Vulnerabilities > CVE-2013-4344 - Classic Buffer Overflow vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.

Vulnerable Configurations

Part Description Count
Application
Qemu
140
Application
Redhat
1
OS
Opensuse
2
OS
Redhat
4
OS
Canonical
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2092-1.NASL
    descriptionAsias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. (CVE-2013-4344) It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4375) Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. This issue only affected Ubuntu 13.10. (CVE-2013-4377). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-01-31
    plugin id72231
    published2014-01-31
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72231
    titleUbuntu 12.04 LTS / 12.10 / 13.10 : qemu, qemu-kvm vulnerabilities (USN-2092-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2092-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72231);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4344", "CVE-2013-4375", "CVE-2013-4377");
      script_bugtraq_id(62682, 62773, 62934);
      script_xref(name:"USN", value:"2092-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 12.10 / 13.10 : qemu, qemu-kvm vulnerabilities (USN-2092-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Asias He discovered that QEMU incorrectly handled SCSI controllers
    with more than 256 attached devices. A local user could possibly use
    this flaw to elevate privileges. (CVE-2013-4344)
    
    It was discovered that QEMU incorrectly handled Xen disks. A local
    guest could possibly use this flaw to consume resources, resulting in
    a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu
    13.10. (CVE-2013-4375)
    
    Sibiao Luo discovered that QEMU incorrectly handled device
    hot-unplugging. A local user could possibly use this flaw to cause a
    denial of service. This issue only affected Ubuntu 13.10.
    (CVE-2013-4377).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2092-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|12\.10|13\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 12.10 / 13.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"qemu-kvm", pkgver:"1.0+noroms-0ubuntu14.13")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"qemu-kvm", pkgver:"1.2.0+noroms-0ubuntu2.12.10.6")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"qemu-system", pkgver:"1.5.0+dfsg-3ubuntu5.3")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"qemu-system-arm", pkgver:"1.5.0+dfsg-3ubuntu5.3")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"qemu-system-mips", pkgver:"1.5.0+dfsg-3ubuntu5.3")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"qemu-system-misc", pkgver:"1.5.0+dfsg-3ubuntu5.3")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"qemu-system-ppc", pkgver:"1.5.0+dfsg-3ubuntu5.3")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"qemu-system-sparc", pkgver:"1.5.0+dfsg-3ubuntu5.3")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"qemu-system-x86", pkgver:"1.5.0+dfsg-3ubuntu5.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-kvm / qemu-system / qemu-system-arm / qemu-system-mips / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1754.NASL
    descriptionUpdated qemu-kvm-rhev, qemu-kvm-rhev-tools, and qemu-img-rhev packages are now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Virtualization Manager. A buffer overflow flaw was found in the way QEMU processed the SCSI
    last seen2020-06-01
    modified2020-06-02
    plugin id78981
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78981
    titleRHEL 6 : qemu-kvm-rhev, qemu-kvm-rhev-tools, qemu-img-rhev (RHSA-2013:1754)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1754. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78981);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-4344");
      script_bugtraq_id(62773);
      script_xref(name:"RHSA", value:"2013:1754");
    
      script_name(english:"RHEL 6 : qemu-kvm-rhev, qemu-kvm-rhev-tools, qemu-img-rhev (RHSA-2013:1754)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated qemu-kvm-rhev, qemu-kvm-rhev-tools, and qemu-img-rhev packages
    are now available.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    KVM (Kernel-based Virtual Machine) is a full virtualization solution
    for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package
    provides the user-space component for running virtual machines using
    KVM, in environments managed by Red Hat Enterprise Virtualization
    Manager.
    
    A buffer overflow flaw was found in the way QEMU processed the SCSI
    'REPORT LUNS' command when more than 256 LUNs were specified for a
    single SCSI target. A privileged guest user could use this flaw to
    corrupt QEMU process memory on the host, which could potentially
    result in arbitrary code execution on the host with the privileges of
    the QEMU process. (CVE-2013-4344)
    
    This issue was discovered by Asias He of Red Hat.
    
