Vulnerabilities > CVE-2013-2211 - Permissions, Privileges, and Access Controls vulnerability in XEN
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 14 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Accessing, Modifying or Executing Executable Files An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
- Leverage Executable Code in Non-Executable Files An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
- Blue Boxing This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
- Restful Privilege Elevation Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
- Target Programs with Elevated Privileges This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-11785.NASL description add upstream patch for PCI passthrough problems after XSA-46 xenstore permissions not set correctly by libxl [XSA-57] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-12 plugin id 67324 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67324 title Fedora 17 : xen-4.1.5-8.fc17 (2013-11785) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-11785. # include("compat.inc"); if (description) { script_id(67324); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-2211"); script_bugtraq_id(60721); script_xref(name:"FEDORA", value:"2013-11785"); script_name(english:"Fedora 17 : xen-4.1.5-8.fc17 (2013-11785)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "add upstream patch for PCI passthrough problems after XSA-46 xenstore permissions not set correctly by libxl [XSA-57] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=971503" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110804.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?da2e93dd" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"xen-4.1.5-8.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0446-1.NASL description The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to last seen 2020-06-05 modified 2015-05-20 plugin id 83616 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83616 title SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:0446-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83616); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-3497", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6885", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894"); script_bugtraq_id(17600, 22967, 55410, 55442, 56289, 56498, 56794, 56796, 56797, 56798, 56803, 57159, 57223, 57420, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60282, 60701, 60702, 60703, 60721, 60799, 61424, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 65419); script_name(english:"SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen hypervisor and toolset have been updated to fix various security issues and some bugs. The following security issues have been addressed : XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (bnc#860163) XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL and expose unreasonably large memory allocation to arbitrary guests. (bnc#860163) XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (bnc#860163) XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#853049) XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. (bnc#849668) XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). (bnc#849667) XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. (bnc#848657) XSA-67: CVE-2013-4368: The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. (bnc#842511) XSA-66: CVE-2013-4361: The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. (bnc#841766) XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. (bnc#840592) XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. (bnc#839596) XSA-61: CVE-2013-4329: The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. (bnc#839618) XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling chaches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. (bnc#831120) XSA-58: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to 'deep page table traversal.' (bnc#826882) XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possible gain privileges via unspecified vectors. (bnc#826882) XSA-57: CVE-2013-2211: The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors. (bnc#823608) XSA-56: CVE-2013-2072: Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. (bnc#819416) XSA-55: CVE-2013-2196: Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to 'other problems' that are not CVE-2013-2194 or CVE-2013-2195. (bnc#823011) XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to 'pointer dereferences' involving unexpected calculations. (bnc#823011) XSA-55: CVE-2013-2194: Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. (bnc#823011) XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. (bnc#820919) XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. (bnc#820917) XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors. (bnc#816156) XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. (bnc#816163) XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running 'under memory pressure' and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. (bnc#813677) XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to 'passed-through IRQs or PCI devices.' (bnc#813675) XSA-45: CVE-2013-1918: Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to 'deep page table traversal.' (bnc#816159) XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. (bnc#813673) XSA-41: CVE-2012-6075: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. (bnc#797523) XSA-37: CVE-2013-0154: The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash) via unspecified vectors related to a hypercall. (bnc#797031) XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. (bnc#800275) XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. (bnc#794316) XSA-31: CVE-2012-5515: The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. (bnc#789950) XSA-30: CVE-2012-5514: The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. (bnc#789948) XSA-29: CVE-2012-5513: The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. (bnc#789951) XSA-27: CVE-2012-6333: Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. (bnc#789944) XSA-27: CVE-2012-5511: Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. (bnc#789944) XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. (bnc#789945) XSA-25: CVE-2012-4544: The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. (bnc#787163) XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka 'Grant table hypercall infinite loop DoS vulnerability.' (bnc#786520) XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. (bnc#786519) XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka 'Memory mapping failure DoS vulnerability.' (bnc#786517) XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an 'inappropriate deadline.' (bnc#786516) XSA-19: CVE-2012-4411: The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. (bnc#779212) XSA-15: CVE-2012-3497: (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. (bnc#777890) Also the following non-security bugs have been fixed : - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch. (bnc#805094) - guest 'disappears' after live migration Updated block-dmmd script. (bnc#777628) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b3fed2ec" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-1056.