Vulnerabilities > CVE-2014-4021 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | Xen
| 24 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-7734.NASL description Hypervisor heap contents leaked to guest, with extra patch to avoid regression Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-07-05 plugin id 76371 published 2014-07-05 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76371 title Fedora 19 : xen-4.2.4-6.fc19 (2014-7734) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-7734. # include("compat.inc"); if (description) { script_id(76371); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-4021"); script_bugtraq_id(68070); script_xref(name:"FEDORA", value:"2014-7734"); script_name(english:"Fedora 19 : xen-4.2.4-6.fc19 (2014-7734)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Hypervisor heap contents leaked to guest, with extra patch to avoid regression Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1103646" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?23b7402f" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"xen-4.2.4-6.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1691-1.NASL description Xen has been updated to fix six security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of last seen 2020-06-05 modified 2015-05-20 plugin id 83651 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83651 title SUSE SLES10 Security Update : Xen (SUSE-SU-2014:1691-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:1691-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83651); script_version("2.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-4021", "CVE-2014-7155", "CVE-2014-8594", "CVE-2014-8595", "CVE-2014-8866", "CVE-2014-8867", "CVE-2014-9030"); script_bugtraq_id(68070, 70057, 71149, 71151, 71207, 71331, 71332); script_name(english:"SUSE SLES10 Security Update : Xen (SUSE-SU-2014:1691-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Xen has been updated to fix six security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor (CVE-2014-8867). - Missing privilege level checks in x86 emulation of far branches (CVE-2014-8595). - Guest user mode triggerable VM exits not handled by hypervisor (bnc#903850). - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (CVE-2014-7155). - Hypervisor heap contents leaked to guests (CVE-2014-4021). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=880751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=895799" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=903850" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=903970" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=905467" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=906439" ); # https://download.suse.com/patch/finder/?keywords=2430903f7edca75f2ff542e854abf451 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c1ba1e75" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8594/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8595/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8866/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8867/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9030/" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20141691-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0b43f28e" ); script_set_attribute(attribute:"solution", value:"Update the affected Xen packages"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-ps"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-bigsmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-kdumppae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-vmi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-vmipae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-ioemu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-devel-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-doc-html-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-doc-pdf-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-doc-ps-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-libs-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-tools-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-tools-ioemu-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-devel-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-doc-html-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-doc-pdf-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-doc-ps-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-libs-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-tools-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-tools-domU-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-tools-ioemu-3.2.3_17040_46-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.107.24-0.9.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xen"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-580.NASL description XEN was updated to fix security issues and bugs. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created - bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen: Vulnerabilities in HVM MSI injection - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#820873 - The last seen 2020-06-05 modified 2014-10-10 plugin id 78117 published 2014-10-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78117 title openSUSE Security Update : xen (openSUSE-SU-2014:1281-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-580. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(78117); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4344", "CVE-2013-4540", "CVE-2014-3124", "CVE-2014-3967", "CVE-2014-3968", "CVE-2014-4021", "CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188"); script_name(english:"openSUSE Security Update : xen (openSUSE-SU-2014:1281-1)"); script_summary(english:"Check for the openSUSE-2014-580 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "XEN was updated to fix security issues and bugs. