Vulnerabilities > CVE-2013-2077 - Permissions, Privileges, and Access Controls vulnerability in XEN

047910
CVSS 5.2 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
xen
CWE-264
nessus

Summary

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2013-0042.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a #GP to occur upon passing the inputs to XSETBV inside the hypervisor. This is CVE-2013-2078 / XSA-54. (CVE-2013-2078) - x86/xsave: recover from faults on XRSTOR Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed to it in the memory block (i.e. aspects not under the control of the hypervisor, other than e.g. proper alignment of the block). Also correct the comment explaining why FXRSTOR needs exception recovery code to not wrongly state that this can only be a result of the control tools passing a bad image. This is CVE-2013-2077 / XSA-53. (CVE-2013-2077) - x86/xsave: fix information leak on AMD CPUs Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don
    last seen2020-06-01
    modified2020-06-02
    plugin id79510
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79510
    titleOracleVM 3.2 : xen (OVMSA-2013-0042)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2013-0042.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79510);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/27 13:00:34");
    
      script_cve_id("CVE-2006-1056", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078");
      script_bugtraq_id(17600, 60277, 60278, 60282);
    
      script_name(english:"OracleVM 3.2 : xen (OVMSA-2013-0042)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - Other than the HVM emulation path, the PV case so far
        failed to check that YMM state requires SSE state to be
        enabled, allowing for a #GP to occur upon passing the
        inputs to XSETBV inside the hypervisor. This is
        CVE-2013-2078 / XSA-54. (CVE-2013-2078)
    
      - x86/xsave: recover from faults on XRSTOR Just like
        FXRSTOR, XRSTOR can raise #GP if bad content is being
        passed to it in the memory block (i.e. aspects not under
        the control of the hypervisor, other than e.g. proper
        alignment of the block). Also correct the comment
        explaining why FXRSTOR needs exception recovery code to
        not wrongly state that this can only be a result of the
        control tools passing a bad image. This is CVE-2013-2077
        / XSA-53. (CVE-2013-2077)
    
      - x86/xsave: fix information leak on AMD CPUs Just like
        for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don't save/restore
        the last instruction and operand pointers as well as the
        last opcode if there's no pending unmasked exception
        (see CVE-2006-1056 and commit 9747:4d667a139318). While
        the FXSR solution sits in the save path, I prefer to
        have this in the restore path because there the handling
        is simpler (namely in the context of the pending changes
        to properly save the selector values for 32-bit guest
        code). Also this is using FFREE instead of EMMS, as it
        doesn't seem unlikely that in the future we may see CPUs
        with x87 and SSE/AVX but no MMX support. The goal here
        anyway is just to avoid an FPU stack overflow. I would
        have preferred to use FFREEP instead of FFREE (freeing
        two stack slots at once), but AMD doesn't document that
        instruction. This is CVE-2013-2076 / XSA-52.
        (CVE-2013-2076)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/oraclevm-errata/2013-June/000155.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xen / xen-devel / xen-tools packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.6.13")) flag++;
    if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.6.13")) flag++;
    if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.6.13")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2013-0043.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - x86/xsave: properly check guest input to XSETBV Other than the HVM emulation path, the PV case so far failed to check that YMM state requires SSE state to be enabled, allowing for a #GP to occur upon passing the inputs to XSETBV inside the hypervisor. This is CVE-2013-2078 / XSA-54. (CVE-2013-2078) - 86/xsave: recover from faults on XRSTOR Just like FXRSTOR, XRSTOR can raise #GP if bad content is being passed to it in the memory block (i.e. aspects not under the control of the hypervisor, other than e.g. proper alignment of the block). Also correct the comment explaining why FXRSTOR needs exception recovery code to not wrongly state that this can only be a result of the control tools passing a bad image. This is CVE-2013-2077 / XSA-53. (CVE-2013-2077) - x86/xsave: fix information leak on AMD CPUs Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don
    last seen2020-06-01
    modified2020-06-02
    plugin id79511
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79511
    titleOracleVM 3.1 : xen (OVMSA-2013-0043)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2013-0043.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79511);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/27 13:00:34");
    
      script_cve_id("CVE-2006-1056", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078");
      script_bugtraq_id(17600, 60277, 60278, 60282);
    
      script_name(english:"OracleVM 3.1 : xen (OVMSA-2013-0043)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - x86/xsave: properly check guest input to XSETBV Other
        than the HVM emulation path, the PV case so far failed
        to check that YMM state requires SSE state to be
        enabled, allowing for a #GP to occur upon passing the
        inputs to XSETBV inside the hypervisor. This is
        CVE-2013-2078 / XSA-54. (CVE-2013-2078)
    
      - 86/xsave: recover from faults on XRSTOR Just like
        FXRSTOR, XRSTOR can raise #GP if bad content is being
        passed to it in the memory block (i.e. aspects not under
        the control of the hypervisor, other than e.g. proper
        alignment of the block). Also correct the comment
        explaining why FXRSTOR needs exception recovery code to
        not wrongly state that this can only be a result of the
        control tools passing a bad image. This is CVE-2013-2077
        / XSA-53. (CVE-2013-2077)
    
      - x86/xsave: fix information leak on AMD CPUs Just like
        for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don't save/restore
        the last instruction and operand pointers as well as the
        last opcode if there's no pending unmasked exception
        (see CVE-2006-1056 and commit 9747:4d667a139318). While
        the FXSR solution sits in the save path, I prefer to
        have this in the restore path because there the handling
        is simpler (namely in the context of the pending changes
        to properly save the selector values for 32-bit guest
        code). Also this is using FFREE instead of EMMS, as it
        doesn't seem unlikely that in the future we may see CPUs
        with x87 and SSE/AVX but no MMX support. The goal here
        anyway is just to avoid an FPU stack overflow. I would
        have preferred to use FFREEP instead of FFREE (freeing
        two stack slots at once), but AMD doesn't document that
        instruction. This is CVE-2013-2076 / XSA-52.
        (CVE-2013-2076)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/oraclevm-errata/2013-June/000156.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xen / xen-devel / xen-tools packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.1" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.1", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.1", reference:"xen-4.1.2-18.el5.54")) flag++;
    if (rpm_check(release:"OVS3.1", reference:"xen-devel-4.1.2-18.el5.54")) flag++;
    if (rpm_check(release:"OVS3.1", reference:"xen-tools-4.1.2-18.el5.54")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-0446-1.NASL
    descriptionThe SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to
    last seen2020-06-05
    modified2015-05-20
    plugin id83616
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83616
    titleSUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2014:0446-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83616);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6885", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894");
      script_bugtraq_id(17600, 22967, 55410, 55442, 56289, 56498, 56794, 56796, 56797, 56798, 56803, 57159, 57223, 57420, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60282, 60701, 60702, 60703, 60721, 60799, 61424, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 65419);
    
      script_name(english:"SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor
    and toolset have been updated to fix various security issues and some
    bugs.
    
