Vulnerabilities > CVE-2013-1919 - Permissions, Privileges, and Access Controls vulnerability in XEN

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:0446-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83616);
  script_version("2.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6885", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894");
  script_bugtraq_id(17600, 22967, 55410, 55442, 56289, 56498, 56794, 56796, 56797, 56798, 56803, 57159, 57223, 57420, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60282, 60701, 60702, 60703, 60721, 60799, 61424, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 65419);

  script_name(english:"SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor
and toolset have been updated to fix various security issues and some
bugs.

The following security issues have been addressed :

XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both
problems with the overflow issue being present for more than just the
suboperations listed above. (bnc#860163)

XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1,
while not affected by the above overflow, have a different
overflow issue on FLASK_{GET,SET}BOOL and expose
unreasonably large memory allocation to arbitrary guests.
(bnc#860163)

XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER
and FLASK_CONTEXT_TO_SID suboperations of the flask
hypercall are vulnerable to an integer overflow on the input
size. The hypercalls attempt to allocate a buffer which is 1
larger than this size and is therefore vulnerable to integer
overflow and an attempt to allocate then access a zero byte
buffer. (bnc#860163)

XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through
0Fh processors does not properly handle the interaction
between locked instructions and write-combined memory types,
which allows local users to cause a denial of service
(system hang) via a crafted application, aka the errata 793
issue. (bnc#853049)

XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly
4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1)
does not properly prevent access to hypercalls, which allows
local guest users to gain privileges via a crafted
application running in ring 1 or 2. (bnc#849668)

XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall
in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always
obtain the page_alloc_lock and mm_rwlock in the same order,
which allows local guest administrators to cause a denial of
service (host deadlock). (bnc#849667)

XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x
does not take the page_alloc_lock and grant_table.lock in
the same order, which allows local guest administrators with
access to multiple vcpus to cause a denial of service (host
deadlock) via unspecified vectors. (bnc#848657)

XSA-67: CVE-2013-4368: The outs instruction emulation in Xen
3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS:
segment override, uses an uninitialized variable as a
segment base, which allows local 64-bit PV guests to obtain
sensitive information (hypervisor stack content) via
unspecified vectors related to stale data in a segment
register. (bnc#842511)

XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen
3.3.x through 4.3.x does not use the correct variable for
the source effective address, which allows local HVM guests
to obtain hypervisor stack information by reading the values
used by the instruction. (bnc#841766)

XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not
properly handle certain errors, which allows local HVM
guests to obtain hypervisor stack memory via a (1) port or
(2) memory mapped I/O write or (3) other unspecified
operations related to addresses without associated memory.
(bnc#840592)

XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX
or LWP capable CPUs, does not properly clear previous data
from registers when using an XSAVE or XRSTOR to extend the
state components of a saved or restored vCPU after touching
other restored extended registers, which allows local guest
OSes to obtain sensitive information by reading the
registers. (bnc#839596)

XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen
4.0.x through 4.2.x, when IOMMU is disabled, provides access
to a busmastering-capable PCI passthrough device before the
IOMMU setup is complete, which allows local HVM guest
domains to gain privileges or cause a denial of service via
a DMA instruction. (bnc#839618)

XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen
3.3 through 4.3, when disabling chaches, allows local HVM
guests with access to memory mapped I/O regions to cause a
denial of service (CPU consumption and possibly hypervisor
or guest kernel panic) via a crafted GFN range. (bnc#831120)

XSA-58: CVE-2013-1918: Certain page table manipulation
operations in Xen 4.1.x, 4.2.x, and earlier are not
preemptible, which allows local PV kernels to cause a denial
of service via vectors related to 'deep page table
traversal.' (bnc#826882)

XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the XSA-45
patch is in place, does not properly maintain references on
pages stored for deferred cleanup, which allows local PV
guest kernels to cause a denial of service (premature page
free and hypervisor crash) or possible gain privileges via
unspecified vectors. (bnc#826882)

XSA-57: CVE-2013-2211: The libxenlight (libxl) toolstack
library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions
for xenstore keys for paravirtualised and emulated serial
console devices, which allows local guest administrators to
modify the xenstore value via unspecified vectors.
(bnc#823608)

XSA-56: CVE-2013-2072: Buffer overflow in the Python
bindings for the xc_vcpu_setaffinity call in Xen 4.0.x,
4.1.x, and 4.2.x allows local administrators with
permissions to configure VCPU affinity to cause a denial of
service (memory corruption and xend toolstack crash) and
possibly gain privileges via a crafted cpumap. (bnc#819416)

XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities
in the Elf parser (libelf) in Xen 4.2.x and earlier allow
local guest administrators with certain permissions to have
an unspecified impact via a crafted kernel, related to
'other problems' that are not CVE-2013-2194 or
CVE-2013-2195. (bnc#823011)

XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen 4.2.x
and earlier allow local guest administrators with certain
permissions to have an unspecified impact via a crafted
kernel, related to 'pointer dereferences' involving
unexpected calculations. (bnc#823011)

XSA-55: CVE-2013-2194: Multiple integer overflows in the Elf
parser (libelf) in Xen 4.2.x and earlier allow local guest
administrators with certain permissions to have an
unspecified impact via a crafted kernel. (bnc#823011)

XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x does not
properly restrict the contents of a XRSTOR, which allows
local PV guest users to cause a denial of service (unhandled
exception and hypervisor crash) via unspecified vectors.
(bnc#820919)

XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x, when
running on AMD64 processors, only save/restore the FOP, FIP,
and FDP x87 registers in FXSAVE/FXRSTOR when an exception is
pending, which allows one domain to determine portions of
the state of floating point instructions of other domains,
which can be leveraged to obtain sensitive information such
as cryptographic keys, a similar vulnerability to
CVE-2006-1056. NOTE: this is the documented behavior of
AMD64 processors, but it is inconsistent with Intel
processors in a security-relevant fashion that was not
addressed by the kernels. (bnc#820917)

XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly
releases a grant reference when releasing a non-v1,
non-transitive grant, which allows local guest
administrators to cause a denial of service (host crash),
obtain sensitive information, or possible have other impacts
via unspecified vectors. (bnc#816156)

XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d for a
bus mastering capable PCI device, does not properly check
the source when accessing a bridge device's interrupt
remapping table entries for MSI interrupts, which allows
local guest domains to cause a denial of service (interrupt
injection) via unspecified vectors. (bnc#816163)

XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when
the hypervisor is running 'under memory pressure' and the
Xen Security Module (XSM) is enabled, uses the wrong
ordering of operations when extending the per-domain event
channel tracking table, which causes a use-after-free and
allows local guest kernels to inject arbitrary events and
gain privileges via unspecified vectors. (bnc#813677)

XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not properly
restrict access to IRQs, which allows local stub domain
clients to gain access to IRQs and cause a denial of service
via vectors related to 'passed-through IRQs or PCI devices.'
(bnc#813675)

XSA-45: CVE-2013-1918: Certain page table manipulation
operations in Xen 4.1.x, 4.2.x, and earlier are not
preemptible, which allows local PV kernels to cause a denial
of service via vectors related to 'deep page table
traversal.' (bnc#816159)

XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when running
64-bit hosts on Intel CPUs, does not clear the NT flag when
using an IRET after a SYSENTER instruction, which allows PV
guest users to cause a denial of service (hypervisor crash)
by triggering a #GP fault, which is not properly handled by
another IRET instruction. (bnc#813673)

XSA-41: CVE-2012-6075: Buffer overflow in the e1000_receive
function in the e1000 device driver (hw/e1000.c) in QEMU
1.3.0-rc2 and other versions, when the SBP and LPE flags are
disabled, allows remote attackers to cause a denial of
service (guest OS crash) and possibly execute arbitrary
guest code via a large packet. (bnc#797523)

XSA-37: CVE-2013-0154: The get_page_type function in
xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled,
allows local PV or HVM guest administrators to cause a
denial of service (assertion failure and hypervisor crash)
via unspecified vectors related to a hypercall. (bnc#797031)

XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen 4.2.x,
4.1.x, 3.3, and other versions, when using AMD-Vi for PCI
passthrough, uses the same interrupt remapping table for the
host and all guests, which allows guests to cause a denial
of service by injecting an interrupt into other guests.
(bnc#800275)

XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0, when using
Intel VT-d for PCI passthrough, does not properly configure
VT-d when supporting a device that is behind a legacy PCI
Bridge, which allows local guests to cause a denial of
service to other guests by injecting an interrupt.
(bnc#794316)

XSA-31: CVE-2012-5515: The (1) XENMEM_decrease_reservation,
(2) XENMEM_populate_physmap, and (3) XENMEM_exchange
hypercalls in Xen 4.2 and earlier allow local guest
administrators to cause a denial of service (long loop and
hang) via a crafted extent_order value. (bnc#789950)

XSA-30: CVE-2012-5514: The
guest_physmap_mark_populate_on_demand function in Xen 4.2
and earlier does not properly unlock the subject GFNs when
checking if they are in use, which allows local guest HVM
administrators to cause a denial of service (hang) via
unspecified vectors. (bnc#789948)

XSA-29: CVE-2012-5513: The XENMEM_exchange handler in Xen
4.2 and earlier does not properly check the memory address,
which allows local PV guest OS administrators to cause a
denial of service (crash) or possibly gain privileges via
unspecified vectors that overwrite memory in the hypervisor
reserved range. (bnc#789951)

XSA-27: CVE-2012-6333: Multiple HVM control operations in
Xen 3.4 through 4.2 allow local HVM guest OS administrators
to cause a denial of service (physical CPU consumption) via
a large input. (bnc#789944)

XSA-27: CVE-2012-5511: Stack-based buffer overflow in the
dirty video RAM tracking functionality in Xen 3.4 through
4.1 allows local HVM guest OS administrators to cause a
denial of service (crash) via a large bitmap image.
(bnc#789944)

XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the grant
table version, does not properly remove the status page from
the tracking list when freeing the page, which allows local
guest OS administrators to cause a denial of service
(hypervisor crash) via unspecified vectors. (bnc#789945)

XSA-25: CVE-2012-4544: The PV domain builder in Xen 4.2 and
earlier does not validate the size of the kernel or ramdisk
(1) before or (2) after decompression, which allows local
guest administrators to cause a denial of service (domain 0
memory consumption) via a crafted (a) kernel or (b) ramdisk.
(bnc#787163)

XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when running
32-bit x86 PV guests on 64-bit hypervisors, allows local
guest OS administrators to cause a denial of service
(infinite loop and hang or crash) via invalid arguments to
GNTTABOP_get_status_frames, aka 'Grant table hypercall
infinite loop DoS vulnerability.' (bnc#786520)

XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying hypercall
in Xen 4.0, 4.1, and 4.2 does not properly check the
pagetable state when running on shadow pagetables, which
allows a local HVM guest OS to cause a denial of service
(hypervisor crash) via unspecified vectors. (bnc#786519)

XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and possibly
earlier versions, does not properly synchronize the p2m and
m2p tables when the set_p2m_entry function fails, which
allows local HVM guest OS administrators to cause a denial
of service (memory consumption and assertion failure), aka
'Memory mapping failure DoS vulnerability.' (bnc#786517)

XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly
earlier versions, allows local guest OS administrators to
cause a denial of service (Xen infinite loop and physical
CPU consumption) by setting a VCPU with an 'inappropriate
deadline.' (bnc#786516)

XSA-19: CVE-2012-4411: The graphical console in Xen 4.0, 4.1
and 4.2 allows local OS guest administrators to obtain
sensitive host resource information via the qemu monitor.
NOTE: this might be a duplicate of CVE-2007-0998.
(bnc#779212)

XSA-15: CVE-2012-3497: (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2)
TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS
and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in
Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a
denial of service (NULL pointer dereference or memory
corruption and host crash) or possibly have other
unspecified impacts via a NULL client id. (bnc#777890)

Also the following non-security bugs have been fixed :

  - xen hot plug attach/detach fails modified
    blktap-pv-cdrom.patch. (bnc#805094)