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#875668 - CVE-2014-3124: XSA-92: HVMOP_set_mem_type allows invalid P2M entries to be created - bnc#878841 - CVE-2014-3967, CVE-2014-3968: XSA-96: Xen: Vulnerabilities in HVM MSI injection - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#820873 - The 'long' option doesn't work with 'xl list' - bnc#882127 - Xen kernel panics on booting SLES12 Beta 8 - bnc#865682 - Local attach support for PHY backends using scripts - bnc#798770 - Improve multipath support for npiv devices" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=798770" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=820873" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=842006" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864801" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=865682" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=875668" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=878841" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=880751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=882127" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895798" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895799" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895802" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=896023" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=897657" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-10/msg00010.html" ); script_set_attribute(attribute:"solution", value:"Update the affected xen packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"xen-debugsource-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-devel-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-debuginfo-4.3.2_02_k3.11.10_21-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-debuginfo-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-debuginfo-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-doc-html-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-32bit-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-4.3.2_02-27.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-debuginfo-4.3.2_02-27.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0926.NASL description From Red Hat Security Advisory 2014:0926 : Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 76856 published 2014-07-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76856 title Oracle Linux 5 : kernel (ELSA-2014-0926) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0926 and # Oracle Linux Security Advisory ELSA-2014-0926 respectively. # include("compat.inc"); if (description) { script_id(76856); script_version("1.10"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2014-2678", "CVE-2014-4021"); script_bugtraq_id(66543, 68070); script_xref(name:"RHSA", value:"2014:0926"); script_name(english:"Oracle Linux 5 : kernel (ELSA-2014-0926)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:0926 : Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2014-2678, Moderate) * It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself. (CVE-2014-4021, Moderate) Red Hat would like to thank the Xen project for reporting CVE-2014-4021. Upstream acknowledges Jan Beulich as the original reporter. This update also fixes the following bugs : * A bug in the journaling block device (jbd and jbd2) code could, under certain circumstances, trigger a BUG_ON() assertion and result in a kernel oops. This happened when an application performed an extensive number of commits to the journal of the ext3 file system and there was no currently active transaction while synchronizing the file's in-core state. This problem has been resolved by correcting respective test conditions in the jbd and jbd2 code. (BZ#1097528) * After a statically defined gateway became unreachable and its corresponding neighbor entry entered a FAILED state, the gateway stayed in the FAILED state even after it became reachable again. As a consequence, traffic was not routed through that gateway. This update allows probing such a gateway automatically so that the traffic can be routed through this gateway again once it becomes reachable. (BZ#1106354) * Due to an incorrect condition check in the IPv6 code, the ipv6 driver was unable to correctly assemble incoming packet fragments, which resulted in a high IPv6 packet loss rate. This update fixes the said check for a fragment overlap and ensures that incoming IPv6 packet fragments are now processed as expected. (BZ#1107932) * Recent changes in the d_splice_alias() function introduced a bug that allowed d_splice_alias() to return a dentry from a different directory than the directory being looked up. As a consequence in cluster environment, a kernel panic could be triggered when a directory was being removed while a concurrent cross-directory operation was performed on this directory on another cluster node. This update avoids the kernel panic in this situation by correcting the search logic in the d_splice_alias() function so that the function can no longer return a dentry from an incorrect directory. (BZ#1109720) * The NFSv4 server did not handle multiple OPEN operations to the same file separately, which could cause the NFSv4 client to repeatedly send CLOSE requests with the same state ID, even though the NFS server rejected the request with an NFS4ERR_OLD_STATEID (10024) error code. This update ensures that the NFSv4 client no longer re-sends the same CLOSE request after receiving NFS4ERR_OLD_STATEID. (BZ#1113468) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-July/004299.