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-0998.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3497.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4411.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4535.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4537.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4538.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4539.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4544.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5510.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5511.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5513.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5514.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5515.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5634.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6075.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6333.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0153.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0154.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1432.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1442.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1917.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1918.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1919.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1920.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1952.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1964.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2072.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2076.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2077.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2194.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2195.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2196.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2211.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2212.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4329.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4355.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4361.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4368.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4494.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4553.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4554.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-6885.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1891.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1892.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1893.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-1894.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/777628" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/777890" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/779212" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786517" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786519" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/786520" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/787163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789944" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789945" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789948" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789950" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/789951" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/794316" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/797031" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/797523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/800275" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/805094" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813673" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/813677" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816159" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/816163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/819416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820917" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/820919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/823011" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/823608" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/826882" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/831120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839596" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/839618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/840592" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/841766" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/842511" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/848657" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849667" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849668" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853049" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/860163" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20140446-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e4176238" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11 SP1 LTSS : zypper in -t patch slessp1-xen-201402-8963 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-html-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-doc-pdf-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-libs-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-tools-domU-4.0.3_21548_16-0.5.1")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-11837.NASL description XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default= last seen 2020-03-17 modified 2013-07-12 plugin id 67326 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67326 title Fedora 19 : xen-4.2.2-10.fc19 (2013-11837) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-11837. # include("compat.inc"); if (description) { script_id(67326); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1432", "CVE-2013-1918", "CVE-2013-2211"); script_bugtraq_id(59615, 60721, 60799); script_xref(name:"FEDORA", value:"2013-11837"); script_name(english:"Fedora 19 : xen-4.2.2-10.fc19 (2013-11837)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default='${next_entry}' line in F19 libxl: Set vfb and vkb devid if not done so by the caller add upstream patch for PCI passthrough problems after XSA-46 xenstore permissions not set correctly by libxl [XSA-57] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=971503" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=974250" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110604.