  - guest 'disappears' after live migration Updated
    block-dmmd script. (bnc#777628)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b3fed2ec"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2006-1056.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-0998.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3497.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4411.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4535.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4538.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4539.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4544.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5510.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5513.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5514.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5515.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5634.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6075.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6333.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0153.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0154.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1432.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1442.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1917.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1918.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1919.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1920.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1952.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1964.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2072.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2076.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2077.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2194.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2195.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2196.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2211.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2212.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4329.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4355.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4361.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4368.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4494.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4553.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4554.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6885.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1891.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1892.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1893.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1894.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/777628"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/777890"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/779212"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786516"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786517"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786519"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786520"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/787163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789944"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789948"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789951"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/794316"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/797031"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/797523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/800275"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813677"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816156"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/819416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820917"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820919"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823011"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823608"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/831120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/839596"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/839618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/840592"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/841766"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/842511"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848657"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849667"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853049"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/860163"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20140446-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e4176238"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP1 LTSS :

zypper in -t patch slessp1-xen-201402-8963

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
}

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2015-0068.
#

include("compat.inc");

if (description)
{
  script_id(84140);
  script_version("2.18");
  script_cvs_date("Date: 2019/11/12");

  script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-0029", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-0153", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1950", "CVE-2014-3566", "CVE-2014-5146", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2752", "CVE-2015-2756", "CVE-2015-3209", "CVE-2015-3456", "CVE-2015-4164");
  script_bugtraq_id(17600, 22967, 51642, 53650, 53961, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 56289, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 57223, 57742, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 64195, 65419, 65529, 69198, 70057, 70062, 70198, 70574, 72577, 72954, 72955, 73015, 73448, 74640, 75123, 75149);

  script_name(english:"OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates : please see Oracle VM Security Advisory
OVMSA-2015-0068 for details."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000317.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xen / xen-devel / xen-tools packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.127.52")) flag++;
if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.127.52")) flag++;
if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.127.52")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201309-24.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(70184);
  script_version("1.15");
  script_cvs_date("Date: 2019/08/12 17:35:38");

  script_cve_id("CVE-2011-2901", "CVE-2011-3262", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5525", "CVE-2012-5634", "CVE-2012-6030", "CVE-2012-6031", "CVE-2012-6032", "CVE-2012-6033", "CVE-2012-6034", "CVE-2012-6035", "CVE-2012-6036", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0151", "CVE-2013-0152", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211");
  script_bugtraq_id(49370, 53856, 53955, 53961, 54691, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 55442, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 56805, 57159, 57223, 57420, 57494, 57495, 57742, 57745, 58880, 59070, 59291, 59292, 59293, 59615, 59617, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799);
  script_xref(name:"GLSA", value:"201309-24");

  script_name(english:"GLSA-201309-24 : Xen: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201309-24
(Xen: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Xen. Please review the
      CVE identifiers referenced below for details.
  
Impact :

    Guest domains could possibly gain privileges, execute arbitrary code, or
      cause a Denial of Service on the host domain (Dom0). Additionally, guest
      domains could gain information about other virtual machines running on
      the same host or read arbitrary files on the host.
  
Workaround :

    The CVEs listed below do not currently have fixes, but only apply to Xen
      setups which have “tmem” specified on the hypervisor command line.
      TMEM is not currently supported for use in production systems, and
      administrators using tmem should disable it.
      Relevant CVEs:
      * CVE-2012-2497
      * CVE-2012-6030
      * CVE-2012-6031
      * CVE-2012-6032
      * CVE-2012-6033
      * CVE-2012-6034
      * CVE-2012-6035
      * CVE-2012-6036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201309-24"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Xen users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.2-r1'
    All Xen-tools users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=app-emulation/xen-tools-4.2.2-r3'
    All Xen-pvgrub users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=app-emulation/xen-pvgrub-4.2.2-r1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'FreeBSD Intel SYSRET Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-pvgrub");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-emulation/xen-pvgrub", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
if (qpkg_check(package:"app-emulation/xen-tools", unaffected:make_list("ge 4.2.2-r3"), vulnerable:make_list("lt 4.2.2-r3"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-677.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75130);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2012-6075", "CVE-2013-0151", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-2007", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078");
  script_bugtraq_id(57420, 57495, 59070, 59291, 59292, 59615, 59617, 59675, 59982, 60277, 60278, 60282, 60799);

  script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2013:1404-1)");
  script_summary(english:"Check for the openSUSE-2013-677 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"XEN was updated to 4.2.2, fixing lots of bugs and several security
issues.

Various upstream patches were also merged into this version by our
developers.

Detailed buglist :

  - bnc#824676 - Failed to setup devices for vm instance
    when start multiple vms simultaneously

  - bnc#817799 - sles9sp4 guest fails to start after
    upgrading to sles11 sp3

  - bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference
    counting error due to XSA-45/CVE-2013-1918 fixes

  - Add upstream patch to fix devid assignment in libxl
    27184-libxl-devid-fix.patch

  - bnc#823608 - xen: XSA-57: libxl allows guest write
    access to sensitive console related xenstore keys
    27178-libxl-Restrict-permissions-on-PV-console-device-xe
    nstore-nodes.patch

  - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in
    libelf PV kernel handling

  - bnc#808269 - Fully Virtualized Windows VM install is
    failed on Ivy Bridge platforms with Xen kernel

  - bnc#801663 - performance of mirror lvm unsuitable for
    production block-dmmd

  - bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to
    boot after panic on XEN kernel SP3 Beta 4 and RC1

  - Upstream AMD Erratum patch from Jan

  - bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several
    access permission issues with IRQs for unprivileged
    guests

  - bnc#820917 - CVE-2013-2076: xen: Information leak on
    XSAVE/XRSTOR capable AMD CPUs (XSA-52)

  - bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to
    missing exception recovery on XRSTOR (XSA-53)

  - bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to
    missing exception recovery on XSETBV (XSA-54)

  - bnc#808085 - aacraid driver panics mapping INT A when
    booting kernel-xen

  - bnc#817210 - openSUSE 12.3 Domain 0 doesn't boot with
    i915 graphics controller under Xen with VT-d enabled

  - bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow
    in xencontrol Python bindings affecting xend

  - bnc#818183 - xen: CVE-2013-2007: XSA-51: qga set umask
    0077 when daemonizing