    This update fixes the following bugs :
    
    * In QMP monitor, if an attempt was made to create an image with the
    same file name as the backing file, an error was generated, but no
    message was displayed. Performing this action in QMP Monitor now
    generates the same error message as performing the action in HMP:
    'Error: Trying to create an image with the same file name as the
    backing file'. (BZ#877240)
    
    * QEMU I/O throttling has been disabled in Red Hat Enterprise Linux
    and is now only available enabled in the Red Hat Enterprise
    Virtualization QEMU package (qemu-kvm-rhev). (BZ#975468)
    
    * When booting a guest machine, it would still boot when specifying
    iops and bps as a negative value, without displaying an error message.
    This has been fixed so that if a negative value is used the guest does
    not boot and QEMU exits with the following message 'bps and iops
    values must be 0 or greater'. (BZ#987725)
    
    * When booting a guest with QMP server, hot plug was failing. It can
    now do hotplug with QEMU I/O throttling including iops, iops_wr,
    iops_rd, bps, bps_wr, bps_rd inofs successfully. (BZ#987745)
    
    * Due to a change in virtualization features, all fixes and errata
    related to Red Hat Enterprise Virtualization specific features, can
    only be posted to the Red Hat Enterprise Virtualization channel.
    Therefore a Red Hat Enterprise Virtualization specific qemu-kvm (for
    RHEV-H-6.5.0 Errata) was developed. This meant that the qemu-kvm-rhev
    binary was mapped to a Red Had enterprise Virtualization channel,
    entitled to Red Hat Enterprise Virtualization customers, and disabled
    from the Red Hat Enterprise Linux channel. (BZ#997032)
    
    * The qemu-kvm-rhev package now contains /usr/lib64/qemu, as this
    directory is where CEPH packages provide librbd to be used by QEMU at
    runtime. (BZ#999705)
    
    * QEMU performed a core dump when iops.bps was set to a negative
    value. This has been fixed so that it no longer performs a core dump
    when a negative value is entered, instead an error message is
    displayed indicating the values must be zero of greater. (BZ#1001436)
    
    * When running the 'rpm -V qemu-kvm-rhev' command, an error was
    generated stating there were unsatisfied dependencies. This has been
    fixed so there now are no unsatisfied dependencies and it executes
    correctly. (BZ#1010930)
    
    In addition, this update adds the following enhancements :
    
    * QEMU I/O throttling allows for finer control of the rate of I/O
    operations at the QEMU level, and is therefore independent of the
    underlying storage device. A similar feature can be created by using
    cgroups at the libvirt level, but cgroups is limited as it does not
    support some storage devices (such as image files over NFS) and
    throttles the whole virtual machine, including access to meta-data,
    while qemu I/O is more fine-grained. (BZ#956825)
    
    * Patches were added to the QEMU block driver for accessing CEPH
    storage on qemu-kvm-rhev. However,this is not usable on its own, a
    librbd library still needs to be provided. The librbd library is not
    provided in Red Hat Enterprise Linux and will be handled by a third
    party source. (BZ#988079)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1754"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4344"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1754";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-img-rhev-0.12.1.2-2.415.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-kvm-rhev-0.12.1.2-2.415.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-kvm-rhev-debuginfo-0.12.1.2-2.415.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-kvm-rhev-tools-0.12.1.2-2.415.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-img-rhev / qemu-kvm-rhev / qemu-kvm-rhev-debuginfo / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1527.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of
    last seen2020-06-01
    modified2020-06-02
    plugin id78979
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78979
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1527. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78979);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2010-5107", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-4238", "CVE-2013-4344");
      script_bugtraq_id(58162, 61738, 62042, 62043, 62049, 62773);
      script_xref(name:"RHSA", value:"2013:1527");
    
      script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated rhev-hypervisor6 package that fixes multiple security
    issues and one bug is now available.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The rhev-hypervisor6 package provides a Red Hat Enterprise
    Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
    Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
    (KVM) hypervisor. It includes everything necessary to run and manage
    virtual machines: a subset of the Red Hat Enterprise Linux operating
    environment and the Red Hat Enterprise Virtualization Agent.
    