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?99313545" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"xen-4.2.2-10.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0068.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 84140 published 2015-06-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84140 title OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2015-0068. # include("compat.inc"); if (description) { script_id(84140); script_version("2.18"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2006-1056", "CVE-2007-0998", "CVE-2012-0029", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4544", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-0153", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1442", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1950", "CVE-2014-3566", "CVE-2014-5146", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2752", "CVE-2015-2756", "CVE-2015-3209", "CVE-2015-3456", "CVE-2015-4164"); script_bugtraq_id(17600, 22967, 51642, 53650, 53961, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 56289, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 57223, 57742, 57745, 58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63931, 63933, 63983, 64195, 65419, 65529, 69198, 70057, 70062, 70198, 70574, 72577, 72954, 72955, 73015, 73448, 74640, 75123, 75149); script_name(english:"OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0068 for details." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000317.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.127.52")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.127.52")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.127.52")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-24.NASL description The remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have “tmem” specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036 last seen 2020-06-01 modified 2020-06-02 plugin id 70184 published 2013-09-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70184 title GLSA-201309-24 : Xen: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201309-24. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(70184); script_version("1.15"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2011-2901", "CVE-2011-3262", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3497", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515", "CVE-2012-5525", "CVE-2012-5634", "CVE-2012-6030", "CVE-2012-6031", "CVE-2012-6032", "CVE-2012-6033", "CVE-2012-6034", "CVE-2012-6035", "CVE-2012-6036", "CVE-2012-6075", "CVE-2012-6333", "CVE-2013-0151", "CVE-2013-0152", "CVE-2013-0153", "CVE-2013-0154", "CVE-2013-0215", "CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1922", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211"); script_bugtraq_id(49370, 53856, 53955, 53961, 54691, 54942, 55400, 55406, 55410, 55412, 55413, 55414, 55442, 56498, 56794, 56796, 56797, 56798, 56799, 56803, 56805, 57159, 57223, 57420, 57494, 57495, 57742, 57745, 58880, 59070, 59291, 59292, 59293, 59615, 59617, 60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799); script_xref(name:"GLSA", value:"201309-24"); script_name(english:"GLSA-201309-24 : Xen: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201309-24 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround : The CVEs listed below do not currently have fixes, but only apply to Xen setups which have “tmem” specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036" ); script_set_attribute( attribute:"see_also", value:"https://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201309-24" ); script_set_attribute( attribute:"solution", value: "All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.2.2-r1' All Xen-tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-tools-4.2.2-r3' All Xen-pvgrub users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/xen-pvgrub-4.2.2-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'FreeBSD Intel SYSRET Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-pvgrub"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/xen-pvgrub", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++; if (qpkg_check(package:"app-emulation/xen", unaffected:make_list("ge 4.2.2-r1"), vulnerable:make_list("lt 4.2.2-r1"))) flag++; if (qpkg_check(package:"app-emulation/xen-tools", unaffected:make_list("ge 4.2.2-r3"), vulnerable:make_list("lt 4.2.2-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3006.NASL description Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service. last seen 2020-03-17 modified 2014-08-19 plugin id 77240 published 2014-08-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77240 title Debian DSA-3006-1 : xen - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3006. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(77240); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1432", "CVE-2013-1442", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2014-1950", "CVE-2014-2599", "CVE-2014-3124", "CVE-2014-4021"); script_bugtraq_id(60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63933, 65529, 66407, 67113, 68070); script_xref(name:"DSA", value:"3006"); script_name(english:"Debian DSA-3006-1 : xen - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/xen" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-3006" ); script_set_attribute( attribute:"solution", value: "Upgrade the xen packages. For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u2." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libxen-4.1", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libxen-dev", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libxen-ocaml", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libxen-ocaml-dev", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libxenstore3.0", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-docs-4.1", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-amd64", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-i386", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-system-amd64", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-system-i386", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-utils-4.1", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-utils-common", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xenstore-utils", reference:"4.1.4-3+deb7u2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-669.NASL description XEN was updated to 4.1.5 release. It fixes various bugs and security issues. Issues fixed separately from the 4.1.5 release : - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#XXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device assignment to HVM guest when there is no IOMMU - Various upstream patches from Jan were integrated. - bnc#823786 - migrate.py support of short options dropped by PTF - bnc#803712 - after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing <num> - CVE-2013-1432 / bnc#826882 - xen: XSA-58: x86: fix page refcount handling in page table pin error path - CVE-2013-2211 / bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#801663 - performance of mirror lvm unsuitable for production - CVE-2013-1918/ bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt remapping source validation flaw for bridges - CVE-2013-2076 / bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - CVE-2013-2077 / bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - CVE-2013-2078 / bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - CVE-2013-2072 / bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow in xencontrol Python bindings affecting xend - Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. - CVE-2013-1918 / bnc#816159 - xen: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: XSA-49: VT-d interrupt remapping source validation flaw for bridges - bnc#809662 - can last seen 2020-06-05 modified 2014-06-13 plugin id 75129 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75129 title openSUSE Security Update : xen (openSUSE-SU-2013:1392-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2013-669. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75129); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-1432", "CVE-2013-1917", "CVE-2013-1918", "CVE-2013-1919", "CVE-2013-1920", "CVE-2013-1952", "CVE-2013-1964", "CVE-2013-2072", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2211"); script_bugtraq_id(58880, 59291, 59292, 59293, 59615, 59617, 59982, 60277, 60278, 60282, 60721, 60799); script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2013:1392-1)"); script_summary(english:"Check for the openSUSE-2013-669 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "XEN was updated to 4.1.5 release. It fixes various bugs and security issues. Issues fixed separately from the 4.1.5 release : - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#XXXXXX - xen: CVE-2013-XXXX: XSA-61: suppress device assignment to HVM guest when there is no IOMMU - Various upstream patches from Jan were integrated. - bnc#823786 - migrate.py support of short options dropped by PTF - bnc#803712 - after live migration rcu_sched_state detected stalls add new option xm migrate --min_remaing <num> - CVE-2013-1432 / bnc#826882 - xen: XSA-58: x86: fix page refcount handling in page table pin error path - CVE-2013-2211 / bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#801663 - performance of mirror lvm unsuitable for production - CVE-2013-1918/ bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt remapping source validation flaw for bridges - CVE-2013-2076 / bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - CVE-2013-2077 / bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - CVE-2013-2078 / bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - CVE-2013-2072 / bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow in xencontrol Python bindings affecting xend - Update to Xen 4.1.5 c/s 23509 There were many xen.spec file patches dropped as now being included in the 4.1.5 tarball. - CVE-2013-1918 / bnc#816159 - xen: XSA-45: Several long latency operations are not preemptible - CVE-2013-1952 / bnc#816163 - xen: XSA-49: VT-d interrupt remapping source validation flaw for bridges - bnc#809662 - can't use pv-grub to start domU (pygrub does work) - CVE-2013-1917 / bnc#813673 - xen: Xen PV DoS vulnerability with SYSENTER - CVE-2013-1919 / bnc#813675 - xen: Several access permission issues with IRQs for unprivileged guests - CVE-2013-1920 / bnc#813677 - xen: Potential use of freed memory in event channel operations - bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=801663" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=803712" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=809662" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=813673" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=813675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=813677" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=814709" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=816156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=816159" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=816163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=819416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820917" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820920" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=823011" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=823608" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=823786" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=824676" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=826882" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00056.html" ); script_set_attribute(attribute:"solution", value:"Update the affected xen packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"xen-debugsource-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-devel-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-default-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-default-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-desktop-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-desktop-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-pae-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-kmp-pae-debuginfo-4.1.5_04_k3.4.47_2.38-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-libs-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-libs-debuginfo-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-tools-domU-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"xen-tools-domU-debuginfo-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-doc-html-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-doc-pdf-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-libs-32bit-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-tools-4.1.5_04-5.29.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"xen-tools-debuginfo-4.1.5_04-5.29.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-11768.NASL description add upstream patch for PCI passthrough problems after XSA-46 xenstore permissions not set correctly by libxl [XSA-57] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-12 plugin id 67322 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67322 title Fedora 18 : xen-4.2.2-9.fc18 (2013-11768) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-11768. # include("compat.inc"); if (description) { script_id(67322); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-2211"); script_xref(name:"FEDORA", value:"2013-11768"); script_name(english:"Fedora 18 : xen-4.2.2-9.fc18 (2013-11768)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "add upstream patch for PCI passthrough problems after XSA-46 xenstore permissions not set correctly by libxl [XSA-57] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=971503" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110818.