Vulnerabilities > CVE-2013-1918 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 9 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0446-1.NASL description The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to last seen 2020-06-05 modified 2015-05-20 plugin id 83616 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83616 title SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:0446-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83616); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6885", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894"); script_bugtraq_id(17600, 22967, 55410, 55442, 56289, 56498, 56794, 56796, 56797, 56798, 56803, 57159, 57223, 57420, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60282, 60701, 60702, 60703, 60721, 60799, 61424, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 65419); script_name(english:"SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to 'deep page table traversal.' (bnc#826882) XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possible gain privileges via unspecified vectors. (bnc#826882) XSA-57: CVE-2013-2211: The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors. (bnc#823608) XSA-56: CVE-2013-2072: Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. (bnc#819416) XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to 'other problems' that are not CVE-2013-2194 or CVE-2013-2195. (bnc#823011) XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to 'pointer dereferences' involving unexpected calculations. (bnc#823011) XSA-55: CVE-2013-2194: Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. (bnc#823011) XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. (bnc#820919) XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. (bnc#820917) XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. (bnc#816156) XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. (bnc#816163) XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running 'under memory pressure' and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. (bnc#813677) XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to 'passed-through IRQs or PCI devices.' (bnc#813675) XSA-45: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to 'deep page table traversal.' (bnc#816159) XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. (bnc#813673) XSA-41: CVE-2012-6075: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. (bnc#797523) XSA-37: CVE-2013-0154: The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall. (bnc#797031) XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. (bnc#800275) XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. (bnc#794316) XSA-31: CVE-2012-5515: The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. (bnc#789950) XSA-30: CVE-2012-5514: The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. (bnc#789948) XSA-29: CVE-2012-5513: The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. (bnc#789951) XSA-27: CVE-2012-6333: Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. (bnc#789944) XSA-27: CVE-2012-5511: Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. (bnc#789944) XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. (bnc#789945) XSA-25: CVE-2012-4544: The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. (bnc#787163) XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka 'Grant table hypercall infinite loop DoS vulnerability.' (bnc#786520) XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. (bnc#786519) XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka 'Memory mapping failure DoS vulnerability.' (bnc#786517) XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an 'inappropriate deadline.' (bnc#786516) XSA-19: CVE-2012-4411: The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. (bnc#779212) XSA-15: CVE-2012-3497: (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. (bnc#777890) Also the following non-security bugs have been fixed : - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch. (bnc#805094) - guest 'disappears' after live migration Updated block-dmmd script. (bnc#777628) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b3fed2ec" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-1056.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-0998.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3497.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4411.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4535.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4537.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4538.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4539.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4544.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5510.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5511.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5513.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5514.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5634.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6075.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6333.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0153.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0154.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1432.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1442.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1917.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1918.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1919.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1920.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1952.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1964.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2072.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2076.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2077.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2194.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2195.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2196.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2211.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2212.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4329.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4355.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4361.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4368.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4494.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4553.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4554.