  - add lndir to BuildRequires

  - remove
    xen.migrate.tools_notify_restore_to_hangup_during_migrat
    ion_--abort_if_busy.patch It changed migration protocol
    and upstream wants a different solution

  - bnc#802221 - fix xenpaging readd
    xenpaging.qemu.flush-cache.patch

  - bnc#808269 - Fully Virtualized Windows VM install is
    failed on Ivy Bridge platforms with Xen kernel

  - Additional fix for bnc#816159
    CVE-2013-1918-xsa45-followup.patch

  - bnc#817068 - Xen guest with >1 sr-iov vf won't start

  - Update to Xen 4.2.2 c/s 26064 The following recent
    security patches are included in the tarball
    CVE-2013-0151-xsa34.patch (bnc#797285)
    CVE-2012-6075-xsa41.patch (bnc#797523)
    CVE-2013-1917-xsa44.patch (bnc#813673)
    CVE-2013-1919-xsa46.patch (bnc#813675)

  - bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long
    latency operations are not preemptible

  - bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt
    remapping source validation flaw for bridges

  - bnc#809662 - can't use pv-grub to start domU (pygrub
    does work) xen.spec

  - bnc#814709 - Unable to create XEN virtual machines in
    SLED 11 SP2 on Kyoto

  - bnc#813673 - CVE-2013-1917: xen: Xen PV DoS
    vulnerability with SYSENTER

  - bnc#813675 - CVE-2013-1919: xen: Several access
    permission issues with IRQs for unprivileged guests

  - bnc#814059 - xen: qemu-nbd format-guessing due to
    missing format specification"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=797285"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=797523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=801663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=802221"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=808085"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=808269"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=809662"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814059"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=817068"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=817210"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=817799"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=817904"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=818183"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820917"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820919"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820920"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823011"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823608"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824676"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-09/msg00007.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"xen-debugsource-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-devel-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-default-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-default-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-desktop-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-desktop-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-pae-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-pae-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-libs-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-libs-debuginfo-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-tools-domU-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"xen-tools-domU-debuginfo-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-doc-html-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-doc-pdf-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-libs-32bit-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-tools-4.2.2_06-1.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-tools-debuginfo-4.2.2_06-1.16.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2013-0074.
#

include("compat.inc");

if (description)
{
  script_id(79521);
  script_version("1.4");
  script_cvs_date("Date: 2019/09/27 13:00:34");

  script_cve_id("CVE-2012-4544", "CVE-2013-1432", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368");
  script_bugtraq_id(56289, 59292, 59615, 60701, 60702, 60703, 60799, 62708, 62710, 62935);

  script_name(english:"OracleVM 2.2 : xen (OVMSA-2013-0074)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - x86: check segment descriptor read result in 64-bit OUTS
    emulation XSA-67 (Matthew Daley) [orabug 17571640]
    (CVE-2013-4368)

  - x86: properly set up fbld emulation operand address
    XSA-66 (Jan Beulich) [orabug 17472492] (CVE-2013-4361)

  - x86: properly handle hvm_copy_from_guest_[phys,virt]
    errors XSA-63 (Jan Beulich) [orabug 17472461]
    (CVE-2013-4355)

  - libxc: builder: limit maximum size of kernel/ramdisk
    (Ian Campbell) [orabug 15852491] (CVE-2012-4544)

  - libxc: builder: Correct fix for CVE-2012-4544 (Ian
    Campbell) [orabug 15852491] (CVE-2012-4544)

  - [PATCH 01/21] libelf: abolish libelf-relocate.c (Ian
    Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
    CVE-2013-2196)

  - [PATCH 02/21] libxc: introduce xc_dom_seg_to_ptr_pages
    (Ian Jackson) [orabug 16902308] (CVE-2013-2194
    CVE-2013-2195 CVE-2013-2196)

  - [PATCH 03/21] libxc: Fix range checking in
    xc_dom_pfn_to_ptr etc. (Ian Jackson) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - [PATCH 04/21] libelf: abolish elf_sval and
    elf_access_signed (Ian Jackson) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - [PATCH 05/21] libelf/xc_dom_load_elf_symtab: Do not use
    'syms' uninitialised (Ian Jackson) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - [PATCH 06/21] libelf: introduce macros for memory access
    and pointer handling (Ian Jackson) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - [PATCH 07/21] tools/xcutils/readnotes: adjust
    print_l1_mfn_valid_note (Ian Jackson) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - [PATCH 08/21] libelf: check nul-terminated strings
    properly (Ian Jackson) [orabug 16902308] (CVE-2013-2194
    CVE-2013-2195 CVE-2013-2196)

  - [PATCH 09/21] libelf: check all pointer accesses (Ian
    Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
    CVE-2013-2196)

  - [PATCH 10/21] libelf: Check pointer references in
    elf_is_elfbinary (Ian Jackson) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - [PATCH 11/21] libelf: Make all callers call
    elf_check_broken (Ian Jackson) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - [PATCH 12/21] libelf: use C99 bool for booleans (Ian
    Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
    CVE-2013-2196)

  - [PATCH 13/21] libelf: use only unsigned integers (Ian
    Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
    CVE-2013-2196)

  - [PATCH 14/21] libxc: Introduce xc_bitops.h (Ian Jackson)
    [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
    CVE-2013-2196)

  - [PATCH 15/21] libelf: check loops for running away (Ian
    Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
    CVE-2013-2196)

  - [PATCH 16/21] libelf: abolish obsolete macros (Ian
    Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
    CVE-2013-2196)

  - [PATCH 17/21] libxc: Add range checking to
    xc_dom_binloader (Ian Jackson) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - [PATCH 18/21] libxc: check failure of xc_dom_*_to_ptr,
    xc_map_foreign_range (Ian Jackson) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - [PATCH 19/21] libxc: check return values from malloc
    (Ian Jackson) [orabug 16902308] (CVE-2013-2194
    CVE-2013-2195 CVE-2013-2196)

  - [PATCH 20/21] libxc: range checks in xc_dom_p2m_host and
    _guest (Ian Jackson) [orabug 16902308] (CVE-2013-2194
    CVE-2013-2195 CVE-2013-2196)

  - [PATCH 21/21] libxc: check blob size before proceeding
    in xc_dom_check_gzip (Matthew Daley) [orabug 16902308]
    (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