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e6684e4a" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"xen-4.2.2-9.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-201307-130714.NASL description The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various bugs and security issues : The following security issues have been addressed : - Various integer overflows in the ELF loader were fixed. (XSA-55). (CVE-2013-2194) - Various pointer dereferences issues in the ELF loader were fixed. (XSA-55). (CVE-2013-2195) - Various other problems in the ELF loader were fixed. (XSA-55). (CVE-2013-2196) - A Hypervisor crash due to missing exception recovery on XSETBV was fixed. (XSA-54). (CVE-2013-2078) - A Hypervisor crash due to missing exception recovery on XRSTOR was fixed. (XSA-53). (CVE-2013-2077) - libxl allowed guest write access to sensitive console related xenstore keys. (XSA-57). (CVE-2013-2211) - An information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) was fixed, where parts of this state could leak to other VMs. (CVE-2013-2076) Also the following bugs have been fixed : - performance issues in mirror lvm. (bnc#801663) - aacraid driver panics mapping INT A when booting kernel-xen. (bnc#808085) - Fully Virtualized Windows VM install failed on Ivy Bridge platforms with Xen kernel. (bnc#808269) - Did not boot with i915 graphics controller with VT-d enabled (bnc#817210) last seen 2020-06-05 modified 2013-08-10 plugin id 69297 published 2013-08-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69297 title SuSE 11.3 Security Update : Xen (SAT Patch Number 8063) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(69297); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211"); script_name(english:"SuSE 11.3 Security Update : Xen (SAT Patch Number 8063)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The Xen hypervisor and toolset has been updated to 4.2.2_06 to fix various bugs and security issues : The following security issues have been addressed : - Various integer overflows in the ELF loader were fixed. (XSA-55). (CVE-2013-2194) - Various pointer dereferences issues in the ELF loader were fixed. (XSA-55). (CVE-2013-2195) - Various other problems in the ELF loader were fixed. (XSA-55). (CVE-2013-2196) - A Hypervisor crash due to missing exception recovery on XSETBV was fixed. (XSA-54). (CVE-2013-2078) - A Hypervisor crash due to missing exception recovery on XRSTOR was fixed. (XSA-53). (CVE-2013-2077) - libxl allowed guest write access to sensitive console related xenstore keys. (XSA-57). (CVE-2013-2211) - An information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) was fixed, where parts of this state could leak to other VMs. (CVE-2013-2076) Also the following bugs have been fixed : - performance issues in mirror lvm. (bnc#801663) - aacraid driver panics mapping INT A when booting kernel-xen. (bnc#808085) - Fully Virtualized Windows VM install failed on Ivy Bridge platforms with Xen kernel. (bnc#808269) - Did not boot with i915 graphics controller with VT-d enabled (bnc#817210)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=801663" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=808085" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=808269" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=817210" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820917" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820919" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820920" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=823011" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=823608" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2076.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2077.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2078.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2194.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2195.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2196.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2211.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8063."); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.2_06_3.0.82_0.7-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-libs-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-tools-domU-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-doc-html-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-doc-pdf-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-libs-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-libs-32bit-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-tools-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-tools-domU-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.2_06_3.0.82_0.7-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-libs-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-tools-domU-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-doc-html-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-doc-pdf-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.2_06_3.0.82_0.7-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-libs-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-libs-32bit-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-tools-4.2.2_06-0.7.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-tools-domU-4.2.2_06-0.7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-201310-131029.NASL description XEN has been updated to version 4.2.3 c/s 26170, fixing various bugs and security issues. - XSA-72: Fixed ocaml xenstored that mishandled oversized message replies. (CVE-2013-4416) - XSA-63: Fixed information leaks through I/O instruction emulation. (CVE-2013-4355) - XSA-66: Fixed information leak through fbld instruction emulation. (CVE-2013-4361) - XSA-67: Fixed information leak through outs instruction emulation. (CVE-2013-4368) - XSA-68: Fixed possible null dereference when parsing vif ratelimiting info. (CVE-2013-4369) - XSA-69: Fixed misplaced free in ocaml xc_vcpu_getaffinity stub. (CVE-2013-4370) - XSA-70: Fixed use-after-free in libxl_list_cpupool under memory pressure. (CVE-2013-4371) - XSA-71: xen: qemu disk backend (qdisk) resource leak. (CVE-2013-4375) - XSA-62: Fixed information leak on AVX and/or LWP capable CPUs. (CVE-2013-1442) - XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes. Various bugs have also been fixed:. (CVE-2013-1432) - Boot failure with xen kernel in UEFI mode with error last seen 2020-06-05 modified 2013-11-20 plugin id 70969 published 2013-11-20 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70969 title SuSE 11.2 / 11.3 Security Update : Xen (SAT Patch Numbers 8478 / 8479)
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://www.debian.org/security/2014/dsa-3006
- http://www.openwall.com/lists/oss-security/2013/06/25/1
- http://www.openwall.com/lists/oss-security/2013/06/26/4