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/01"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2014-2678", "CVE-2014-4021"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-0926"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "2.6"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-371.11.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-371.11.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-371.11.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-371.11.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-371.11.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-371.11.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-371.11.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-371.11.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-371.11.1.el5")) flag++; if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-371.11.1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family Misc. NASL id CITRIX_XENSERVER_CTX140984.NASL description The remote host is running a version of Citrix XenServer that is affected by multiple vulnerabilities : - An information disclosure exists due to the Xen hypervisor last seen 2020-06-01 modified 2020-06-02 plugin id 76771 published 2014-07-24 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76771 title Citrix XenServer Multiple Vulnerabilities (CTX140984) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76771); script_version("1.8"); script_cvs_date("Date: 2018/07/09 12:26:58"); script_cve_id("CVE-2014-4021", "CVE-2014-4947", "CVE-2014-4948"); script_bugtraq_id(68070, 68659, 68660); script_name(english:"Citrix XenServer Multiple Vulnerabilities (CTX140984)"); script_summary(english:"Checks XenServer version and installed hotfixes."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Citrix XenServer that is affected by multiple vulnerabilities : - An information disclosure exists due to the Xen hypervisor's failure to properly clean memory pages. (CVE-2014-4021) - An unspecified vulnerability exists due to a buffer overflow in the HVM graphics console. (CVE-2014-4947) - XenServer is affected by an unspecified denial of service and information disclosure vulnerability. (CVE-2014-4948)"); script_set_attribute(attribute:"see_also", value:"https://support.citrix.com/article/CTX140984"); script_set_attribute(attribute:"solution", value: "Apply the relevant hotfix referenced in the advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:citrix:xenserver"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("citrix_xenserver_version.nbin"); script_require_keys("Host/XenServer/version", "Host/local_checks_enabled"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); app_name = "Citrix XenServer"; version = get_kb_item_or_exit("Host/XenServer/version"); get_kb_item_or_exit("Host/local_checks_enabled"); patches = get_kb_item("Host/XenServer/patches"); vuln = FALSE; # We will do our checks within the branches because 6.0.2 needs # special treatment. if (version == "6.0.0") { fix = "XS60E039 / XS60E038"; if ("XS60E039" >!< patches || "XS60E038" >!< patches) vuln = TRUE; } else if (version == "6.0.2") { fix = "XS602E035 or XS602ECC011 / XS602ECC010"; if ("XS602E035" >!< patches && ("XS602ECC011" >!< patches || "XS602ECC010" >!< patches)) vuln = TRUE; } else if (version =~ "^6\.1\.") { fix = "XS61E041 / XS61E040"; if ("XS61E041" >!< patches || "XS61E040" >!< patches) vuln = TRUE; } else if (version =~ "^6\.2\.") { fix = "XS62ESP1008"; if ("XS62ESP1008" >!< patches) vuln = TRUE; } else audit(AUDIT_INST_VER_NOT_VULN, app_name, version); if (vuln) { port = 0; report = '\n Installed version : ' + version + '\n Missing hotfix : ' + fix + '\n'; security_report_v4(severity:SECURITY_HOLE, extra:report, port:port); } else audit(AUDIT_PATCH_INSTALLED, fix);NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3006.NASL description Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service. last seen 2020-03-17 modified 2014-08-19 plugin id 77240 published 2014-08-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77240 title Debian DSA-3006-1 : xen - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3006. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(77240); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1432", "CVE-2013-1442", "CVE-2013-2076", "CVE-2013-2077", "CVE-2013-2078", "CVE-2013-2194", "CVE-2013-2195", "CVE-2013-2196", "CVE-2013-2211", "CVE-2013-4329", "CVE-2013-4355", "CVE-2013-4361", "CVE-2013-4368", "CVE-2013-4494", "CVE-2013-4553", "CVE-2014-1950", "CVE-2014-2599", "CVE-2014-3124", "CVE-2014-4021"); script_bugtraq_id(60277, 60278, 60282, 60701, 60702, 60703, 60721, 60799, 62307, 62630, 62708, 62710, 62935, 63494, 63933, 65529, 66407, 67113, 68070); script_xref(name:"DSA", value:"3006"); script_name(english:"Debian DSA-3006-1 : xen - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/xen" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-3006" ); script_set_attribute( attribute:"solution", value: "Upgrade the xen packages. For the stable distribution (wheezy), these problems have been fixed in version 4.1.4-3+deb7u2." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libxen-4.1", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libxen-dev", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libxen-ocaml", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libxen-ocaml-dev", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libxenstore3.0", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-docs-4.1", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-amd64", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-i386", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-system-amd64", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-system-i386", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-utils-4.1", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xen-utils-common", reference:"4.1.4-3+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"xenstore-utils", reference:"4.1.4-3+deb7u2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0004.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0004 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 80928 published 2015-01-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80928 title OracleVM 3.3 : xen (OVMSA-2015-0004) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201407-03.NASL description The remote host is affected by the vulnerability described in GLSA-201407-03 (Xen: Multiple Vunlerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76544 published 2014-07-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76544 title GLSA-201407-03 : Xen: Multiple Vunlerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1710-1.NASL description xen was updated to fix 14 security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of last seen 2020-06-05 modified 2015-05-20 plugin id 83654 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83654 title SUSE SLES11 Security Update : xen (SUSE-SU-2014:1710-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0926.NASL description Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 76751 published 2014-07-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76751 title RHEL 5 : kernel (RHSA-2014:0926) NASL family Scientific Linux Local Security Checks NASL id SL_20140723_KERNEL_ON_SL5_X.NASL description - A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel last seen 2020-03-18 modified 2014-07-25 plugin id 76782 published 2014-07-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76782 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140723) NASL family Fedora Local Security Checks NASL id FEDORA_2014-7722.NASL description Hypervisor heap contents leaked to guest, with extra patch to avoid regression Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-07-05 plugin id 76370 published 2014-07-05 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76370 title Fedora 20 : xen-4.3.2-6.fc20 (2014-7722) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0926.NASL description Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 76779 published 2014-07-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76779 title CentOS 5 : kernel (CESA-2014:0926) NASL family SuSE Local Security Checks NASL id SUSE_11_XEN-201409-141002.NASL description The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed : - XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation. (bnc#897657) - XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts. (bnc#895802) - XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation. (bnc#895799) - XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram. (bnc#895798) - XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests. (bnc#880751) - XSA-96: CVE-2014-3967 / CVE-2014-3968: Vulnerabilities in HVM MSI injection. (bnc#878841) - XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible. (bnc#867910) - XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow. (bnc#842006) - qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed:. (CVE-2013-4540) - xend: Fix netif convertToDeviceNumber for running domains. (bnc#891539) - Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM. (bnc#882092) - XEN kernel panic do_device_not_available(). (bnc#881900) - Boot Failure with xen kernel in UEFI mode with error last seen 2020-06-05 modified 2014-10-23 plugin id 78652 published 2014-10-23 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78652 title SuSE 11.3 Security Update : Xen (SAT Patch Number 9828) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-579.NASL description XEN was updated to fix various bugs and security issues. Security issues fixed : - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#878841 - CVE-2014-3967,CVE-2014-3968: XSA-96: Vulnerabilities in HVM MSI injection - bnc#867910 - CVE-2014-2599: XSA-89: HVMOP_set_mem_access is not preemptible - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed : - bnc#896023 - Adjust xentop column layout - bnc#891539 - xend: fix netif convertToDeviceNumber for running domains - bnc#820873 - The last seen 2020-06-05 modified 2014-10-10 plugin id 78116 published 2014-10-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78116 title openSUSE Security Update : xen (openSUSE-SU-2014:1279-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1732-1.NASL description xen was updated to fix 10 security issues : - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of last seen 2020-06-05 modified 2015-05-20 plugin id 83659 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83659 title SUSE SLES11 Security Update : xen (SUSE-SU-2014:1732-1)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://linux.oracle.com/errata/ELSA-2014-0926.html
- http://linux.oracle.com/errata/ELSA-2014-0926-1.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
- http://secunia.com/advisories/59208
- http://secunia.com/advisories/60027
- http://secunia.com/advisories/60130
- http://secunia.com/advisories/60471
- http://security.gentoo.org/glsa/glsa-201407-03.xml
- http://support.citrix.com/article/CTX140984
- http://www.debian.org/security/2014/dsa-3006
- http://www.securityfocus.com/bid/68070
- http://www.securitytracker.com/id/1030442
- http://xenbits.xen.org/xsa/advisory-100.html