  - libxc: define INVALID_MFN for the XSA-55 patchset (Chuck
    Anderson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195
    CVE-2013-2196)

  - fix page refcount handling in page table pin error path
    (Andrew Cooper) [orabug 16949882] (CVE-2013-1432)

  - remove CVE-2013-1919 (Chuck Anderson) [orabug 16635741]
    (CVE-2013-1919)

  - x86: make vcpu_destroy_pagetables preemptible (Jan
    Beulich) [orabug 16714903] (CVE-2013-1918)

  - x86: make new_guest_cr3 preemptible (Jan Beulich)
    [orabug 16714903] (CVE-2013-1918)

  - x86: make MMUEXT_NEW_USER_BASEPTR preemptible (Jan
    Beulich) [orabug 16714903] (CVE-2013-1918)

  - x86: make vcpu_reset preemptible (Jan Beulich) [orabug
    16714903] (CVE-2013-1918)

  - x86: make arch_set_info_guest preemptible (Jan Beulich)
    [orabug 16714903] (CVE-2013-1918)

  - x86: make page table unpinning preemptible (Jan Beulich)
    [orabug 16714903] (CVE-2013-1918)

  - x86: make page table handling error paths preemptible
    (Jan Beulich) [orabug 16714903] (CVE-2013-1918)"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2013-October/000185.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?82e75a28"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-debugger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-pvhvm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);

flag = 0;
if (rpm_check(release:"OVS2.2", reference:"xen-3.4.0-0.1.55.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-64-3.4.0-0.1.55.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-debugger-3.4.0-0.1.55.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-devel-3.4.0-0.1.55.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-pvhvm-devel-3.4.0-0.1.55.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-tools-3.4.0-0.1.55.el5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-6723.
#

include("compat.inc");

if (description)
{
  script_id(66321);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2013-1917", "CVE-2013-1919", "CVE-2013-1964");
  script_bugtraq_id(59291, 59292, 59293);
  script_xref(name:"FEDORA", value:"2013-6723");

  script_name(english:"Fedora 17 : xen-4.1.5-1.fc17 (2013-6723)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Thu Apr 25 2013 Michael Young <m.a.young at
    durham.ac.uk> - 4.1.5-1

    - update to xen-4.1.5 includes fixes for passed through
      IRQs or PCI devices might allow denial of service
      attack [XSA-46, CVE-2013-1919] (#953568) SYSENTER in
      32-bit PV guests on 64-bit xen can crash hypervisor
      [XSA-44, CVE-2013-1917] (#953569) grant releases can
      release more than intended potentially crashing xen
      [XSA-50, CVE-2013-1964] (#953632)

  - remove patches that are included in 4.1.5

    - allow xendomains to work with xl saved images

    - Thu Apr 4 2013 Michael Young <m.a.young at
      durham.ac.uk> - 4.1.4-7

    - make xendomains systemd script executable (#919705)

    - Potential use of freed memory in event channel
      operations [XSA-47, CVE-2013-1920]

  - Fri Feb 22 2013 Michael Young <m.a.young at
    durham.ac.uk> - 4.1.4-6

    - patch for [XSA-36, CVE-2013-0153] can cause boot time
      crash

    - backport the fixes discovered when building with gcc
      4.8

    - Fri Feb 15 2013 Michael Young <m.a.young at
      durham.ac.uk> - 4.1.4-5

    - patch for [XSA-38, CVE-2013-0215] was flawed

    - Wed Feb 6 2013 Michael Young <m.a.young at
      durham.ac.uk> - 4.1.4-4

    - guest using oxenstored can crash host or exhaust
      memory [XSA-38, CVE-2013-0215] (#907888)

  - guest using AMD-Vi for PCI passthrough can cause denial
    of service [XSA-36, CVE-2013-0153] (#910914)

  - Thu Jan 17 2013 Michael Young <m.a.young at
    durham.ac.uk> - 4.1.4-3

    - Buffer overflow when processing large packets in qemu
      e1000 device driver [XSA-41, CVE-2012-6075] (#910845)

  - fix a bug introduced by fix for XSA-27

    - Fri Jan 11 2013 Michael Young <m.a.young at
      durham.ac.uk> - 4.1.4-2

    - VT-d interrupt remapping source validation flaw
      [XSA-33, CVE-2012-5634] (#893568)

  - Tue Dec 18 2012 Michael Young <m.a.young at
    durham.ac.uk> - 4.1.4-1

    - update to xen-4.1.4

    - remove patches that are included in 4.1.4

    - Tue Dec 4 2012 Michael Young <m.a.young at
      durham.ac.uk> - 4.1.3-7

    - 6 security fixes A guest can cause xen to crash
      [XSA-26, CVE-2012-5510] (#883082) An HVM guest can
      cause xen to run slowly or crash [XSA-27,
      CVE-2012-5511] (#883084) An HVM guest can cause xen to
      crash or leak information [XSA-28, CVE-2012-5512]
      (#883085) A PV guest can cause xen to crash and might
      be able escalate privileges [XSA-29, CVE-2012-5513]
      (#883088) An HVM guest can cause xen to hang [XSA-30,
      CVE-2012-5514] (#883091) A guest can cause xen to hang
      [XSA-31, CVE-2012-5515] (#883092)

  - Tue Nov 13 2012 Michael Young <m.a.young at
    durham.ac.uk> - 4.1.3-6

    - 5 security fixes A guest can block a cpu by setting a
      bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198)

[plus 60 lines in the Changelog]

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=950668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=950686"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=953632"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?21e17665"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"xen-4.1.5-1.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-669.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75129);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2211");
  script_bugtraq_id(58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60721, 60799);

  script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2013:1392-1)");
  script_summary(english:"Check for the openSUSE-2013-669 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"XEN was updated to 4.1.5 release. It fixes various bugs and security
issues.

Issues fixed separately from the 4.1.5 release :

  - bnc#824676 - Failed to setup devices for vm instance
    when start multiple vms simultaneously 

  - bnc#XXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device
    assignment to HVM guest when there is no IOMMU

  - Various upstream patches from Jan were integrated.

