / CVE-2013-0153. (CVE-2013-0153)" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2013-February/000126.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2b9fce8b" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/14"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.1" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.1", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.1", reference:"xen-4.1.2-18.el5.37")) flag++; if (rpm_check(release:"OVS3.1", reference:"xen-devel-4.1.2-18.el5.37")) flag++; if (rpm_check(release:"OVS3.1", reference:"xen-tools-4.1.2-18.el5.37")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-130313.NASL description XEN has been updated to fix various bugs and security issues : - (XSA 36) To avoid an erratum in early hardware, the Xen AMD IOMMU code by default choose to use a single interrupt remapping table for the whole system. This sharing implied that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. This has been disabled for AMD chipsets not capable of it. (CVE-2013-0153) - qemu: The e1000 had overflows under some conditions, potentially corrupting memory. (CVE-2012-6075) - (XSA 37) Hypervisor crash due to incorrect ASSERT (debug build only). (CVE-2013-0154) - (XSA-33) A VT-d interrupt remapping source validation flaw was fixed. Also the following bugs have been fixed :. (CVE-2012-5634) - xen hot plug attach/detach fails. (bnc#805094) - domain locking can prevent a live migration from completing. (bnc#802690) - no way to control live migrations. (bnc#797014) - fix logic error in stdiostream_progress - restore logging in xc_save - add options to control migration tunables - enabling xentrace crashes hypervisor. (bnc#806736) - Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) - Add $network to xend initscript dependencies. (bnc#798188) - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4. (bnc#799694) - L3: HP iLo Generate NMI function not working in XEN kernel. (bnc#800156) - Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch - Xen VMs with more than 2 disks randomly fail to start. (bnc#793927) - Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch - Update to Xen 4.1.4 c/s 23432 - Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures - Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch - Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. last seen 2020-06-05 modified 2013-04-04 plugin id 65797 published 2013-04-04 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65797 title SuSE 11.2 Security Update : Xen (SAT Patch Number 7492) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(65797); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2013-0153", "CVE-2013-0154"); script_name(english:"SuSE 11.2 Security Update : Xen (SAT Patch Number 7492)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "XEN has been updated to fix various bugs and security issues : - (XSA 36) To avoid an erratum in early hardware, the Xen AMD IOMMU code by default choose to use a single interrupt remapping table for the whole system. This sharing implied that any guest with a passed through PCI device that is bus mastering capable can inject interrupts into other guests, including domain 0. This has been disabled for AMD chipsets not capable of it. (CVE-2013-0153) - qemu: The e1000 had overflows under some conditions, potentially corrupting memory. (CVE-2012-6075) - (XSA 37) Hypervisor crash due to incorrect ASSERT (debug build only). (CVE-2013-0154) - (XSA-33) A VT-d interrupt remapping source validation flaw was fixed. Also the following bugs have been fixed :. (CVE-2012-5634) - xen hot plug attach/detach fails. (bnc#805094) - domain locking can prevent a live migration from completing. (bnc#802690) - no way to control live migrations. (bnc#797014) - fix logic error in stdiostream_progress - restore logging in xc_save - add options to control migration tunables - enabling xentrace crashes hypervisor. (bnc#806736) - Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) - Add $network to xend initscript dependencies. (bnc#798188) - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4. (bnc#799694) - L3: HP iLo Generate NMI function not working in XEN kernel. (bnc#800156) - Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch - Xen VMs with more than 2 disks randomly fail to start. (bnc#793927) - Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch - Update to Xen 4.1.4 c/s 23432 - Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures - Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch - Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=793927" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=794316" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797031" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=799694" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=800156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=800275" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=802690" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=805094" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=806736" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5510.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5511.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5513.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5514.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5634.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6075.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0153.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0154.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7492."