    Note: Red Hat Enterprise Virtualization Hypervisor is only available
    for the Intel 64 and AMD64 architectures with virtualization
    extensions.
    
    Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization
    Hypervisor through the 3.2 Manager administration portal, the Host may
    appear with the status of 'Install Failed'. If this happens, place the
    host into maintenance mode, then activate it again to get the host
    back to an 'Up' state.
    
    A buffer overflow flaw was found in the way QEMU processed the SCSI
    'REPORT LUNS' command when more than 256 LUNs were specified for a
    single SCSI target. A privileged guest user could use this flaw to
    corrupt QEMU process memory on the host, which could potentially
    result in arbitrary code execution on the host with the privileges of
    the QEMU process. (CVE-2013-4344)
    
    Multiple flaws were found in the way Linux kernel handled HID (Human
    Interface Device) reports. An attacker with physical access to the
    system could use this flaw to crash the system or, potentially,
    escalate their privileges on the system. (CVE-2013-2888,
    CVE-2013-2889, CVE-2013-2892)
    
    A flaw was found in the way the Python SSL module handled X.509
    certificate fields that contain a NULL byte. An attacker could
    potentially exploit this flaw to conduct man-in-the-middle attacks to
    spoof SSL servers. Note that to exploit this issue, an attacker would
    need to obtain a carefully crafted certificate signed by an authority
    that the client trusts. (CVE-2013-4238)
    
    The default OpenSSH configuration made it easy for remote attackers to
    exhaust unauthorized connection slots and prevent other users from
    being able to log in to a system. This flaw has been addressed by
    enabling random early connection drops by setting MaxStartups to
    10:30:100 by default. For more information, refer to the
    sshd_config(5) man page. (CVE-2010-5107)
    
    The CVE-2013-4344 issue was discovered by Asias He of Red Hat.
    
    This updated package provides updated components that include fixes
    for various security issues. These issues have no security impact on
    Red Hat Enterprise Virtualization Hypervisor itself, however. The
    security fixes included in this update address the following CVE
    numbers :
    
    CVE-2012-0786 and CVE-2012-0787 (augeas issues)
    
    CVE-2013-1813 (busybox issue)
    
    CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)
    
    CVE-2012-4453 (dracut issue)
    
    CVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)
    
    CVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591,
    CVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929,
    CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and
    CVE-2013-2851 (kernel issues)
    
    CVE-2013-4242 (libgcrypt issue)
    
    CVE-2013-4419 (libguestfs issue)
    
    CVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)
    
    This update also fixes the following bug :
    
    * A previous version of the rhev-hypervisor6 package did not contain
    the latest vhostmd package, which provides a 'metrics communication
    channel' between a host and its hosted virtual machines, allowing
    limited introspection of host resource usage from within virtual
    machines. This has been fixed, and rhev-hypervisor6 now includes the
    latest vhostmd package. (BZ#1026703)
    
    This update also contains the fixes from the following errata :
    
    * ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html
    
    Users of the Red Hat Enterprise Virtualization Hypervisor are advised
    to upgrade to this updated package, which corrects these issues."
      );
      # https://rhn.redhat.com/errata/RHBA-2013-1528.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHBA-2013:1528"
      );
      # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c6b506c4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-5107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2889"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4238"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rhev-hypervisor6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1527";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.5-20131115.0.3.2.el6_5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-18715.NASL
    description - Fix migration from qemu <= 1.5 - Rebase to pending 1.6.1 stable - CVE-2013-4377: Fix crash when unplugging virtio devices (bz #1012633, bz #1012641) - Fix
    last seen2020-03-17
    modified2013-10-15
    plugin id70432
    published2013-10-15
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70432
    titleFedora 20 : qemu-1.6.0-10.fc20 (2013-18715)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-18715.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70432);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4344", "CVE-2013-4377");
      script_bugtraq_id(62682, 62773);
      script_xref(name:"FEDORA", value:"2013-18715");
    
      script_name(english:"Fedora 20 : qemu-1.6.0-10.fc20 (2013-18715)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fix migration from qemu <= 1.5
    