  - bnc#823786 - migrate.py support of short options dropped
    by PTF

  - bnc#803712 - after live migration rcu_sched_state
    detected stalls add new option xm migrate --min_remaing
    <num>

  - CVE-2013-1432 / bnc#826882 - xen: XSA-58: x86: fix page
    refcount handling in page table pin error path

  - CVE-2013-2211 / bnc#823608 - xen: XSA-57: libxl allows
    guest write access to sensitive console related xenstore
    keys

  - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in
    libelf PV kernel handling

  - bnc#801663 - performance of mirror lvm unsuitable for
    production

  - CVE-2013-1918/ bnc#816159 - xen: CVE-2013-1918: XSA-45:
    Several long latency operations are not preemptible

  - CVE-2013-1952 / bnc#816163 - xen: CVE-2013-1952: XSA-49:
    VT-d interrupt remapping source validation flaw for
    bridges

  - CVE-2013-2076 / bnc#820917 - CVE-2013-2076: xen:
    Information leak on XSAVE/XRSTOR capable AMD CPUs
    (XSA-52)

  - CVE-2013-2077 / bnc#820919 - CVE-2013-2077: xen:
    Hypervisor crash due to missing exception recovery on
    XRSTOR (XSA-53)

  - CVE-2013-2078 / bnc#820920 - CVE-2013-2078: xen:
    Hypervisor crash due to missing exception recovery on
    XSETBV (XSA-54)

  - CVE-2013-2072 / bnc#819416 - xen: CVE-2013-2072: XSA-56:
    Buffer overflow in xencontrol Python bindings affecting
    xend 

  - Update to Xen 4.1.5 c/s 23509 There were many xen.spec
    file patches dropped as now being included in the 4.1.5
    tarball.

  - CVE-2013-1918 / bnc#816159 - xen: XSA-45: Several long
    latency operations are not preemptible

  - CVE-2013-1952 / bnc#816163 - xen: XSA-49: VT-d interrupt
    remapping source validation flaw for bridges

  - bnc#809662 - can't use pv-grub to start domU (pygrub
    does work)

  - CVE-2013-1917 / bnc#813673 - xen: Xen PV DoS
    vulnerability with SYSENTER

  - CVE-2013-1919 / bnc#813675 - xen: Several access
    permission issues with IRQs for unprivileged guests

  - CVE-2013-1920 / bnc#813677 - xen: Potential use of freed
    memory in event channel operations

  - bnc#814709 - Unable to create XEN virtual machines in
    SLED 11 SP2 on Kyoto"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=801663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=803712"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=809662"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813677"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816156"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820917"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820919"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820920"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823011"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823608"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=823786"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=824676"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=826882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00056.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"xen-debugsource-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-devel-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-default-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-default-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-desktop-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-desktop-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-pae-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-pae-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-libs-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-libs-debuginfo-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-tools-domU-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"xen-tools-domU-debuginfo-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-doc-html-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-doc-pdf-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-libs-32bit-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-tools-4.1.5_04-5.29.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-tools-debuginfo-4.1.5_04-5.29.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-7406.
#

include("compat.inc");

if (description)
{
  script_id(66369);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1952");
  script_bugtraq_id(59291, 59292, 59615, 59617);
  script_xref(name:"FEDORA", value:"2013-7406");

  script_name(english:"Fedora 19 : xen-4.2.2-3.fc19 (2013-7406)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"update to xen-4.2.2 including two security fixes and fix two possible
denial of service attacks

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=950668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=950686"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=956163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=956309"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/104974.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b36bfdd1"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC19", reference:"xen-4.2.2-3.fc19")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2013-0033.
#

include("compat.inc");

if (description)
{
  script_id(79504);
  script_version("1.3");
  script_cvs_date("Date: 2019/09/27 13:00:34");

  script_cve_id("CVE-2013-1917", "CVE-2013-1919", "CVE-2013-1920");
  script_bugtraq_id(58880, 59291, 59292);

  script_name(english:"OracleVM 2.2 : xen (OVMSA-2013-0033)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - fix error in first version of the XSA-44 patch (Chuck
    Anderson) [orabug 16632878, 16694867] (CVE-2013-1917)

  - clear EFLAGS.NT in SYSENTER entry path (Andrew Cooper)
    [orabug 16632878] (CVE-2013-1917)

  - fix various issues with handling guest IRQs (Jan
    Beulich) [orabug 16635741] (CVE-2013-1919)

  - defer event channel bucket pointer store until after XSM
    checks [orabug 16635980] (CVE-2013-1920)

  - tools: xend: tolerate empty state/*.xml (Konrad Wilk,
    Joe Jin) [orabug 14683665]"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2013-April/000143.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0ec4d36e"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-debugger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-pvhvm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);

flag = 0;
if (rpm_check(release:"OVS2.2", reference:"xen-3.4.0-0.1.47.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-64-3.4.0-0.1.47.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-debugger-3.4.0-0.1.47.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-devel-3.4.0-0.1.47.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-pvhvm-devel-3.4.0-0.1.47.el5")) flag++;
if (rpm_check(release:"OVS2.2", reference:"xen-tools-3.4.0-0.1.47.el5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(66985);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078");

  script_name(english:"SuSE 11.2 Security Update : Xen (SAT Patch Number 7798)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and
security issues.

The following security issues have been fixed :

  - Certain page table manipulation operations in Xen 4.1.x,
    4.2.x, and earlier were not preemptible, which allowed
    local PV kernels to cause a denial of service via
    vectors related to deep page table traversal.
    (CVE-2013-1918)

  - Xen 4.x, when using Intel VT-d for a bus mastering
    capable PCI device, did not properly check the source
    when accessing a bridge devices interrupt remapping
    table entries for MSI interrupts, which allowed local
    guest domains to cause a denial of service (interrupt
    injection) via unspecified vectors. (CVE-2013-1952)

  - A information leak in the XSAVE/XRSTOR instructions
    could be used to determine state of floating point
    operations in other domains. (CVE-2013-2076)

  - A denial of service (hypervisor crash) was possible due
    to missing exception recovery on XRSTOR, that could be
    used to crash the machine by PV guest users.
    (CVE-2013-2077)

  - A denial of service (hypervisor crash) was possible due
    to missing exception recovery on XSETBV, that could be
    used to crash the machine by PV guest users.
    (CVE-2013-2078)