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-libs-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-tools-domU-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-doc-html-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-doc-pdf-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-libs-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-libs-32bit-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-tools-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-tools-domU-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-libs-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-tools-domU-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-doc-html-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-doc-pdf-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.4_02_3.0.58_0.6.6-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-libs-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-libs-32bit-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-tools-4.1.4_02-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-tools-domU-4.1.4_02-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-311.NASL description XEN was updated to fix various bugs and security issues : Security issues fixed : - bnc#800275 - CVE-2013-0153: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs - bnc#797523 - CVE-2012-6075: qemu / kvm-qemu: e1000 overflows under some conditions - bnc#797031 - Xen Security Advisory 37 (CVE-2013-0154) - Hypervisor crash due to incorrect ASSERT (debug build only) - bnc#794316 - CVE-2012-5634: xen: VT-d interrupt remapping source validation flaw (XSA-33) Bugs fixed : - Upstream patches from Jan 26536-xenoprof-div-by-0.patch 26578-AMD-IOMMU-replace-BUG_ON.patch 26656-x86-fix-null-pointer-dereference-in-intel_get_exte nded_msrs.patch 26659-AMD-IOMMU-erratum-746-workaround.patch 26660-x86-fix-CMCI-injection.patch 26672-vmx-fix-handling-of-NMI-VMEXIT.patch 26673-Avoid-stale-pointer-when-moving-domain-to-another- cpupool.patch 26676-fix-compat-memory-exchange-op-splitting.patch 26677-x86-make-certain-memory-sub-ops-return-valid-value s.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch 26679-x86-defer-processing-events-on-the-NMI-exit-path.p atch 26683-credit1-Use-atomic-bit-operations-for-the-flags-st ructure.patch 26692-x86-MSI-fully-protect-MSI-X-table.patch - bnc#805094 - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch - bnc#802690 - domain locking can prevent a live migration from completing modified xend-domain-lock.patch - bnc#797014 - no way to control live migrations 26547-tools-xc_fix_logic_error_in_stdiostream_progress.p atch 26548-tools-xc_handle_tty_output_differently_in_stdiostr eam_progress.patch 26549-tools-xc_turn_XCFLAGS__into_shifts.patch 26550-tools-xc_restore_logging_in_xc_save.patch 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patc h 26675-tools-xentoollog_update_tty_detection_in_stdiostre am_progress.patch xen.migrate.tools-xc_print_messages_from_xc_save_with_xc _report.patch xen.migrate.tools-xc_document_printf_calls_in_xc_restore .patch xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirt y.patch xen.migrate.tools_set_migration_constraints_from_cmdline .patch xen.migrate.tools_add_xm_migrate_--log_progress_option.p atch - remove old patches: xen.xc.progress.patch xen.xc_save.details.patch xen.migration.abort_if_busy.patch - bnc#806736: enabling xentrace crashes hypervisor 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.pat ch - Upstream patches from Jan 26287-sched-credit-pick-idle.patch 26501-VMX-simplify-CR0-update.patch 26502-VMX-disable-SMEP-when-not-paging.patch 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) - bnc#798188 - Add $network to xend initscript dependencies - bnc#797014 - no way to control live migrations - fix logic error in stdiostream_progress xen.xc.progress.patch - restore logging in xc_save xen.xc_save.details.patch - add options to control migration tunables --max_iters, --max_factor, --abort_if_busy xen.migration.abort_if_busy.patch - bnc#799694 - Unable to dvd or cdrom-boot DomU after xen-tools update Fixed with update to Xen version 4.1.4 - bnc#800156 - L3: HP iLo Generate NMI function not working in XEN kernel 26440-x86-forward-SERR.patch - Upstream patches from Jan 26404-x86-forward-both-NMI-kinds.patch 26427-x86-AMD-enable-WC+.patch - bnc#793927 - Xen VMs with more than 2 disks randomly fail to start 25590-hotplug-locking.patch 25595-hotplug-locking.patch 26079-hotplug-locking.patch - Upstream patches from Jan 26332-x86-compat-show-guest-stack-mfn.patch 26333-x86-get_page_type-assert.patch (Replaces CVE-2013-0154-xsa37.patch) 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) 26370-libxc-x86-initial-mapping-fit.patch - Update to Xen 4.1.4 c/s 23432 - Update xenpaging.guest-memusage.patch add rule for xenmem to avoid spurious build failures - Upstream patches from Jan 26179-PCI-find-next-cap.patch 26183-x86-HPET-masking.patch 26188-x86-time-scale-asm.patch 26200-IOMMU-debug-verbose.patch 26203-x86-HAP-dirty-vram-leak.patch 26229-gnttab-version-switch.patch (Replaces CVE-2012-5510-xsa26.patch) 26230-x86-HVM-limit-batches.patch (Replaces CVE-2012-5511-xsa27.patch) 26231-memory-exchange-checks.patch (Replaces CVE-2012-5513-xsa29.patch) 26232-x86-mark-PoD-error-path.patch (Replaces CVE-2012-5514-xsa30.patch) 26233-memop-order-checks.patch (Replaces CVE-2012-5515-xsa31.patch) 26235-IOMMU-ATS-max-queue-depth.patch 26272-x86-EFI-makefile-cflags-filter.patch 26294-x86-AMD-Fam15-way-access-filter.patch CVE-2013-0154-xsa37.patch - Restore c/s 25751 in 23614-x86_64-EFI-boot.patch. Modify the EFI Makefile to do additional filtering. EFI-makefile-cflags-filter.patch last seen 2020-06-05 modified 2014-06-13 plugin id 74967 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74967 title openSUSE Security Update : xen (openSUSE-SU-2013:0637-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-2225.NASL description adjust gcc 4.8 fixes guest using oxenstored can crash host or exhaust memory [XSA-38, CVE-2013-0215] (#907888), guest using AMD-Vi for PCI passthrough can cause denial of service [XSA-36, CVE-2013-0153] (#910914), fixes for gcc 4.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-02-19 plugin id 64678 published 2013-02-19 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64678 title Fedora 18 : xen-4.2.1-7.fc18 (2013-2225)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html
- http://osvdb.org/89867
- http://rhn.redhat.com/errata/RHSA-2013-0847.html
- http://secunia.com/advisories/51881
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.debian.org/security/2013/dsa-2636
- http://www.openwall.com/lists/oss-security/2013/02/05/7
- http://www.securityfocus.com/bid/57745
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81831