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6885.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1891.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1892.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1893.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1894.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/777628" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/777890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/779212" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786517" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786519" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/787163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789944" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789945" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789948" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789951" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/794316" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/797031" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/797523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/800275" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/805094" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813673" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813677" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816159" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/819416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820917" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/823011" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/823608" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/826882" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/831120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839596" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/840592" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/841766" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/842511" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848657" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849667" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849668" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853049" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/860163" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20140446-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e4176238" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11 SP1 LTSS : zypper in -t patch slessp1-xen-201402-8963 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2013-11837.NASL description XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default= last seen 2020-03-17 modified 2013-07-12 plugin id 67326 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67326 title Fedora 19 : xen-4.2.2-10.fc19 (2013-11837) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-11837. # include("compat.inc"); if (description) { script_id(67326); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1432", "CVE-2013-1918", "CVE-2013-2211"); script_bugtraq_id(59615, 60721, 60799); script_xref(name:"FEDORA", value:"2013-11837"); script_name(english:"Fedora 19 : xen-4.2.2-10.fc19 (2013-11837)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default='${next_entry}' line in F19 libxl: Set vfb and vkb devid if not done so by the caller add upstream patch for PCI passthrough problems after XSA-46 xenstore permissions not set correctly by libxl [XSA-57] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=971503" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=974250" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110604.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?99313545" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"xen-4.2.2-10.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0068.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 84140 published 2015-06-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84140 title OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2015-0068. # include("compat.inc"); if (description) { script_id(84140); script_version("2.18"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-0029", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-0153", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1950", "CVE-2014-3566", "CVE-2014-5146", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2752", "CVE-2015-2756", "CVE-2015-3209", "CVE-2015-3456", "CVE-2015-4164"); script_bugtraq_id(17600, 22967, 51642, 53650, 53961, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 56289, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 57223, 57742, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 64195, 65419, 65529, 69198, 70057, 70062, 70198, 70574, 72577, 72954, 72955, 73015, 73448, 74640, 75123, 75149); script_name(english:"OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000317.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.127.52")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.127.52")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.127.52")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-24.NASL description The remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have “tmem” specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036 last seen 2020-06-01 modified 2020-06-02 plugin id 70184 published 2013-09-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70184 title GLSA-201309-24 : Xen: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201309-24. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(70184); script_version("1.15"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2011-2901", "CVE-2011-3262", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5525", "CVE-2012-5634", "CVE-2012-6030", "CVE-2012-6031", "CVE-2012-6032", "CVE-2012-6033", "CVE-2012-6034", "CVE-2012-6035", "CVE-2012-6036", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0151", "CVE-2013-0152", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211"); script_bugtraq_id(49370, 53856, 53955, 53961, 54691, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 55442, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 56805, 57159, 57223, 57420, 57494, 57495, 57742, 57745, 58880, 59070, 59291, 59292, 59293, 59615, 59617, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799); script_xref(name:"GLSA", value:"201309-24"); script_name(english:"GLSA-201309-24 : Xen: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have “tmem” specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036" ); script_set_attribute( attribute:"see_also", value:"https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201309-24" ); script_set_attribute( attribute:"solution", value: "All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.2-r1' All Xen-tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-tools-4.2.2-r3' All Xen-pvgrub users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-pvgrub-4.2.2-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'FreeBSD Intel SYSRET Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-pvgrub"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/xen-pvgrub", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++; if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++; if (qpkg_check(package:"app-emulation/xen-tools", unaffected:make_list("ge 4.2.2-r3"), vulnerable:make_list("lt 4.2.2-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0037.