  - Systems which allow untrusted administrators to
    configure guest vcpu affinity may be exploited to
    trigger a buffer overrun and corrupt memory.
    (CVE-2013-2072)

  - Xen 3.1 through 4.x, when running 64-bit hosts on Intel
    CPUs, did not clear the NT flag when using an IRET after
    a SYSENTER instruction, which allowed PV guest users to
    cause a denial of service (hypervisor crash) by
    triggering a #GP fault, which is not properly handled by
    another IRET instruction. (CVE-2013-1917)

  - Xen 4.2.x and 4.1.x did not properly restrict access to
    IRQs, which allowed local stub domain clients to gain
    access to IRQs and cause a denial of service via vectors
    related to 'passed-through IRQs or PCI devices.'.
    (CVE-2013-1919)

  - Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is
    running 'under memory pressure' and the Xen Security
    Module (XSM) is enabled, used the wrong ordering of
    operations when extending the per-domain event channel
    tracking table, which caused a use-after-free and
    allowed local guest kernels to inject arbitrary events
    and gain privileges via unspecified vectors.
    (CVE-2013-1920)

  - Xen 4.0.x and 4.1.x incorrectly released a grant
    reference when releasing a non-v1, non-transitive grant,
    which allowed local guest administrators to cause a
    denial of service (host crash), obtain sensitive
    information, or possible have other impacts via
    unspecified vectors. (CVE-2013-1964)

Bugfixes :

  - Upstream patches from Jan
    26956-x86-mm-preemptible-cleanup.patch
    27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch
    27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check
    .patch 27079-fix-XSA-46-regression-with-xend-xm.patch
    27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-po
    inters.patch

  - Update to Xen 4.1.5 c/s 23509 There were many xen.spec
    file patches dropped as now being included in the 4.1.5
    tarball.

  - can't use pv-grub to start domU (pygrub does work)
    xen.spec. (bnc#809662)

  - Upstream patches from Jan
    26702-powernow-add-fixups-for-AMD-P-state-figures.patch
    26704-x86-MCA-suppress-bank-clearing-for-certain-injecte
    d-events.patch
    26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iom
    mu-mappings.patch
    26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.pa
    tch
    26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-mes
    sages.patch
    26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.pa
    tch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch
    26742-IOMMU-properly-check-whether-interrupt-remapping-i
    s-enabled.patch
    26743-VT-d-deal-with-5500-5520-X58-errata.patch
    26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping
    .patch
    26749-x86-reserve-pages-when-SandyBridge-integrated-grap
    hics.patch
    26765-hvm-Clean-up-vlapic_reg_write-error-propagation.pa
    tch
    26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-
    vectors.patch
    26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patc
    h
    26772-VMX-Always-disable-SMEP-when-guest-is-in-non-pagin
    g-mode.patch
    26773-x86-mm-shadow-spurious-warning-when-unmapping-xenh
    eap-pages.patch
    26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patc
    h
    26851-iommu-crash-Interrupt-remapping-is-also-disabled-o
    n-crash.patch

  - Unable to create XEN virtual machines in SLED 11 SP2 on
    Kyoto xend-cpuinfo-model-name.patch. (bnc#814709)

  - Upstream patches from Jan 26536-xenoprof-div-by-0.patch
    26578-AMD-IOMMU-replace-BUG_ON.patch
    26656-x86-fix-null-pointer-dereference-in-intel_get_exte
    nded_msrs.patch
    26659-AMD-IOMMU-erratum-746-workaround.patch
    26660-x86-fix-CMCI-injection.patch
    26672-vmx-fix-handling-of-NMI-VMEXIT.patch
    26673-Avoid-stale-pointer-when-moving-domain-to-another-
    cpupool.patch
    26676-fix-compat-memory-exchange-op-splitting.patch
    26677-x86-make-certain-memory-sub-ops-return-valid-value
    s.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch
    26679-x86-defer-processing-events-on-the-NMI-exit-path.p
    atch
    26683-credit1-Use-atomic-bit-operations-for-the-flags-st
    ructure.patch
    26692-x86-MSI-fully-protect-MSI-X-table.patch"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=801663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=809662"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=813677"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=814709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816156"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=816163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=819416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820917"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820919"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=820920"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1917.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1918.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1919.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1920.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1952.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1964.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2072.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2076.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2077.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2078.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7798.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");


flag = 0;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-libs-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-tools-domU-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-doc-html-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-doc-pdf-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-libs-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-libs-32bit-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-tools-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-tools-domU-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-libs-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-tools-domU-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-doc-html-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-doc-pdf-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-libs-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-libs-32bit-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-tools-4.1.5_02-0.5.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-tools-domU-4.1.5_02-0.5.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-6641.
#

include("compat.inc");

if (description)
{
  script_id(66320);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2013-1917", "CVE-2013-1919");
  script_bugtraq_id(59291, 59292);
  script_xref(name:"FEDORA", value:"2013-6641");

  script_name(english:"Fedora 18 : xen-4.2.2-1.fc18 (2013-6641)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"update to xen-4.2.2 which includes security fixes, make xendomains
work better with xl

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=950668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=950686"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-May/104538.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8cc30ba1"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC18", reference:"xen-4.2.2-1.fc18")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2013-0032.
#

include("compat.inc");

if (description)
{
  script_id(79503);
  script_version("1.3");
  script_cvs_date("Date: 2019/09/27 13:00:34");

  script_cve_id("CVE-2013-1917", "CVE-2013-1919", "CVE-2013-1920");
  script_bugtraq_id(58880, 59291, 59292);

  script_name(english:"OracleVM 3.1 : xen (OVMSA-2013-0032)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - defer event channel bucket pointer store until after XSM
    checks Otherwise a dangling pointer can be left, which
    would cause subsequent memory corruption as soon as the
    space got re-allocated for some other purpose. This is
    CVE-2013-1920 / XSA-47.

  - x86: fix various issues with handling guest IRQs

  - properly revoke IRQ access in map_domain_pirq error path

  - don't permit replacing an in use IRQ

  - don't accept inputs in the GSI range for
    MAP_PIRQ_TYPE_MSI

  - track IRQ access permission in host IRQ terms, not guest
    IRQ ones (and with that, also disallow Dom0 access to
    IRQ0) This is CVE-2013-1919 / XSA-46.