    The following security issues have been addressed :
    
    XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both
    problems with the overflow issue being present for more than just the
    suboperations listed above. (bnc#860163)
    
    XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1,
    while not affected by the above overflow, have a different
    overflow issue on FLASK_{GET,SET}BOOL and expose
    unreasonably large memory allocation to arbitrary guests.
    (bnc#860163)
    
    XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER
    and FLASK_CONTEXT_TO_SID suboperations of the flask
    hypercall are vulnerable to an integer overflow on the input
    size. The hypercalls attempt to allocate a buffer which is 1
    larger than this size and is therefore vulnerable to integer
    overflow and an attempt to allocate then access a zero byte
    buffer. (bnc#860163)
    
    XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through
    0Fh processors does not properly handle the interaction
    between locked instructions and write-combined memory types,
    which allows local users to cause a denial of service
    (system hang) via a crafted application, aka the errata 793
    issue. (bnc#853049)
    
    XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly
    4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1)
    does not properly prevent access to hypercalls, which allows
    local guest users to gain privileges via a crafted
    application running in ring 1 or 2. (bnc#849668)
    
    XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall
    in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always
    obtain the page_alloc_lock and mm_rwlock in the same order,
    which allows local guest administrators to cause a denial of
    service (host deadlock). (bnc#849667)
    
    XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x
    does not take the page_alloc_lock and grant_table.lock in
    the same order, which allows local guest administrators with
    access to multiple vcpus to cause a denial of service (host
    deadlock) via unspecified vectors. (bnc#848657)
    
    XSA-67: CVE-2013-4368: The outs instruction emulation in Xen
    3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS:
    segment override, uses an uninitialized variable as a
    segment base, which allows local 64-bit PV guests to obtain
    sensitive information (hypervisor stack content) via
    unspecified vectors related to stale data in a segment
    register. (bnc#842511)
    
    XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen
    3.3.x through 4.3.x does not use the correct variable for
    the source effective address, which allows local HVM guests
    to obtain hypervisor stack information by reading the values
    used by the instruction. (bnc#841766)
    
    XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not
    properly handle certain errors, which allows local HVM
    guests to obtain hypervisor stack memory via a (1) port or
    (2) memory mapped I/O write or (3) other unspecified
    operations related to addresses without associated memory.
    (bnc#840592)
    
    XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX
    or LWP capable CPUs, does not properly clear previous data
    from registers when using an XSAVE or XRSTOR to extend the
    state components of a saved or restored vCPU after touching
    other restored extended registers, which allows local guest
    OSes to obtain sensitive information by reading the
    registers. (bnc#839596)
    
    XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen
    4.0.x through 4.2.x, when IOMMU is disabled, provides access
    to a busmastering-capable PCI passthrough device before the
    IOMMU setup is complete, which allows local HVM guest
    domains to gain privileges or cause a denial of service via
    a DMA instruction. (bnc#839618)
    
    XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen
    3.3 through 4.3, when disabling chaches, allows local HVM
    guests with access to memory mapped I/O regions to cause a
    denial of service (CPU consumption and possibly hypervisor
    or guest kernel panic) via a crafted GFN range. (bnc#831120)
    
    XSA-58: CVE-2013-1918: Certain page table manipulation
    operations in Xen 4.1.x, 4.2.x, and earlier are not
    preemptible, which allows local PV kernels to cause a denial
    of service via vectors related to 'deep page table
    traversal.' (bnc#826882)
    
    XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the XSA-45
    patch is in place, does not properly maintain references on
    pages stored for deferred cleanup, which allows local PV
    guest kernels to cause a denial of service (premature page
    free and hypervisor crash) or possible gain privileges via
    unspecified vectors. (bnc#826882)
    
    XSA-57: CVE-2013-2211: The libxenlight (libxl) toolstack
    library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions
    for xenstore keys for paravirtualised and emulated serial
    console devices, which allows local guest administrators to
    modify the xenstore value via unspecified vectors.
    (bnc#823608)
    
    XSA-56: CVE-2013-2072: Buffer overflow in the Python
    bindings for the xc_vcpu_setaffinity call in Xen 4.0.x,
    4.1.x, and 4.2.x allows local administrators with
    permissions to configure VCPU affinity to cause a denial of
    service (memory corruption and xend toolstack crash) and
    possibly gain privileges via a crafted cpumap. (bnc#819416)
    
    XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities
    in the Elf parser (libelf) in Xen 4.2.x and earlier allow
    local guest administrators with certain permissions to have
    an unspecified impact via a crafted kernel, related to
    'other problems' that are not CVE-2013-2194 or
    CVE-2013-2195. (bnc#823011)
    
    XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen 4.2.x
    and earlier allow local guest administrators with certain
    permissions to have an unspecified impact via a crafted
    kernel, related to 'pointer dereferences' involving
    unexpected calculations. (bnc#823011)
    
    XSA-55: CVE-2013-2194: Multiple integer overflows in the Elf
    parser (libelf) in Xen 4.2.x and earlier allow local guest
    administrators with certain permissions to have an
    unspecified impact via a crafted kernel. (bnc#823011)
    
    XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x does not
    properly restrict the contents of a XRSTOR, which allows
    local PV guest users to cause a denial of service (unhandled
    exception and hypervisor crash) via unspecified vectors.
    (bnc#820919)
    
    XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x, when
    running on AMD64 processors, only save/restore the FOP, FIP,
    and FDP x87 registers in FXSAVE/FXRSTOR when an exception is
    pending, which allows one domain to determine portions of
    the state of floating point instructions of other domains,
    which can be leveraged to obtain sensitive information such
    as cryptographic keys, a similar vulnerability to
    CVE-2006-1056. NOTE: this is the documented behavior of
    AMD64 processors, but it is inconsistent with Intel
    processors in a security-relevant fashion that was not
    addressed by the kernels. (bnc#820917)
    
    XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly
    releases a grant reference when releasing a non-v1,
    non-transitive grant, which allows local guest
    administrators to cause a denial of service (host crash),
    obtain sensitive information, or possible have other impacts
    via unspecified vectors. (bnc#816156)
    
    XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d for a
    bus mastering capable PCI device, does not properly check
    the source when accessing a bridge device's interrupt
    remapping table entries for MSI interrupts, which allows
    local guest domains to cause a denial of service (interrupt
    injection) via unspecified vectors. (bnc#816163)
    
    XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when
    the hypervisor is running 'under memory pressure' and the
    Xen Security Module (XSM) is enabled, uses the wrong
    ordering of operations when extending the per-domain event
    channel tracking table, which causes a use-after-free and
    allows local guest kernels to inject arbitrary events and
    gain privileges via unspecified vectors. (bnc#813677)
    
    XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not properly
    restrict access to IRQs, which allows local stub domain
    clients to gain access to IRQs and cause a denial of service
    via vectors related to 'passed-through IRQs or PCI devices.'
    (bnc#813675)
    
    XSA-45: CVE-2013-1918: Certain page table manipulation
    operations in Xen 4.1.x, 4.2.x, and earlier are not
    preemptible, which allows local PV kernels to cause a denial
    of service via vectors related to 'deep page table
    traversal.' (bnc#816159)
    
    XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when running
    64-bit hosts on Intel CPUs, does not clear the NT flag when
    using an IRET after a SYSENTER instruction, which allows PV
    guest users to cause a denial of service (hypervisor crash)
    by triggering a #GP fault, which is not properly handled by
    another IRET instruction. (bnc#813673)
    
    XSA-41: CVE-2012-6075: Buffer overflow in the e1000_receive
    function in the e1000 device driver (hw/e1000.c) in QEMU
    1.3.0-rc2 and other versions, when the SBP and LPE flags are
    disabled, allows remote attackers to cause a denial of
    service (guest OS crash) and possibly execute arbitrary
    guest code via a large packet. (bnc#797523)
    
    XSA-37: CVE-2013-0154: The get_page_type function in
    xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled,
    allows local PV or HVM guest administrators to cause a
    denial of service (assertion failure and hypervisor crash)
    via unspecified vectors related to a hypercall. (bnc#797031)
    
    XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen 4.2.x,
    4.1.x, 3.3, and other versions, when using AMD-Vi for PCI
    passthrough, uses the same interrupt remapping table for the
    host and all guests, which allows guests to cause a denial
    of service by injecting an interrupt into other guests.
    (bnc#800275)
    
    XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0, when using
    Intel VT-d for PCI passthrough, does not properly configure
    VT-d when supporting a device that is behind a legacy PCI
    Bridge, which allows local guests to cause a denial of
    service to other guests by injecting an interrupt.
    (bnc#794316)
    
    XSA-31: CVE-2012-5515: The (1) XENMEM_decrease_reservation,
    (2) XENMEM_populate_physmap, and (3) XENMEM_exchange
    hypercalls in Xen 4.2 and earlier allow local guest
    administrators to cause a denial of service (long loop and
    hang) via a crafted extent_order value. (bnc#789950)
    
    XSA-30: CVE-2012-5514: The
    guest_physmap_mark_populate_on_demand function in Xen 4.2
    and earlier does not properly unlock the subject GFNs when
    checking if they are in use, which allows local guest HVM
    administrators to cause a denial of service (hang) via
    unspecified vectors. (bnc#789948)
    
    XSA-29: CVE-2012-5513: The XENMEM_exchange handler in Xen
    4.2 and earlier does not properly check the memory address,
    which allows local PV guest OS administrators to cause a
    denial of service (crash) or possibly gain privileges via
    unspecified vectors that overwrite memory in the hypervisor
    reserved range. (bnc#789951)
    
    XSA-27: CVE-2012-6333: Multiple HVM control operations in
    Xen 3.4 through 4.2 allow local HVM guest OS administrators
    to cause a denial of service (physical CPU consumption) via
    a large input. (bnc#789944)
    
    XSA-27: CVE-2012-5511: Stack-based buffer overflow in the
    dirty video RAM tracking functionality in Xen 3.4 through
    4.1 allows local HVM guest OS administrators to cause a
    denial of service (crash) via a large bitmap image.
    (bnc#789944)
    
    XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the grant
    table version, does not properly remove the status page from
    the tracking list when freeing the page, which allows local
    guest OS administrators to cause a denial of service
    (hypervisor crash) via unspecified vectors. (bnc#789945)
    
    XSA-25: CVE-2012-4544: The PV domain builder in Xen 4.2 and
    earlier does not validate the size of the kernel or ramdisk
    (1) before or (2) after decompression, which allows local
    guest administrators to cause a denial of service (domain 0
    memory consumption) via a crafted (a) kernel or (b) ramdisk.
    (bnc#787163)
    
    XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when running
    32-bit x86 PV guests on 64-bit hypervisors, allows local
    guest OS administrators to cause a denial of service
    (infinite loop and hang or crash) via invalid arguments to
    GNTTABOP_get_status_frames, aka 'Grant table hypercall
    infinite loop DoS vulnerability.' (bnc#786520)
    
    XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying hypercall
    in Xen 4.0, 4.1, and 4.2 does not properly check the
    pagetable state when running on shadow pagetables, which
    allows a local HVM guest OS to cause a denial of service
    (hypervisor crash) via unspecified vectors. (bnc#786519)
    
    XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and possibly
    earlier versions, does not properly synchronize the p2m and
    m2p tables when the set_p2m_entry function fails, which
    allows local HVM guest OS administrators to cause a denial
    of service (memory consumption and assertion failure), aka
    'Memory mapping failure DoS vulnerability.' (bnc#786517)
    
    XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly
    earlier versions, allows local guest OS administrators to
    cause a denial of service (Xen infinite loop and physical
    CPU consumption) by setting a VCPU with an 'inappropriate
    deadline.' (bnc#786516)
    
    XSA-19: CVE-2012-4411: The graphical console in Xen 4.0, 4.1
    and 4.2 allows local OS guest administrators to obtain
    sensitive host resource information via the qemu monitor.
    NOTE: this might be a duplicate of CVE-2007-0998.
    (bnc#779212)
    
    XSA-15: CVE-2012-3497: (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2)
    TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS
    and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in
    Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a
    denial of service (NULL pointer dereference or memory
    corruption and host crash) or possibly have other
    unspecified impacts via a NULL client id. (bnc#777890)
    
    Also the following non-security bugs have been fixed :
    
      - xen hot plug attach/detach fails modified
        blktap-pv-cdrom.patch. (bnc#805094)
    
      - guest 'disappears' after live migration Updated
        block-dmmd script. (bnc#777628)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b3fed2ec"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-1056.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-0998.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3497.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4411.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4535.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4537.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4538.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4539.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4544.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5510.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5511.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5513.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5514.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5515.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-5634.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-6075.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-6333.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0153.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-0154.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1432.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1442.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1917.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1918.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1919.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1920.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1952.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1964.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2072.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2076.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2077.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2194.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2195.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2196.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2211.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2212.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4329.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4355.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4361.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4368.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4494.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4553.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4554.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6885.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-1891.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-1892.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-1893.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-1894.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/777628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/777890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/779212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/786516"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/786517"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/786519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/786520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/787163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789951"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/794316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/797031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/797523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/800275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/805094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/813673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/813675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/813677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/816156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/816159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/816163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/819416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/823011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/823608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/826882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/831120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/839596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/839618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/840592"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/841766"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/842511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849668"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/860163"
      );
      # https://www.suse.com/support/update/announcement/2014/suse-su-20140446-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e4176238"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11 SP1 LTSS :
    
    zypper in -t patch slessp1-xen-201402-8963
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0068.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id84140
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84140
    titleOracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2015-0068.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84140);
      script_version("2.18");
      script_cvs_date("Date: 2019/11/12");
    
      script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-0029", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-0153", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1950", "CVE-2014-3566", "CVE-2014-5146", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2752", "CVE-2015-2756", "CVE-2015-3209", "CVE-2015-3456", "CVE-2015-4164");
      script_bugtraq_id(17600, 22967, 51642, 53650, 53961, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 56289, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 57223, 57742, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 64195, 65419, 65529, 69198, 70057, 70062, 70198, 70574, 72577, 72954, 72955, 73015, 73448, 74640, 75123, 75149);
    
      script_name(english:"OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2015-0068 for details."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000317.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xen / xen-devel / xen-tools packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.127.52")) flag++;
    if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.127.52")) flag++;
    if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.127.52")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-24.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have &ldquo;tmem&rdquo; specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036
    last seen2020-06-01
    modified2020-06-02
    plugin id70184
    published2013-09-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70184
    titleGLSA-201309-24 : Xen: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201309-24.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70184);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2011-2901", "CVE-2011-3262", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5525", "CVE-2012-5634", "CVE-2012-6030", "CVE-2012-6031", "CVE-2012-6032", "CVE-2012-6033", "CVE-2012-6034", "CVE-2012-6035", "CVE-2012-6036", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0151", "CVE-2013-0152", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211");
      script_bugtraq_id(49370, 53856, 53955, 53961, 54691, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 55442, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 56805, 57159, 57223, 57420, 57494, 57495, 57742, 57745, 58880, 59070, 59291, 59292, 59293, 59615, 59617, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799);
      script_xref(name:"GLSA", value:"201309-24");
    
      script_name(english:"GLSA-201309-24 : Xen: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201309-24
    (Xen: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Xen. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        Guest domains could possibly gain privileges, execute arbitrary code, or
          cause a Denial of Service on the host domain (Dom0). Additionally, guest
          domains could gain information about other virtual machines running on
          the same host or read arbitrary files on the host.
      
    Workaround :
    
        The CVEs listed below do not currently have fixes, but only apply to Xen
          setups which have &ldquo;tmem&rdquo; specified on the hypervisor command line.
          TMEM is not currently supported for use in production systems, and
          administrators using tmem should disable it.
          Relevant CVEs:
          * CVE-2012-2497
          * CVE-2012-6030
          * CVE-2012-6031
          * CVE-2012-6032
          * CVE-2012-6033
          * CVE-2012-6034
          * CVE-2012-6035
          * CVE-2012-6036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201309-24"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Xen users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.2-r1'
        All Xen-tools users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/xen-tools-4.2.2-r3'
        All Xen-pvgrub users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/xen-pvgrub-4.2.2-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'FreeBSD Intel SYSRET Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-pvgrub");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-emulation/xen-pvgrub", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
    if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++;
    if (qpkg_check(package:"app-emulation/xen-tools", unaffected:make_list("ge 4.2.2-r3"), vulnerable:make_list("lt 4.2.2-r3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-677.NASL
    descriptionXEN was updated to 4.2.2, fixing lots of bugs and several security issues. Various upstream patches were also merged into this version by our developers. Detailed buglist : - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#817799 - sles9sp4 guest fails to start after upgrading to sles11 sp3 - bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes - Add upstream patch to fix devid assignment in libxl 27184-libxl-devid-fix.patch - bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys 27178-libxl-Restrict-permissions-on-PV-console-device-xe nstore-nodes.patch - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#808269 - Fully Virtualized Windows VM install is failed on Ivy Bridge platforms with Xen kernel - bnc#801663 - performance of mirror lvm unsuitable for production block-dmmd - bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to boot after panic on XEN kernel SP3 Beta 4 and RC1 - Upstream AMD Erratum patch from Jan - bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several access permission issues with IRQs for unprivileged guests - bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - bnc#808085 - aacraid driver panics mapping INT A when booting kernel-xen - bnc#817210 - openSUSE 12.3 Domain 0 doesn
    last seen2020-06-05
    modified2014-06-13
    plugin id75130
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75130
    titleopenSUSE Security Update : xen (openSUSE-SU-2013:1404-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-677.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75130);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-6075", "CVE-2013-0151", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-2007", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078");
      script_bugtraq_id(57420, 57495, 59070, 59291, 59292, 59615, 59617, 59675, 59982, 60277, 60278, 60282, 60799);
    
      script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2013:1404-1)");
      script_summary(english:"Check for the openSUSE-2013-677 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "XEN was updated to 4.2.2, fixing lots of bugs and several security
    issues.
    