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - VT-d: don last seen 2020-06-01 modified 2020-06-02 plugin id 79506 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79506 title OracleVM 3.1 : xen (OVMSA-2013-0037) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2013-0037. # include("compat.inc"); if (description) { script_id(79506); script_version("1.5"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2013-1918", "CVE-2013-1952", "CVE-2013-1964"); script_bugtraq_id(59293, 59615, 59617); script_name(english:"OracleVM 3.1 : xen (OVMSA-2013-0037)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - VT-d: don't permit SVT_NO_VERIFY entries for known device types Only in cases where we don't know what to do we should leave the IRTE blank (suppressing all validation), but we should always log a warning in those cases (as being insecure). This is CVE-2013-1952 / XSA-49. - x86: make page table handling error paths preemptible ... as they may take significant amounts of time. This requires cloning the tweaked continuation logic from do_mmuext_op to do_mmu_update. Note that in mod_l[34]_entry a negative 'preemptible' value gets passed to put_page_from_l[34]e now, telling the callee to store the respective page in current->arch.old_guest_table (for a hypercall continuation to pick up), rather than carrying out the put right away. This is going to be made a little more explicit by a subsequent cleanup patch. This is part of CVE-2013-1918 / XSA-45. (CVE-2013-1918) - x86: make page table unpinning preemptible ... as it may take significant amounts of time. Since we can't re-invoke the operation in a second attempt, the continuation logic must be slightly tweaked so that we make sure do_mmuext_op gets run one more time even when the preempted unpin operation was the last one in a batch. This is part of CVE-2013-1918 / XSA-45. (CVE-2013-1918) - x86: make arch_set_info_guest preemptible .. as the root page table validation (and the dropping of an eventual old one) can require meaningful amounts of time. This is part of CVE-2013-1918 / XSA-45. (CVE-2013-1918) - x86: make vcpu_reset preemptible ... as dropping the old page tables may take significant amounts of time. This is part of CVE-2013-1918 / XSA-45. (CVE-2013-1918) - x86: make MMUEXT_NEW_USER_BASEPTR preemptible ... as it may take significant amounts of time. This is part of CVE-2013-1918 / XSA-45. (CVE-2013-1918) - x86: make new_guest_cr3 preemptible ... as it may take significant amounts of time. This is part of CVE-2013-1918 / XSA-45. (CVE-2013-1918) - x86: make vcpu_destroy_pagetables preemptible ... as it may take significant amounts of time. The function, being moved to mm.c as the better home for it anyway, and to avoid having to make a new helper function there non-static, is given a 'preemptible' parameter temporarily (until, in a subsequent patch, its other caller is also being made capable of dealing with preemption). This is part of CVE-2013-1918 / XSA-45. (CVE-2013-1918) - Fix rcu domain locking for transitive grants When acquiring a transitive grant for copy then the owning domain needs to be locked down as well as the granting domain. This was being done, but the unlocking was not. The acquire code now stores the struct domain * of the owning domain (rather than the domid) in the active entry in the granting domain. The release code then does the unlock on the owning domain. Note that I believe I also fixed a bug where, for non-transitive grants the active entry contained a reference to the acquiring domain rather than the granting domain. From my reading of the code this would stop the release code for transitive grants from terminating its recursion correctly. Also, for non-transitive grants we now avoid incorrectly recursing in __release_grant_for_copy. This is CVE-2013-1964 / XSA-50. (CVE-2013-1964)" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2013-May/000150.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/13"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.1" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.1", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.1", reference:"xen-4.1.2-18.el5.50")) flag++; if (rpm_check(release:"OVS3.1", reference:"xen-devel-4.1.2-18.el5.50")) flag++; if (rpm_check(release:"OVS3.1", reference:"xen-tools-4.1.2-18.el5.50")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-677.NASL description XEN was updated to 4.2.2, fixing lots of bugs and several security issues. Various upstream patches were also merged into this version by our developers. Detailed buglist : - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#817799 - sles9sp4 guest fails to start after upgrading to sles11 sp3 - bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes - Add upstream patch to fix devid assignment in libxl 27184-libxl-devid-fix.patch - bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys 27178-libxl-Restrict-permissions-on-PV-console-device-xe nstore-nodes.patch - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#808269 - Fully Virtualized Windows VM install is failed on Ivy Bridge platforms with Xen kernel - bnc#801663 - performance of mirror lvm unsuitable for production block-dmmd - bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to boot after panic on XEN kernel SP3 Beta 4 and RC1 - Upstream AMD Erratum patch from Jan - bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several access permission issues with IRQs for unprivileged guests - bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - bnc#808085 - aacraid driver panics mapping INT A when booting kernel-xen - bnc#817210 - openSUSE 12.3 Domain 0 doesn last seen 2020-06-05 modified 2014-06-13 plugin id 75130 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75130 title openSUSE Security Update : xen (openSUSE-SU-2013:1404-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-677. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75130); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6075", "CVE-2013-0151", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-2007", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078"); script_bugtraq_id(57420, 57495, 59070, 59291, 59292, 59615, 59617, 59675, 59982, 60277, 60278, 60282, 60799); script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2013:1404-1)"); script_summary(english:"Check for the openSUSE-2013-677 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "XEN was updated to 4.2.2, fixing lots of bugs and several security issues. Various upstream patches were also merged into this version by our developers. Detailed buglist : - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#817799 - sles9sp4 guest fails to start after upgrading to sles11 sp3 - bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes - Add upstream patch to fix devid assignment in libxl 27184-libxl-devid-fix.patch - bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys 27178-libxl-Restrict-permissions-on-PV-console-device-xe nstore-nodes.patch - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#808269 - Fully Virtualized Windows VM install is failed on Ivy Bridge platforms with Xen kernel - bnc#801663 - performance of mirror lvm unsuitable for production block-dmmd - bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to boot after panic on XEN kernel SP3 Beta 4 and RC1 - Upstream AMD Erratum patch from Jan - bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several access permission issues with IRQs for unprivileged guests - bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - bnc#808085 - aacraid driver panics mapping INT A when booting kernel-xen - bnc#817210 - openSUSE 12.3 Domain 0 doesn't boot with i915 graphics controller under Xen with VT-d enabled - bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow in xencontrol Python bindings affecting xend - bnc#818183 - xen: CVE-2013-2007: XSA-51: qga set umask 0077 when daemonizing - add lndir to BuildRequires - remove xen.migrate.tools_notify_restore_to_hangup_during_migrat ion_--abort_if_busy.patch It changed migration protocol and upstream wants a different solution - bnc#802221 - fix xenpaging readd xenpaging.qemu.flush-cache.patch - bnc#808269 - Fully Virtualized Windows VM install is failed on Ivy Bridge platforms with Xen kernel - Additional fix for bnc#816159 CVE-2013-1918-xsa45-followup.patch - bnc#817068 - Xen guest with >1 sr-iov vf won't start - Update to Xen 4.2.2 c/s 26064 The following recent security patches are included in the tarball CVE-2013-0151-xsa34.patch (bnc#797285) CVE-2012-6075-xsa41.patch (bnc#797523) CVE-2013-1917-xsa44.patch (bnc#813673) CVE-2013-1919-xsa46.patch (bnc#813675) - bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long latency operations are not preemptible - bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt remapping source validation flaw for bridges - bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec - bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto - bnc#813673 - CVE-2013-1917: xen: Xen PV DoS vulnerability with SYSENTER - bnc#813675 - CVE-2013-1919: xen: Several access permission issues with IRQs for unprivileged guests - bnc#814059 - xen: qemu-nbd format-guessing due to missing format specification" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797285" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=801663" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=802221" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=808085" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=808269" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=809662" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=813673" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=813675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=814059" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=814709" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=816159" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=816163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=817068" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=817210" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=817799" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=817904" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=818183" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=819416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820917" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820920" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=823011" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=823608" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=824676" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=826882" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-09/msg00007.html" ); script_set_attribute(attribute:"solution", value:"Update the affected xen packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"xen-debugsource-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-devel-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-default-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-default-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-desktop-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-desktop-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-pae-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-pae-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-libs-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-libs-debuginfo-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-tools-domU-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"xen-tools-domU-debuginfo-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-doc-html-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-doc-pdf-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-libs-32bit-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-tools-4.2.2_06-1.16.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-tools-debuginfo-4.2.2_06-1.16.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0074.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - x86: check segment descriptor read result in 64-bit OUTS emulation XSA-67 (Matthew Daley) [orabug 17571640] (CVE-2013-4368) - x86: properly set up fbld emulation operand address XSA-66 (Jan Beulich) [orabug 17472492] (CVE-2013-4361) - x86: properly handle hvm_copy_from_guest_[phys,virt] errors XSA-63 (Jan Beulich) [orabug 17472461] (CVE-2013-4355) - libxc: builder: limit maximum size of kernel/ramdisk (Ian Campbell) [orabug 15852491] (CVE-2012-4544) - libxc: builder: Correct fix for CVE-2012-4544 (Ian Campbell) [orabug 15852491] (CVE-2012-4544) - [PATCH 01/21] libelf: abolish libelf-relocate.c (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 02/21] libxc: introduce xc_dom_seg_to_ptr_pages (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 03/21] libxc: Fix range checking in xc_dom_pfn_to_ptr etc. (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 04/21] libelf: abolish elf_sval and elf_access_signed (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 05/21] libelf/xc_dom_load_elf_symtab: Do not use last seen 2020-06-01 modified 2020-06-02 plugin id 79521 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79521 title OracleVM 2.2 : xen (OVMSA-2013-0074) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2013-0074. # include("compat.inc"); if (description) { script_id(79521); script_version("1.4"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2012-4544", "CVE-2013-1432", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368"); script_bugtraq_id(56289, 59292, 59615, 60701, 60702, 60703, 60799, 62708, 62710, 62935); script_name(english:"OracleVM 2.2 : xen (OVMSA-2013-0074)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - x86: check segment descriptor read result in 64-bit OUTS emulation XSA-67 (Matthew Daley) [orabug 17571640] (CVE-2013-4368) - x86: properly set up fbld emulation operand address XSA-66 (Jan Beulich) [orabug 17472492] (CVE-2013-4361) - x86: properly handle hvm_copy_from_guest_[phys,virt] errors XSA-63 (Jan Beulich) [orabug 17472461] (CVE-2013-4355) - libxc: builder: limit maximum size of kernel/ramdisk (Ian Campbell) [orabug 15852491] (CVE-2012-4544) - libxc: builder: Correct fix for CVE-2012-4544 (Ian Campbell) [orabug 15852491] (CVE-2012-4544) - [PATCH 01/21] libelf: abolish libelf-relocate.c (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 02/21] libxc: introduce xc_dom_seg_to_ptr_pages (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 03/21] libxc: Fix range checking in xc_dom_pfn_to_ptr etc. (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 04/21] libelf: abolish elf_sval and elf_access_signed (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 05/21] libelf/xc_dom_load_elf_symtab: Do not use 'syms' uninitialised (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 06/21] libelf: introduce macros for memory access and pointer handling (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 07/21] tools/xcutils/readnotes: adjust print_l1_mfn_valid_note (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 08/21] libelf: check nul-terminated strings properly (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 09/21] libelf: check all pointer accesses (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 10/21] libelf: Check pointer references in elf_is_elfbinary (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 11/21] libelf: Make all callers call elf_check_broken (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 12/21] libelf: use C99 bool for booleans (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 13/21] libelf: use only unsigned integers (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 14/21] libxc: Introduce xc_bitops.h (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 15/21] libelf: check loops for running away (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 16/21] libelf: abolish obsolete macros (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 17/21] libxc: Add range checking to xc_dom_binloader (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 18/21] libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 19/21] libxc: check return values from malloc (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 20/21] libxc: range checks in xc_dom_p2m_host and _guest (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - [PATCH 21/21] libxc: check blob size before proceeding in xc_dom_check_gzip (Matthew Daley) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - libxc: define INVALID_MFN for the XSA-55 patchset (Chuck Anderson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196) - fix page refcount handling in page table pin error path (Andrew Cooper) [orabug 16949882] (CVE-2013-1432) - remove CVE-2013-1919 (Chuck Anderson) [orabug 16635741] (CVE-2013-1919) - x86: make vcpu_destroy_pagetables preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918) - x86: make new_guest_cr3 preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918) - x86: make MMUEXT_NEW_USER_BASEPTR preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918) - x86: make vcpu_reset preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918) - x86: make arch_set_info_guest preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918) - x86: make page table unpinning preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918) - x86: make page table handling error paths preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2013-October/000185.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?82e75a28" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-pvhvm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/31"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); flag = 0; if (rpm_check(release:"OVS2.2", reference:"xen-3.4.0-0.1.55.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-64-3.4.0-0.1.55.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-debugger-3.4.0-0.1.55.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-devel-3.4.0-0.1.55.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-pvhvm-devel-3.4.0-0.1.55.el5")) flag++; if (rpm_check(release:"OVS2.2", reference:"xen-tools-3.4.0-0.1.55.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2013-11871.NASL description XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default= last seen 2020-03-17 modified 2013-07-12 plugin id 67327 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67327 title Fedora 17 : xen-4.1.5-9.fc17 (2013-11871) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-11871. # include("compat.inc"); if (description) { script_id(67327); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1432", "CVE-2013-1918"); script_bugtraq_id(60799); script_xref(name:"FEDORA", value:"2013-11871"); script_name(english:"Fedora 17 : xen-4.1.5-9.fc17 (2013-11871)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default='${next_entry}' line in F19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=974250" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110866.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0d9fd3af" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"xen-4.1.5-9.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2666.NASL description Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1918 ( XSA 45) several long latency operations are not preemptible. Some page table manipulation operations for PV guests were not made preemptible, allowing a malicious or buggy PV guest kernel to mount a denial of service attack affecting the whole system. - CVE-2013-1952 ( XSA 49) VT-d interrupt remapping source validation flaw for bridges. Due to missing source validation on interrupt remapping table entries for MSI interrupts set up by bridge devices, a malicious domain with access to such a device can mount a denial of service attack affecting the whole system. - CVE-2013-1964 ( XSA 50) grant table hypercall acquire/release imbalance. When releasing a particular, non-transitive grant after doing a grant copy operation, Xen incorrectly releases an unrelated grant reference, leading possibly to a crash of the host system. Furthermore information leakage or privilege escalation cannot be ruled out. last seen 2020-03-17 modified 2013-05-13 plugin id 66383 published 2013-05-13 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66383 title Debian DSA-2666-1 : xen - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2666. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(66383); script_version("1.19"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1918", "CVE-2013-1952", "CVE-2013-1964"); script_bugtraq_id(59293, 59615, 59617); script_xref(name:"DSA", value:"2666"); script_name(english:"Debian DSA-2666-1 : xen - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1918 ( XSA 45) several long latency operations are not preemptible. Some page table manipulation operations for PV guests were not made preemptible, allowing a malicious or buggy PV guest kernel to mount a denial of service attack affecting the whole system. - CVE-2013-1952 ( XSA 49) VT-d interrupt remapping source validation flaw for bridges. Due to missing source validation on interrupt remapping table entries for MSI interrupts set up by bridge devices, a malicious domain with access to such a device can mount a denial of service attack affecting the whole system. - CVE-2013-1964 ( XSA 50) grant table hypercall acquire/release imbalance. When releasing a particular, non-transitive grant after doing a grant copy operation, Xen incorrectly releases an unrelated grant reference, leading possibly to a crash of the host system. Furthermore information leakage or privilege escalation cannot be ruled out." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-1918" ); # http://lists.xen.org/archives/html/xen-announce/2013-05/msg00000.html script_set_attribute( attribute:"see_also", value:"https://lists.xen.org/archives/html/xen-announce/2013-05/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-1952" ); # http://lists.xen.org/archives/html/xen-announce/2013-05/msg00001.html script_set_attribute( attribute:"see_also", value:"https://lists.xen.org/archives/html/xen-announce/2013-05/msg00001.html" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-1964" ); # http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html script_set_attribute( attribute:"see_also", value:"https://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-1964" ); # http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html script_set_attribute( attribute:"see_also", value:"https://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/xen" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/xen" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2666" ); script_set_attribute( attribute:"solution", value: "Upgrade the xen packages. For the oldstable distribution (squeeze), these problems have been fixed in version 4.0.1-5.11. For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u1. Note that for the stable (wheezy), testing and unstable distribution, CVE-2013-1964 ( XSA 50) was already fixed in version 4.1.4-3." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libxen-dev", reference:"4.0.1-5.11")) flag++; if (deb_check(release:"6.0", prefix:"libxenstore3.0", reference:"4.0.1-5.11")) flag++; if (deb_check(release:"6.0", prefix:"xen-docs-4.0", reference:"4.0.1-5.11")) flag++; if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-amd64", reference:"4.0.1-5.11")) flag++; if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-i386", reference:"4.0.1-5.11")) flag++; if (deb_check(release:"6.0", prefix:"xen-utils-4.0", reference:"4.0.1-5.11")) flag++; if (deb_check(release:"6.0", prefix:"xenstore-utils", reference:"4.0.1-5.11")) flag++; if (deb_check(release:"7.0", prefix:"libxen-4.1", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libxen-dev", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libxen-ocaml", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libxen-ocaml-dev", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libxenstore3.0", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"xen-docs-4.1", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-amd64", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-i386", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"xen-system-amd64", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"xen-system-i386", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"xen-utils-4.1", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"xen-utils-common", reference:"4.1.4-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"xenstore-utils", reference:"4.1.4-3+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2013-7432.NASL description PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918], malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-05-15 plugin id 66435 published 2013-05-15 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66435 title Fedora 17 : xen-4.1.5-2.fc17 (2013-7432) NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-1774-1.NASL description XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. - CVE-2013-4416: XSA-72: Fixed ocaml xenstored that mishandled oversized message replies - CVE-2013-4355: XSA-63: Fixed information leaks through I/O instruction emulation - CVE-2013-4361: XSA-66: Fixed information leak through fbld instruction emulation - CVE-2013-4368: XSA-67: Fixed information leak through outs instruction emulation - CVE-2013-4369: XSA-68: Fixed possible null dereference when parsing vif ratelimiting info - CVE-2013-4370: XSA-69: Fixed misplaced free in ocaml xc_vcpu_getaffinity stub - CVE-2013-4371: XSA-70: Fixed use-after-free in libxl_list_cpupool under memory pressure - CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk) resource leak - CVE-2013-1442: XSA-62: Fixed information leak on AVX and/or LWP capable CPUs - CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes. Various bugs have also been fixed : - Boot failure with xen kernel in UEFI mode with error last seen 2020-06-05 modified 2015-05-20 plugin id 83602 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83602 title SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2013:1774-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-669.NASL description XEN was updated to 4.1.5 release. It fixes various bugs and security issues. Issues fixed separately from the 4.1.5 release : - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#XXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device assignment to HVM guest when there is no IOMMU - Various upstream patches from Jan were integrated. - bnc#823786 - migrate.py support of short options dropped by PTF - bnc#803712 - after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing <num> - CVE-2013-1432 / bnc#826882 - xen: XSA-58: x86: fix page refcount handling in page table pin error path - CVE-2013-2211 / bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#801663 - performance of mirror lvm unsuitable for production - CVE-2013-1918/ bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt remapping source validation flaw for bridges - CVE-2013-2076 / bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - CVE-2013-2077 / bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - CVE-2013-2078 / bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - CVE-2013-2072 / bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow in xencontrol Python bindings affecting xend - Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. - CVE-2013-1918 / bnc#816159 - xen: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: XSA-49: VT-d interrupt remapping source validation flaw for bridges - bnc#809662 - can last seen 2020-06-05 modified 2014-06-13 plugin id 75129 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75129 title openSUSE Security Update : xen (openSUSE-SU-2013:1392-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-7406.NASL description update to xen-4.2.2 including two security fixes and fix two possible denial of service attacks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-05-10 plugin id 66369 published 2013-05-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66369 title Fedora 19 : xen-4.2.2-3.fc19 (2013-7406) NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-201310-131029.NASL description XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. - XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. (CVE-2013-4416) - XSA-63: Fixed information leaks through I/O instruction emulation. (CVE-2013-4355) - XSA-66: Fixed information leak through fbld instruction emulation. (CVE-2013-4361) - XSA-67: Fixed information leak through outs instruction emulation. (CVE-2013-4368) - XSA-68: Fixed possible null dereference when parsing vif ratelimiting info. (CVE-2013-4369) - XSA-69: Fixed misplaced free in ocaml xc_vcpu_getaffinity stub. (CVE-2013-4370) - XSA-70: Fixed use-after-free in libxl_list_cpupool under memory pressure. (CVE-2013-4371) - XSA-71: xen: qemu disk backend (qdisk) resource leak. (CVE-2013-4375) - XSA-62: Fixed information leak on AVX and/or LWP capable CPUs. (CVE-2013-1442) - XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes. Various bugs have also been fixed:. (CVE-2013-1432) - Boot failure with xen kernel in UEFI mode with error last seen 2020-06-05 modified 2013-11-20 plugin id 70969 published 2013-11-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70969 title SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479) NASL family Fedora Local Security Checks NASL id FEDORA_2013-7426.NASL description PV guests can use non-preemptible long latency operations to mount a denial of service attack on the whole system [XSA-45, CVE-2013-1918], malicious guests can inject interrupts through bridge devices to mount a denial of service attack on the whole system [XSA-49, CVE-2013-1952] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-05-15 plugin id 66434 published 2013-05-15 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66434 title Fedora 18 : xen-4.2.2-3.fc18 (2013-7426) NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-201305-130531.NASL description XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed : - Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal. (CVE-2013-1918) - Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. (CVE-2013-1952) - A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. (CVE-2013-2076) - A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users. (CVE-2013-2077) - A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users. (CVE-2013-2078) - Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. (CVE-2013-2072) - Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. (CVE-2013-1917) - Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to last seen 2020-06-05 modified 2013-06-26 plugin id 66985 published 2013-06-26 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66985 title SuSE 11.2 Security Update : Xen (SAT Patch Number 7798) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2013-0036.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - VT-d: don last seen 2020-06-01 modified 2020-06-02 plugin id 79505 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79505 title OracleVM 3.2 : xen (OVMSA-2013-0036) NASL family Fedora Local Security Checks NASL id FEDORA_2013-11874.NASL description XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default= last seen 2020-03-17 modified 2013-07-12 plugin id 67328 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67328 title Fedora 18 : xen-4.2.2-10.fc18 (2013-11874)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://secunia.com/advisories/53187
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.debian.org/security/2013/dsa-2666
- http://www.openwall.com/lists/oss-security/2013/05/02/8
- http://www.securityfocus.com/bid/59615