  - x86: clear EFLAGS.NT in SYSENTER entry path ... as it
    causes problems if we happen to exit back via IRET: In
    the course of trying to handle the fault, the hypervisor
    creates a stack course of trying to handle the fault,
    the hypervisor creates a stack frame by hand, and uses
    PUSHFQ to set the respective EFLAGS field, but expects
    to be able to IRET through that stack frame to the
    second portion of the fixup code (which causes a #GP due
    to the stored EFLAGS having NT set). And even if this
    worked (e.g if we cleared NT in that path), it would
    then (through the fail safe callback) cause a #GP in the
    guest with the SYSENTER handler's first instruction as
    the source, which in turn would allow guest user mode
    code to crash the guest kernel. Inject a #GP on the fake
    (NULL) address of the SYSENTER instruction instead, just
    like in the case where the guest kernel didn't register
    a corresponding entry point. On 32-bit we also need to
    make sure we clear SYSENTER_CS for all CPUs (neither
    #RESET nor #INIT guarantee this). This is CVE-2013-1917
    / XSA-44. (CVE-2013-1917)

  - Current Xend allowing multiple call destroy for the same
    domain, this lead multiple hard resets(FLR) for pci
    pass-through, and some controller might failed. In our
    test, we pass through 2 LSI HAB controllers to the PVHVM
    guest, after guest brought up, call xm-destroy twice,
    the adapters's BIOS will hung, and we had to reboot the
    server to recovery it. BTW: I had send this patch to Xen
    maillist, but developer said Xend will obsolete and
    would not review and merge the fix."
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2013-April/000142.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?316f37b9"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xen / xen-devel / xen-tools packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.1" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.1", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.1", reference:"xen-4.1.2-18.el5.41")) flag++;
if (rpm_check(release:"OVS3.1", reference:"xen-devel-4.1.2-18.el5.41")) flag++;
if (rpm_check(release:"OVS3.1", reference:"xen-tools-4.1.2-18.el5.41")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools");
}

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2013-0031.
#

include("compat.inc");

if (description)
{
  script_id(79502);
  script_version("1.3");
  script_cvs_date("Date: 2019/09/27 13:00:34");

  script_cve_id("CVE-2013-1917", "CVE-2013-1919", "CVE-2013-1920");
  script_bugtraq_id(58880, 59291, 59292);

  script_name(english:"OracleVM 3.2 : xen (OVMSA-2013-0031)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - defer event channel bucket pointer store until after XSM
    checks Otherwise a dangling pointer can be left, which
    would cause subsequent memory corruption as soon as the
    space got re-allocated for some other purpose. This is
    CVE-2013-1920 / XSA-47.

    John Haxby 

  - x86: fix various issues with handling guest IRQs

  - properly revoke IRQ access in map_domain_pirq error path

  - don't permit replacing an in use IRQ

  - don't accept inputs in the GSI range for
    MAP_PIRQ_TYPE_MSI

  - track IRQ access permission in host IRQ terms, not guest
    IRQ ones (and with that, also disallow Dom0 access to
    IRQ0) This is CVE-2013-1919 / XSA-46.

  - x86: clear EFLAGS.NT in SYSENTER entry path ... as it
    causes problems if we happen to exit back via IRET: In
    the course of trying to handle the fault, the hypervisor
    creates a stack frame by hand, and uses PUSHFQ to set
    the respective EFLAGS field, but expects to be able to
    IRET through that stack frame to the second portion of
    the fixup code (which causes a #GP due to the stored
    EFLAGS having NT set). And even if this worked (e.g if
    we cleared NT in that path), it would then (through the
    fail safe callback) cause a #GP in the guest with the
    SYSENTER handler's first instruction as the source,
    which in turn would allow guest user mode code to crash
    the guest kernel. Inject a #GP on the fake (NULL)
    address of the SYSENTER instruction instead, just like
    in the case where the guest kernel didn't register a
    corresponding entry point. On 32-bit we also need to
    make sure we clear SYSENTER_CS for all CPUs (neither
    #RESET nor #INIT guarantee this). This is CVE-2013-1917
    / XSA-44. (CVE-2013-1917)"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2013-April/000131.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?83affd55"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xen / xen-devel / xen-tools packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.6")) flag++;
if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.6")) flag++;
if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2662. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(66028);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2013-1917", "CVE-2013-1919");
  script_xref(name:"DSA", value:"2662");

  script_name(english:"Debian DSA-2662-1 : xen - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities have been discovered in the Xen hypervisor.
The Common Vulnerabilities and Exposures project identifies the
following problems :

  - CVE-2013-1917
    The SYSENTER instruction can be used by PV guests to
    accelerate system call processing. This instruction,
    however, leaves the EFLAGS register mostly unmodified.
    This can be used by malicious or buggy user space to
    cause the entire host to crash.

  - CVE-2013-1919
    Various IRQ related access control operations may not
    have the intended effect, potentially permitting a stub
    domain to grant its client domain access to an IRQ it
    doesn't have access to itself. This can be used by
    malicious or buggy stub domains kernels to mount a
    denial of service attack possibly affecting the whole
    system."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1917"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1919"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/xen"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2013/dsa-2662"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the xen packages.

For the stable distribution (squeeze), these problems have been fixed
in version 4.0.1-5.9."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"libxen-dev", reference:"4.0.1-5.9")) flag++;
if (deb_check(release:"6.0", prefix:"libxenstore3.0", reference:"4.0.1-5.9")) flag++;
if (deb_check(release:"6.0", prefix:"xen-docs-4.0", reference:"4.0.1-5.9")) flag++;
if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-amd64", reference:"4.0.1-5.9")) flag++;
if (deb_check(release:"6.0", prefix:"xen-hypervisor-4.0-i386", reference:"4.0.1-5.9")) flag++;
if (deb_check(release:"6.0", prefix:"xen-utils-4.0", reference:"4.0.1-5.9")) flag++;
if (deb_check(release:"6.0", prefix:"xenstore-utils", reference:"4.0.1-5.9")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");