    Various upstream patches were also merged into this version by our
    developers.
    
    Detailed buglist :
    
      - bnc#824676 - Failed to setup devices for vm instance
        when start multiple vms simultaneously
    
      - bnc#817799 - sles9sp4 guest fails to start after
        upgrading to sles11 sp3
    
      - bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference
        counting error due to XSA-45/CVE-2013-1918 fixes
    
      - Add upstream patch to fix devid assignment in libxl
        27184-libxl-devid-fix.patch
    
      - bnc#823608 - xen: XSA-57: libxl allows guest write
        access to sensitive console related xenstore keys
        27178-libxl-Restrict-permissions-on-PV-console-device-xe
        nstore-nodes.patch
    
      - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in
        libelf PV kernel handling
    
      - bnc#808269 - Fully Virtualized Windows VM install is
        failed on Ivy Bridge platforms with Xen kernel
    
      - bnc#801663 - performance of mirror lvm unsuitable for
        production block-dmmd
    
      - bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to
        boot after panic on XEN kernel SP3 Beta 4 and RC1
    
      - Upstream AMD Erratum patch from Jan
    
      - bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several
        access permission issues with IRQs for unprivileged
        guests
    
      - bnc#820917 - CVE-2013-2076: xen: Information leak on
        XSAVE/XRSTOR capable AMD CPUs (XSA-52)
    
      - bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to
        missing exception recovery on XRSTOR (XSA-53)
    
      - bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to
        missing exception recovery on XSETBV (XSA-54)
    
      - bnc#808085 - aacraid driver panics mapping INT A when
        booting kernel-xen
    
      - bnc#817210 - openSUSE 12.3 Domain 0 doesn't boot with
        i915 graphics controller under Xen with VT-d enabled
    
      - bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow
        in xencontrol Python bindings affecting xend
    
      - bnc#818183 - xen: CVE-2013-2007: XSA-51: qga set umask
        0077 when daemonizing
    
      - add lndir to BuildRequires
    
      - remove
        xen.migrate.tools_notify_restore_to_hangup_during_migrat
        ion_--abort_if_busy.patch It changed migration protocol
        and upstream wants a different solution
    
      - bnc#802221 - fix xenpaging readd
        xenpaging.qemu.flush-cache.patch
    
      - bnc#808269 - Fully Virtualized Windows VM install is
        failed on Ivy Bridge platforms with Xen kernel
    
      - Additional fix for bnc#816159
        CVE-2013-1918-xsa45-followup.patch
    
      - bnc#817068 - Xen guest with >1 sr-iov vf won't start
    
      - Update to Xen 4.2.2 c/s 26064 The following recent
        security patches are included in the tarball
        CVE-2013-0151-xsa34.patch (bnc#797285)
        CVE-2012-6075-xsa41.patch (bnc#797523)
        CVE-2013-1917-xsa44.patch (bnc#813673)
        CVE-2013-1919-xsa46.patch (bnc#813675)
    
      - bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long
        latency operations are not preemptible
    
      - bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt
        remapping source validation flaw for bridges
    
      - bnc#809662 - can't use pv-grub to start domU (pygrub
        does work) xen.spec
    
      - bnc#814709 - Unable to create XEN virtual machines in
        SLED 11 SP2 on Kyoto
    
      - bnc#813673 - CVE-2013-1917: xen: Xen PV DoS
        vulnerability with SYSENTER
    
      - bnc#813675 - CVE-2013-1919: xen: Several access
        permission issues with IRQs for unprivileged guests
    
      - bnc#814059 - xen: qemu-nbd format-guessing due to
        missing format specification"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=797285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=797523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=801663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=802221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=808085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=808269"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=809662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=814059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=814709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=817068"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=817210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=817799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=817904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=818183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=819416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820920"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=824676"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=826882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-09/msg00007.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"xen-debugsource-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-devel-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-default-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-default-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-desktop-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-desktop-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-pae-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-kmp-pae-debuginfo-4.2.2_06_k3.7.10_1.16-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-libs-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-libs-debuginfo-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-tools-domU-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"xen-tools-domU-debuginfo-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-doc-html-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-doc-pdf-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-libs-32bit-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-tools-4.2.2_06-1.16.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"xen-tools-debuginfo-4.2.2_06-1.16.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-10136.NASL
    descriptionInformation leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-07-12
    plugin id67269
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67269
    titleFedora 18 : xen-4.2.2-6.fc18 (2013-10136)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-10136.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67269);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078");
      script_bugtraq_id(60277, 60278, 60282);
      script_xref(name:"FEDORA", value:"2013-10136");
    
      script_name(english:"Fedora 18 : xen-4.2.2-6.fc18 (2013-10136)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52,
    CVE-2013-2076] (#970206) Hypervisor crash due to missing exception
    recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) Hypervisor crash
    due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078]
    (#970202) Multiple vulnerabilities in libelf PV kernel handling
    [XSA-55] (#970640)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=964259"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=964261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=964264"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=970631"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108918.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?44a22c36"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC18", reference:"xen-4.2.2-6.fc18")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3006.NASL
    descriptionMultiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service.
    last seen2020-03-17
    modified2014-08-19
    plugin id77240
    published2014-08-19
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77240
    titleDebian DSA-3006-1 : xen - security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3006. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77240);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-1432", "CVE-2013-1442", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2014-1950", "CVE-2014-2599", "CVE-2014-3124", "CVE-2014-4021");
      script_bugtraq_id(60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63933, 65529, 66407, 67113, 68070);
      script_xref(name:"DSA", value:"3006");
    