        - Rebase to pending 1.6.1 stable
    
        - CVE-2013-4377: Fix crash when unplugging virtio
          devices (bz #1012633, bz #1012641)
    
        - Fix 'new snapshot' slowness after the first snap (bz
          #988436)
    
        - Fix 9pfs xattrs on kernel 3.11 (bz #1013676)
    
        - CVE-2013-4344: buffer overflow in
          scsi_target_emulate_report_luns (bz #1015274, bz
          #1007330)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1007330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1012633"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119201.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?80d3d1e4"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected qemu package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qemu");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"qemu-1.6.0-10.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-580.NASL
    descriptionXEN was updated to fix security issues and bugs. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created - bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen: Vulnerabilities in HVM MSI injection - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#820873 - The
    last seen2020-06-05
    modified2014-10-10
    plugin id78117
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78117
    titleopenSUSE Security Update : xen (openSUSE-SU-2014:1281-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-580.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78117);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-4344", "CVE-2013-4540", "CVE-2014-3124", "CVE-2014-3967", "CVE-2014-3968", "CVE-2014-4021", "CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188");
    
      script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2014:1281-1)");
      script_summary(english:"Check for the openSUSE-2014-580 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "XEN was updated to fix security issues and bugs.
    
    Security issues fixed :
    
      - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range
        used for x2APIC emulation
    
      - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege
        level checks in x86 emulation of software interrupts
    
      - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege
        level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
    
      - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in
        HVMOP_track_dirty_vram
    
      - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun
        on invalid state load
    
      - bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type
        allows invalid P2M entries to be created
    
      - bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen:
        Vulnerabilities in HVM MSI injection
    
      - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap
        contents leaked to guests
    
      - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI
        REPORT LUNS buffer overflow 
    
    Other bugs fixed :
    
      - bnc#896023 - Adjust xentop column layout
    
      - bnc#820873 - The 'long' option doesn't work with 'xl
        list'
    
      - bnc#882127 - Xen kernel panics on booting SLES12 Beta 8
    
      - bnc#865682 - Local attach support for PHY backends using
        scripts
    
      - bnc#798770 - Improve multipath support for npiv devices"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=798770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=842006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=864801"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=865682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=875668"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=878841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=880751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=882127"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=895798"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=895799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=895802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896023"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=897657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-10/msg00010.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"xen-debugsource-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-devel-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-4.3.2_02_k3.11.10_21-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-4.3.2_02_k3.11.10_21-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-4.3.2_02_k3.11.10_21-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-debuginfo-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-debuginfo-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-doc-html-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-32bit-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-4.3.2_02-27.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-debuginfo-4.3.2_02-27.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1553.NASL
    descriptionUpdated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM. A buffer overflow flaw was found in the way QEMU processed the SCSI
    last seen2020-06-01
    modified2020-06-02
    plugin id71004
    published2013-11-21
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71004
    titleRHEL 6 : qemu-kvm (RHSA-2013:1553)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1553. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71004);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-4344");
      script_bugtraq_id(62773);
      script_xref(name:"RHSA", value:"2013:1553");
    
      script_name(english:"RHEL 6 : qemu-kvm (RHSA-2013:1553)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated qemu-kvm packages that fix one security issue, several bugs,
    and add various enhancements are now available for Red Hat Enterprise
    Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    KVM (Kernel-based Virtual Machine) is a full virtualization solution
    for Linux on AMD64 and Intel 64 systems that is built into the
    standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form
    the user-space component for running virtual machines using KVM.
    
    A buffer overflow flaw was found in the way QEMU processed the SCSI
    'REPORT LUNS' command when more than 256 LUNs were specified for a
    single SCSI target. A privileged guest user could use this flaw to
    corrupt QEMU process memory on the host, which could potentially
    result in arbitrary code execution on the host with the privileges of
    the QEMU process. (CVE-2013-4344)
    
    This issue was discovered by Asias He of Red Hat.
    
    These updated qemu-kvm packages include numerous bug fixes and various
    enhancements. Space precludes documenting all of these changes in this
    advisory. Users are directed to the Red Hat Enterprise Linux 6.5
    Technical Notes, linked to in the References, for information on the
    most significant of these changes.
    
    All qemu-kvm users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add these
    enhancements. After installing this update, shut down all running
    virtual machines. Once all virtual machines have shut down, start them
    again for this update to take effect."
      );
      # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c6b506c4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1553"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4344"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-img");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1553";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"qemu-guest-agent-0.12.1.2-2.415.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-guest-agent-0.12.1.2-2.415.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-img-0.12.1.2-2.415.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-kvm-0.12.1.2-2.415.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"qemu-kvm-debuginfo-0.12.1.2-2.415.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-kvm-debuginfo-0.12.1.2-2.415.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"qemu-kvm-tools-0.12.1.2-2.415.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-18493.NASL
    description - CVE-2013-4344: buffer overflow in scsi_target_emulate_report_luns (bz #1015274, bz #1007330) - Fix 9pfs xattrs on kernel 3.11 (bz #1013676) - Require newer ceph-libs to fix symbol error (bz #995883) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-10-15
    plugin id70430
    published2013-10-15
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70430
    titleFedora 19 : qemu-1.4.2-12.fc19 (2013-18493)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1553.NASL
    descriptionUpdated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM. A buffer overflow flaw was found in the way QEMU processed the SCSI
    last seen2020-06-01
    modified2020-06-02
    plugin id79161
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79161
    titleCentOS 6 : qemu-kvm (CESA-2013:1553)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131121_QEMU_KVM_ON_SL6_X.NASL
    descriptionA buffer overflow flaw was found in the way QEMU processed the SCSI
    last seen2020-03-18
    modified2013-12-10
    plugin id71299
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71299
    titleScientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20131121)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2933.NASL
    descriptionSeveral vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. - CVE-2013-4344 Buffer overflow in the SCSI implementation in QEMU, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. - CVE-2014-2894 Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
    last seen2020-03-17
    modified2014-05-20
    plugin id74096
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74096
    titleDebian DSA-2933-1 : qemu-kvm - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1553.NASL
    descriptionFrom Red Hat Security Advisory 2013:1553 : Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM. A buffer overflow flaw was found in the way QEMU processed the SCSI
    last seen2020-06-01
    modified2020-06-02
    plugin id71127
    published2013-11-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71127
    titleOracle Linux 6 : qemu-kvm (ELSA-2013-1553)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KVM-140416.NASL
    descriptionThe QEMU embedded within KVM received various security fixes. Various issues in the block layer have been fixed : - A virtio security issue in config io space handling. (CVE-2013-2016) - A SCSI report LUNs buffer overflow. (CVE-2013-4344) - A buffer overflow in the QEMU USB stack. (CVE-2013-4541)
    last seen2020-06-05
    modified2014-05-09
    plugin id73939
    published2014-05-09
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73939
    titleSuSE 11.3 Security Update : kvm (SAT Patch Number 9142)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_XEN-201409-141002.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed : - XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation. (bnc#897657) - XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts. (bnc#895802) - XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation. (bnc#895799) - XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram. (bnc#895798) - XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests. (bnc#880751) - XSA-96: CVE-2014-3967 / CVE-2014-3968: Vulnerabilities in HVM MSI injection. (bnc#878841) - XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible. (bnc#867910) - XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow. (bnc#842006) - qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed:. (CVE-2013-4540) - xend: Fix netif convertToDeviceNumber for running domains. (bnc#891539) - Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM. (bnc#882092) - XEN kernel panic do_device_not_available(). (bnc#881900) - Boot Failure with xen kernel in UEFI mode with error
    last seen2020-06-05
    modified2014-10-23
    plugin id78652
    published2014-10-23
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78652
    titleSuSE 11.3 Security Update : Xen (SAT Patch Number 9828)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-579.NASL
    descriptionXEN was updated to fix various bugs and security issues. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#878841 - CVE-2014-3967,CVE-2014-3968: XSA-96: Vulnerabilities in HVM MSI injection - bnc#867910 - CVE-2014-2599: XSA-89: HVMOP_set_mem_access is not preemptible - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#891539 - xend: fix netif convertToDeviceNumber for running domains - bnc#820873 - The
    last seen2020-06-05
    modified2014-10-10
    plugin id78116
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78116
    titleopenSUSE Security Update : xen (openSUSE-SU-2014:1279-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2932.NASL
    descriptionSeveral vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2013-4344 Buffer overflow in the SCSI implementation in QEMU, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. - CVE-2014-2894 Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
    last seen2020-03-17
    modified2014-05-20
    plugin id74095
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74095
    titleDebian DSA-2932-1 : qemu - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-111.NASL
    descriptionRunning QEMU in a configuration with more than 256 emulated SCSI devices attached could have caused a buffer overflow when the guest issues a REPORT LUNS command. Fix this as part of upgrading to the latest stable version on 13.1. Also fix unintentional building against gtk2 rather than gtk3 on 13.1, and fix serial retry logic on 12.3.
    last seen2020-06-05
    modified2014-06-13
    plugin id75249
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75249
    titleopenSUSE Security Update : qemu (openSUSE-SU-2014:0200-1)

Redhat

advisories
  • bugzilla
    id1022821
    title"
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentqemu-kvm-tools is earlier than 2:0.12.1.2-2.415.el6
            ovaloval:com.redhat.rhsa:tst:20131553001
          • commentqemu-kvm-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345002
        • AND
          • commentqemu-img is earlier than 2:0.12.1.2-2.415.el6
            ovaloval:com.redhat.rhsa:tst:20131553003
          • commentqemu-img is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345006
        • AND
          • commentqemu-kvm is earlier than 2:0.12.1.2-2.415.el6
            ovaloval:com.redhat.rhsa:tst:20131553005
          • commentqemu-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110345004
        • AND
          • commentqemu-guest-agent is earlier than 2:0.12.1.2-2.415.el6
            ovaloval:com.redhat.rhsa:tst:20131553007
          • commentqemu-guest-agent is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20121234002
    rhsa
    idRHSA-2013:1553
    released2013-11-20
    severityImportant
    titleRHSA-2013:1553: qemu-kvm security, bug fix, and enhancement update (Important)
  • rhsa
    idRHSA-2013:1754
rpms
  • rhev-hypervisor6-0:6.5-20131115.0.3.2.el6_5
  • qemu-guest-agent-2:0.12.1.2-2.415.el6
  • qemu-img-2:0.12.1.2-2.415.el6
  • qemu-kvm-2:0.12.1.2-2.415.el6
  • qemu-kvm-debuginfo-2:0.12.1.2-2.415.el6
  • qemu-kvm-tools-2:0.12.1.2-2.415.el6
  • qemu-img-rhev-2:0.12.1.2-2.415.el6
  • qemu-kvm-rhev-2:0.12.1.2-2.415.el6
  • qemu-kvm-rhev-debuginfo-2:0.12.1.2-2.415.el6
  • qemu-kvm-rhev-tools-2:0.12.1.2-2.415.el6