      script_name(english:"Debian DSA-3006-1 : xen - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues have been discovered in the Xen
    virtualisation solution which may result in information leaks or
    denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/xen"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2014/dsa-3006"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the xen packages.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 4.1.4-3+deb7u2."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libxen-4.1", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libxen-dev", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libxen-ocaml", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libxen-ocaml-dev", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libxenstore3.0", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"xen-docs-4.1", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-amd64", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-i386", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"xen-system-amd64", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"xen-system-i386", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"xen-utils-4.1", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"xen-utils-common", reference:"4.1.4-3+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"xenstore-utils", reference:"4.1.4-3+deb7u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-10247.NASL
    descriptionInformation leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-07-12
    plugin id67275
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67275
    titleFedora 17 : xen-4.1.5-5.fc17 (2013-10247)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-10247.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67275);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078");
      script_bugtraq_id(60277, 60278, 60282);
      script_xref(name:"FEDORA", value:"2013-10247");
    
      script_name(english:"Fedora 17 : xen-4.1.5-5.fc17 (2013-10247)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52,
    CVE-2013-2076] (#970206) Hypervisor crash due to missing exception
    recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) Hypervisor crash
    due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078]
    (#970202) Multiple vulnerabilities in libelf PV kernel handling
    [XSA-55] (#970640)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=964259"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=964261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=964264"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=970631"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/109231.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d9fe7f04"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC17", reference:"xen-4.1.5-5.fc17")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-669.NASL
    descriptionXEN was updated to 4.1.5 release. It fixes various bugs and security issues. Issues fixed separately from the 4.1.5 release : - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#XXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device assignment to HVM guest when there is no IOMMU - Various upstream patches from Jan were integrated. - bnc#823786 - migrate.py support of short options dropped by PTF - bnc#803712 - after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing <num> - CVE-2013-1432 / bnc#826882 - xen: XSA-58: x86: fix page refcount handling in page table pin error path - CVE-2013-2211 / bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#801663 - performance of mirror lvm unsuitable for production - CVE-2013-1918/ bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt remapping source validation flaw for bridges - CVE-2013-2076 / bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - CVE-2013-2077 / bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - CVE-2013-2078 / bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - CVE-2013-2072 / bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow in xencontrol Python bindings affecting xend - Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. - CVE-2013-1918 / bnc#816159 - xen: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: XSA-49: VT-d interrupt remapping source validation flaw for bridges - bnc#809662 - can
    last seen2020-06-05
    modified2014-06-13
    plugin id75129
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75129
    titleopenSUSE Security Update : xen (openSUSE-SU-2013:1392-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-669.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75129);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2211");
      script_bugtraq_id(58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60721, 60799);
    
      script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2013:1392-1)");
      script_summary(english:"Check for the openSUSE-2013-669 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "XEN was updated to 4.1.5 release. It fixes various bugs and security
    issues.
    
    Issues fixed separately from the 4.1.5 release :
    
      - bnc#824676 - Failed to setup devices for vm instance
        when start multiple vms simultaneously 
    
      - bnc#XXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device
        assignment to HVM guest when there is no IOMMU
    
      - Various upstream patches from Jan were integrated.
    
      - bnc#823786 - migrate.py support of short options dropped
        by PTF
    
      - bnc#803712 - after live migration rcu_sched_state
        detected stalls add new option xm migrate --min_remaing
        <num>
    
      - CVE-2013-1432 / bnc#826882 - xen: XSA-58: x86: fix page
        refcount handling in page table pin error path
    
      - CVE-2013-2211 / bnc#823608 - xen: XSA-57: libxl allows
        guest write access to sensitive console related xenstore
        keys
    
      - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in
        libelf PV kernel handling
    
      - bnc#801663 - performance of mirror lvm unsuitable for
        production
    
      - CVE-2013-1918/ bnc#816159 - xen: CVE-2013-1918: XSA-45:
        Several long latency operations are not preemptible
    
      - CVE-2013-1952 / bnc#816163 - xen: CVE-2013-1952: XSA-49:
        VT-d interrupt remapping source validation flaw for
        bridges
    
      - CVE-2013-2076 / bnc#820917 - CVE-2013-2076: xen:
        Information leak on XSAVE/XRSTOR capable AMD CPUs
        (XSA-52)
    
      - CVE-2013-2077 / bnc#820919 - CVE-2013-2077: xen:
        Hypervisor crash due to missing exception recovery on
        XRSTOR (XSA-53)
    
      - CVE-2013-2078 / bnc#820920 - CVE-2013-2078: xen:
        Hypervisor crash due to missing exception recovery on
        XSETBV (XSA-54)
    
      - CVE-2013-2072 / bnc#819416 - xen: CVE-2013-2072: XSA-56:
        Buffer overflow in xencontrol Python bindings affecting
        xend 
    
      - Update to Xen 4.1.5 c/s 23509 There were many xen.spec
        file patches dropped as now being included in the 4.1.5
        tarball.
    
      - CVE-2013-1918 / bnc#816159 - xen: XSA-45: Several long
        latency operations are not preemptible
    
      - CVE-2013-1952 / bnc#816163 - xen: XSA-49: VT-d interrupt
        remapping source validation flaw for bridges
    
      - bnc#809662 - can't use pv-grub to start domU (pygrub
        does work)
    
      - CVE-2013-1917 / bnc#813673 - xen: Xen PV DoS
        vulnerability with SYSENTER
    
      - CVE-2013-1919 / bnc#813675 - xen: Several access
        permission issues with IRQs for unprivileged guests
    
      - CVE-2013-1920 / bnc#813677 - xen: Potential use of freed
        memory in event channel operations
    
      - bnc#814709 - Unable to create XEN virtual machines in
        SLED 11 SP2 on Kyoto"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=801663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=803712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=809662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=814709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=819416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820920"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823786"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=824676"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=826882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00056.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"xen-debugsource-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-devel-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-default-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-default-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-desktop-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-desktop-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-pae-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-pae-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-libs-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-libs-debuginfo-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-tools-domU-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"xen-tools-domU-debuginfo-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-doc-html-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-doc-pdf-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-libs-32bit-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-tools-4.1.5_04-5.29.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-tools-debuginfo-4.1.5_04-5.29.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_XEN-201307-130714.NASL
    descriptionThe Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various bugs and security issues : The following security issues have been addressed : - Various integer overflows in the ELF loader were fixed. (XSA-55). (CVE-2013-2194) - Various pointer dereferences issues in the ELF loader were fixed. (XSA-55). (CVE-2013-2195) - Various other problems in the ELF loader were fixed. (XSA-55). (CVE-2013-2196) - A Hypervisor crash due to missing exception recovery on XSETBV was fixed. (XSA-54). (CVE-2013-2078) - A Hypervisor crash due to missing exception recovery on XRSTOR was fixed. (XSA-53). (CVE-2013-2077) - libxl allowed guest write access to sensitive console related xenstore keys. (XSA-57). (CVE-2013-2211) - An information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) was fixed, where parts of this state could leak to other VMs. (CVE-2013-2076) Also the following bugs have been fixed : - performance issues in mirror lvm. (bnc#801663) - aacraid driver panics mapping INT A when booting kernel-xen. (bnc#808085) - Fully Virtualized Windows VM install failed on Ivy Bridge platforms with Xen kernel. (bnc#808269) - Did not boot with i915 graphics controller with VT-d enabled (bnc#817210)
    last seen2020-06-05
    modified2013-08-10
    plugin id69297
    published2013-08-10
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69297
    titleSuSE 11.3 Security Update : Xen (SAT Patch Number 8063)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69297);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211");
    
      script_name(english:"SuSE 11.3 Security Update : Xen (SAT Patch Number 8063)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix
    various bugs and security issues :
    
    The following security issues have been addressed :
    
      - Various integer overflows in the ELF loader were fixed.
        (XSA-55). (CVE-2013-2194)
    
      - Various pointer dereferences issues in the ELF loader
        were fixed. (XSA-55). (CVE-2013-2195)
    
      - Various other problems in the ELF loader were fixed.
        (XSA-55). (CVE-2013-2196)
    
      - A Hypervisor crash due to missing exception recovery on
        XSETBV was fixed. (XSA-54). (CVE-2013-2078)
    
      - A Hypervisor crash due to missing exception recovery on
        XRSTOR was fixed. (XSA-53). (CVE-2013-2077)
    
      - libxl allowed guest write access to sensitive console
        related xenstore keys. (XSA-57). (CVE-2013-2211)
    
      - An information leak on XSAVE/XRSTOR capable AMD CPUs
        (XSA-52) was fixed, where parts of this state could leak
        to other VMs. (CVE-2013-2076)
    
    Also the following bugs have been fixed :
    
      - performance issues in mirror lvm. (bnc#801663)
    
      - aacraid driver panics mapping INT A when booting
        kernel-xen. (bnc#808085)
    
      - Fully Virtualized Windows VM install failed on Ivy
        Bridge platforms with Xen kernel. (bnc#808269)
    
      - Did not boot with i915 graphics controller with VT-d
        enabled (bnc#817210)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=801663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=808085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=808269"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=817210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820920"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2076.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2077.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2078.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2194.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2195.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2196.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2211.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8063.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.2_06_3.0.82_0.7-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-libs-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-tools-domU-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-doc-html-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-doc-pdf-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-libs-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-libs-32bit-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-tools-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-tools-domU-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.2_06_3.0.82_0.7-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-libs-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-tools-domU-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-doc-html-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-doc-pdf-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-libs-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-libs-32bit-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-tools-4.2.2_06-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-tools-domU-4.2.2_06-0.7.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_XEN-201305-130531.NASL
    descriptionXEN has been updated to 4.1.5 c/s 23509 to fix various bugs and security issues. The following security issues have been fixed : - Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier were not preemptible, which allowed local PV kernels to cause a denial of service via vectors related to deep page table traversal. (CVE-2013-1918) - Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, did not properly check the source when accessing a bridge devices interrupt remapping table entries for MSI interrupts, which allowed local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. (CVE-2013-1952) - A information leak in the XSAVE/XRSTOR instructions could be used to determine state of floating point operations in other domains. (CVE-2013-2076) - A denial of service (hypervisor crash) was possible due to missing exception recovery on XRSTOR, that could be used to crash the machine by PV guest users. (CVE-2013-2077) - A denial of service (hypervisor crash) was possible due to missing exception recovery on XSETBV, that could be used to crash the machine by PV guest users. (CVE-2013-2078) - Systems which allow untrusted administrators to configure guest vcpu affinity may be exploited to trigger a buffer overrun and corrupt memory. (CVE-2013-2072) - Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, did not clear the NT flag when using an IRET after a SYSENTER instruction, which allowed PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. (CVE-2013-1917) - Xen 4.2.x and 4.1.x did not properly restrict access to IRQs, which allowed local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to
    last seen2020-06-05
    modified2013-06-26
    plugin id66985
    published2013-06-26
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66985
    titleSuSE 11.2 Security Update : Xen (SAT Patch Number 7798)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66985);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078");
    
      script_name(english:"SuSE 11.2 Security Update : Xen (SAT Patch Number 7798)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "XEN has been updated to 4.1.5 c/s 23509 to fix various bugs and
    security issues.
    
    The following security issues have been fixed :
    
      - Certain page table manipulation operations in Xen 4.1.x,
        4.2.x, and earlier were not preemptible, which allowed
        local PV kernels to cause a denial of service via
        vectors related to deep page table traversal.
        (CVE-2013-1918)
    
      - Xen 4.x, when using Intel VT-d for a bus mastering
        capable PCI device, did not properly check the source
        when accessing a bridge devices interrupt remapping
        table entries for MSI interrupts, which allowed local
        guest domains to cause a denial of service (interrupt
        injection) via unspecified vectors. (CVE-2013-1952)
    
      - A information leak in the XSAVE/XRSTOR instructions
        could be used to determine state of floating point
        operations in other domains. (CVE-2013-2076)
    
      - A denial of service (hypervisor crash) was possible due
        to missing exception recovery on XRSTOR, that could be
        used to crash the machine by PV guest users.
        (CVE-2013-2077)
    
      - A denial of service (hypervisor crash) was possible due
        to missing exception recovery on XSETBV, that could be
        used to crash the machine by PV guest users.
        (CVE-2013-2078)
    
      - Systems which allow untrusted administrators to
        configure guest vcpu affinity may be exploited to
        trigger a buffer overrun and corrupt memory.
        (CVE-2013-2072)
    
      - Xen 3.1 through 4.x, when running 64-bit hosts on Intel
        CPUs, did not clear the NT flag when using an IRET after
        a SYSENTER instruction, which allowed PV guest users to
        cause a denial of service (hypervisor crash) by
        triggering a #GP fault, which is not properly handled by
        another IRET instruction. (CVE-2013-1917)
    
      - Xen 4.2.x and 4.1.x did not properly restrict access to
        IRQs, which allowed local stub domain clients to gain
        access to IRQs and cause a denial of service via vectors
        related to 'passed-through IRQs or PCI devices.'.
        (CVE-2013-1919)
    
      - Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is
        running 'under memory pressure' and the Xen Security
        Module (XSM) is enabled, used the wrong ordering of
        operations when extending the per-domain event channel
        tracking table, which caused a use-after-free and
        allowed local guest kernels to inject arbitrary events
        and gain privileges via unspecified vectors.
        (CVE-2013-1920)
    
      - Xen 4.0.x and 4.1.x incorrectly released a grant
        reference when releasing a non-v1, non-transitive grant,
        which allowed local guest administrators to cause a
        denial of service (host crash), obtain sensitive
        information, or possible have other impacts via
        unspecified vectors. (CVE-2013-1964)
    
    Bugfixes :
    
      - Upstream patches from Jan
        26956-x86-mm-preemptible-cleanup.patch
        27071-x86-IO-APIC-fix-guest-RTE-write-corner-cases.patch
        27072-x86-shadow-fix-off-by-one-in-MMIO-permission-check
        .patch 27079-fix-XSA-46-regression-with-xend-xm.patch
        27083-AMD-iommu-SR56x0-Erratum-64-Reset-all-head-tail-po
        inters.patch
    
      - Update to Xen 4.1.5 c/s 23509 There were many xen.spec
        file patches dropped as now being included in the 4.1.5
        tarball.
    
      - can't use pv-grub to start domU (pygrub does work)
        xen.spec. (bnc#809662)
    
      - Upstream patches from Jan
        26702-powernow-add-fixups-for-AMD-P-state-figures.patch
        26704-x86-MCA-suppress-bank-clearing-for-certain-injecte
        d-events.patch
        26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iom
        mu-mappings.patch
        26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.pa
        tch
        26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-mes
        sages.patch
        26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.pa
        tch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch
        26742-IOMMU-properly-check-whether-interrupt-remapping-i
        s-enabled.patch
        26743-VT-d-deal-with-5500-5520-X58-errata.patch
        26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping
        .patch
        26749-x86-reserve-pages-when-SandyBridge-integrated-grap
        hics.patch
        26765-hvm-Clean-up-vlapic_reg_write-error-propagation.pa
        tch
        26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-
        vectors.patch
        26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patc
        h
        26772-VMX-Always-disable-SMEP-when-guest-is-in-non-pagin
        g-mode.patch
        26773-x86-mm-shadow-spurious-warning-when-unmapping-xenh
        eap-pages.patch
        26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patc
        h
        26851-iommu-crash-Interrupt-remapping-is-also-disabled-o
        n-crash.patch
    
      - Unable to create XEN virtual machines in SLED 11 SP2 on
        Kyoto xend-cpuinfo-model-name.patch. (bnc#814709)
    
      - Upstream patches from Jan 26536-xenoprof-div-by-0.patch
        26578-AMD-IOMMU-replace-BUG_ON.patch
        26656-x86-fix-null-pointer-dereference-in-intel_get_exte
        nded_msrs.patch
        26659-AMD-IOMMU-erratum-746-workaround.patch
        26660-x86-fix-CMCI-injection.patch
        26672-vmx-fix-handling-of-NMI-VMEXIT.patch
        26673-Avoid-stale-pointer-when-moving-domain-to-another-
        cpupool.patch
        26676-fix-compat-memory-exchange-op-splitting.patch
        26677-x86-make-certain-memory-sub-ops-return-valid-value
        s.patch 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch
        26679-x86-defer-processing-events-on-the-NMI-exit-path.p
        atch
        26683-credit1-Use-atomic-bit-operations-for-the-flags-st
        ructure.patch
        26692-x86-MSI-fully-protect-MSI-X-table.patch"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=801663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=809662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=814709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=819416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820920"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1917.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1918.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1919.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1920.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1952.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1964.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2072.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2076.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2077.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2078.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7798.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-libs-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-tools-domU-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-doc-html-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-doc-pdf-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-libs-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-libs-32bit-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-tools-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-tools-domU-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-libs-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-tools-domU-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-doc-html-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-doc-pdf-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.5_02_3.0.74_0.6.10-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-libs-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-libs-32bit-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-tools-4.1.5_02-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-tools-domU-4.1.5_02-0.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-9986.NASL
    descriptionInformation leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52, CVE-2013-2076] (#970206) Hypervisor crash due to missing exception recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) Hypervisor crash due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078] (#970202) Multiple vulnerabilities in libelf PV kernel handling [XSA-55] (#970640) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-07-12
    plugin id67395
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67395
    titleFedora 19 : xen-4.2.2-6.fc19 (2013-9986)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-9986.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67395);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078");
      script_bugtraq_id(60277, 60278, 60282);
      script_xref(name:"FEDORA", value:"2013-9986");
    
      script_name(english:"Fedora 19 : xen-4.2.2-6.fc19 (2013-9986)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Information leak on XSAVE/XRSTOR capable AMD CPUs [XSA-52,
    CVE-2013-2076] (#970206) Hypervisor crash due to missing exception
    recovery on XRSTOR [XSA-53, CVE-2013-2077] (#970204) Hypervisor crash
    due to missing exception recovery on XSETBV [XSA-54, CVE-2013-2078]
    (#970202) Multiple vulnerabilities in libelf PV kernel handling
    [XSA-55] (#970640)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=964259"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=964261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=964264"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=970631"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108875.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?be76b35a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"xen-4.2.2-6.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }