Vulnerabilities > CVE-2015-7311 - Code vulnerability in XEN

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
xen
CWE-17
nessus

Summary

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-750.NASL
    descriptionxen was updated to fix 12 security issues. These security issues were fixed : - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests (bsc#951845). - CVE-2015-7969: Leak of main per-domain vcpu pointer array (DoS) (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array (DoS) (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). - CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267). - CVE-2014-0222: Validate L2 table size to avoid integer overflows (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl fails to honour readonly flag on disks with qemu-xen (bsc#947165). - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712). - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634). These non-security issues were fixed : - bsc#907514: Bus fatal error and sles12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error and sles11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error and sles11-SP3 sudden reboot has been observed - bsc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores - bsc#945167: Running command xl pci-assignable-add 03:10.1 secondly show errors - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort - bsc#944463: VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in vnc_client_read() and protocol_client_msg() - bsc#944697: VUL-1: CVE-2015-6815: qemu: net: e1000: infinite loop issue - bsc#925466: Kdump does not work in a XEN environment
    last seen2020-06-05
    modified2015-11-18
    plugin id86909
    published2015-11-18
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86909
    titleopenSUSE Security Update : xen (openSUSE-2015-750)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-750.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86909);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-0222", "CVE-2015-3259", "CVE-2015-4037", "CVE-2015-5154", "CVE-2015-5165", "CVE-2015-5166", "CVE-2015-5239", "CVE-2015-6815", "CVE-2015-7311", "CVE-2015-7835", "CVE-2015-7969", "CVE-2015-7971", "CVE-2015-7972");
    
      script_name(english:"openSUSE Security Update : xen (openSUSE-2015-750)");
      script_summary(english:"Check for the openSUSE-2015-750 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "xen was updated to fix 12 security issues.
    
    These security issues were fixed :
    
      - CVE-2015-7972: Populate-on-demand balloon size
        inaccuracy can crash guests (bsc#951845).
    
      - CVE-2015-7969: Leak of main per-domain vcpu pointer
        array (DoS) (bsc#950703).
    
      - CVE-2015-7969: Leak of per-domain profiling-related vcpu
        pointer array (DoS) (bsc#950705).
    
      - CVE-2015-7971: Some pmu and profiling hypercalls log
        without rate limiting (bsc#950706).
    
      - CVE-2015-4037: Insecure temporary file use in
        /net/slirp.c (bsc#932267).
    
      - CVE-2014-0222: Validate L2 table size to avoid integer
        overflows (bsc#877642).
    
      - CVE-2015-7835: Uncontrolled creation of large page
        mappings by PV guests (bsc#950367).
    
      - CVE-2015-7311: libxl fails to honour readonly flag on
        disks with qemu-xen (bsc#947165).
    
      - CVE-2015-5165: QEMU leak of uninitialized heap memory in
        rtl8139 device model (bsc#939712).
    
      - CVE-2015-5166: Use after free in QEMU/Xen block unplug
        protocol (bsc#939709).
    
      - CVE-2015-5154: Host code execution via IDE subsystem
        CD-ROM (bsc#938344).
    
      - CVE-2015-3259: xl command line config handling stack
        overflow (bsc#935634).
    
    These non-security issues were fixed :
    
      - bsc#907514: Bus fatal error and sles12 sudden reboot has
        been observed
    
      - bsc#910258: SLES12 Xen host crashes with FATAL NMI after
        shutdown of guest with VT-d NIC
    
      - bsc#918984: Bus fatal error and sles11-SP4 sudden reboot
        has been observed
    
      - bsc#923967: Partner-L3: Bus fatal error and sles11-SP3
        sudden reboot has been observed
    
      - bsc#901488: Intel ixgbe driver assigns rx/tx queues per
        core resulting in irq problems on servers with a large
        amount of CPU cores
    
      - bsc#945167: Running command xl pci-assignable-add
        03:10.1 secondly show errors
    
      - bsc#949138: Setting vcpu affinity under Xen causes
        libvirtd abort
    
      - bsc#944463: VUL-0: CVE-2015-5239: qemu-kvm: Integer
        overflow in vnc_client_read() and protocol_client_msg()
    
      - bsc#944697: VUL-1: CVE-2015-6815: qemu: net: e1000:
        infinite loop issue
    
      - bsc#925466: Kdump does not work in a XEN environment"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=877642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=901488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=907514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910258"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=918984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=923967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=925466"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=932267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=935634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=938344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=939709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=939712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=944463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=944697"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=945167"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=947165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=949138"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950367"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950703"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951845"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"xen-debugsource-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-devel-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-libs-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-libs-debuginfo-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-tools-domU-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-tools-domU-debuginfo-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-doc-html-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-kmp-default-4.4.3_02_k3.16.7_29-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-kmp-default-debuginfo-4.4.3_02_k3.16.7_29-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-kmp-desktop-4.4.3_02_k3.16.7_29-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-kmp-desktop-debuginfo-4.4.3_02_k3.16.7_29-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-libs-32bit-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-tools-4.4.3_02-30.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-tools-debuginfo-4.4.3_02-30.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen-debugsource / xen-devel / xen-libs-32bit / xen-libs / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3414.NASL
    descriptionMultiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.
    last seen2020-06-01
    modified2020-06-02
    plugin id87288
    published2015-12-10
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87288
    titleDebian DSA-3414-1 : xen - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3414. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87288);
      script_version("1.4");
      script_cvs_date("Date: 2018/11/10 11:49:37");
    
      script_cve_id("CVE-2015-3259", "CVE-2015-3340", "CVE-2015-5307", "CVE-2015-6654", "CVE-2015-7311", "CVE-2015-7812", "CVE-2015-7813", "CVE-2015-7814", "CVE-2015-7969", "CVE-2015-7970", "CVE-2015-7971", "CVE-2015-7972", "CVE-2015-8104");
      script_xref(name:"DSA", value:"3414");
    
      script_name(english:"Debian DSA-3414-1 : xen - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues have been found in the Xen virtualisation
    solution, which may result in denial of service or information
    disclosure."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/xen"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2015/dsa-3414"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the xen packages.
    
    For the oldstable distribution (wheezy), an update will be provided
    later.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 4.4.1-9+deb8u3."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libxen-4.4", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libxen-dev", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libxenstore3.0", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-hypervisor-4.4-amd64", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-hypervisor-4.4-arm64", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-hypervisor-4.4-armhf", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-system-amd64", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-system-arm64", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-system-armhf", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-utils-4.4", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-utils-common", reference:"4.4.1-9+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"xenstore-utils", reference:"4.4.1-9+deb8u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1894-1.NASL
    descriptionxen was updated to version 4.4.3 to fix nine security issues. These security issues were fixed : - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86753
    published2015-11-05
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86753
    titleSUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1894-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1894-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86753);
      script_version("2.9");
      script_cvs_date("Date: 2020/01/30");
    
      script_cve_id("CVE-2014-0222", "CVE-2015-4037", "CVE-2015-5239", "CVE-2015-6815", "CVE-2015-7311", "CVE-2015-7835", "CVE-2015-7969", "CVE-2015-7971");
      script_bugtraq_id(67357, 74809);
    
      script_name(english:"SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1894-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "xen was updated to version 4.4.3 to fix nine security issues.
    
    These security issues were fixed :
    
      - CVE-2015-4037: The slirp_smb function in net/slirp.c
        created temporary files with predictable names, which
        allowed local users to cause a denial of service
        (instantiation failure) by creating /tmp/qemu-smb.*-*
        files before the program (bsc#932267).
    
      - CVE-2014-0222: Integer overflow in the qcow_open
        function allowed remote attackers to cause a denial of
        service (crash) via a large L2 table in a QCOW version 1
        image (bsc#877642).
    
      - CVE-2015-7835: Uncontrolled creation of large page
        mappings by PV guests (bsc#950367).
    
      - CVE-2015-7311: libxl in Xen did not properly handle the
        readonly flag on disks when using the qemu-xen device
        model, which allowed local guest users to write to a
        read-only disk image (bsc#947165).
    
      - CVE-2015-5239: Integer overflow in vnc_client_read() and
        protocol_client_msg() (bsc#944463).
    
      - CVE-2015-6815: With e1000 NIC emulation support it was
        possible to enter an infinite loop (bsc#944697).
    
      - CVE-2015-7969: Leak of main per-domain vcpu pointer
        array leading to denial of service (bsc#950703).
    
      - CVE-2015-7969: Leak of per-domain profiling- related
        vcpu pointer array leading to denial of service
        (bsc#950705).
    
      - CVE-2015-7971: Some pmu and profiling hypercalls log
        without rate limiting (bsc#950706).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=877642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=901488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=907514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=910258"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=918984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=923967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=932267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=944463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=944697"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=945167"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=947165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=949138"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=949549"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950367"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950703"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0222/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4037/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5239/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6815/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7311/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7969/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7971/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151894-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0b19ec80"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4 :
    
    zypper in -t patch sdksp4-xen-12184=1
    
    SUSE Linux Enterprise Server 11-SP4 :
    
    zypper in -t patch slessp4-xen-12184=1
    
    SUSE Linux Enterprise Desktop 11-SP4 :
    
    zypper in -t patch sledsp4-xen-12184=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4 :
    
    zypper in -t patch dbgsp4-xen-12184=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-kmp-default-4.4.3_02_3.0.101_65-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-libs-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-doc-html-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-tools-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-kmp-pae-4.4.3_02_3.0.101_65-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"xen-kmp-default-4.4.3_02_3.0.101_65-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"xen-libs-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"xen-tools-domU-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"xen-kmp-pae-4.4.3_02_3.0.101_65-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-kmp-default-4.4.3_02_3.0.101_65-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-libs-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-doc-html-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-tools-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-kmp-pae-4.4.3_02_3.0.101_65-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"xen-kmp-default-4.4.3_02_3.0.101_65-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"xen-libs-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"xen-tools-domU-4.4.3_02-26.2")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"xen-kmp-pae-4.4.3_02_3.0.101_65-26.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-893.NASL
    descriptionThis update fixes the following security issues : - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150)
    last seen2020-06-05
    modified2015-12-17
    plugin id87443
    published2015-12-17
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87443
    titleopenSUSE Security Update : xen (openSUSE-2015-893)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-893.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87443);
      script_version("2.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-5307", "CVE-2015-7311", "CVE-2015-7835", "CVE-2015-7970", "CVE-2015-8104");
    
      script_name(english:"openSUSE Security Update : xen (openSUSE-2015-893)");
      script_summary(english:"Check for the openSUSE-2015-893 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security issues :
    
      - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour
        readonly flag on disks with qemu-xen (xsa-142)
    
      - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by
        triggering an infinite loop in microcode via #DB
        exception
    
      - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during
        fault delivery (XSA-156)
    
      - bsc#950704 - CVE-2015-7970: xen: x86: Long latency
        populate-on-demand operation is not preemptible
        (XSA-150)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=947165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950704"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954405"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"xen-debugsource-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-devel-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-libs-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-libs-debuginfo-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-tools-domU-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"xen-tools-domU-debuginfo-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-doc-html-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-kmp-default-4.4.3_04_k3.16.7_29-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-kmp-default-debuginfo-4.4.3_04_k3.16.7_29-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-kmp-desktop-4.4.3_04_k3.16.7_29-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-kmp-desktop-debuginfo-4.4.3_04_k3.16.7_29-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-libs-32bit-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-tools-4.4.3_04-33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"xen-tools-debuginfo-4.4.3_04-33.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen-debugsource / xen-devel / xen-libs-32bit / xen-libs / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2338-1.NASL
    descriptionThis update fixes the following security issues : - bsc#955399 - Fix xm migrate --log_progress. Due to logic error progress was not logged when requested. - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#955399 - Fix xm migrate --live. The options were not passed due to a merge error. As a result the migration was not live, instead the suspended guest was migrated. - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patc h - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87650
    published2015-12-29
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87650
    titleSUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2338-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:2338-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87650);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-5307", "CVE-2015-7311", "CVE-2015-7504", "CVE-2015-7835", "CVE-2015-7969", "CVE-2015-7970", "CVE-2015-7971", "CVE-2015-7972", "CVE-2015-8104", "CVE-2015-8339", "CVE-2015-8340", "CVE-2015-8341", "CVE-2015-8345");
    
      script_name(english:"SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2338-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security issues :
    
      - bsc#955399 - Fix xm migrate --log_progress. Due to logic
        error progress was not logged when requested.
    
      - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100:
        infinite loop in processing command block list
    
      - bsc#956592 - xen: virtual PMU is unsupported (XSA-163)
    
      - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen:
        XENMEM_exchange error handling issues (XSA-159)
    
      - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel
        and initrd on error (XSA-160)
    
      - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow
        vulnerability in pcnet emulator (XSA-162)
    
      - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour
        readonly flag on disks with qemu-xen (xsa-142)
    
      - bsc#955399 - Fix xm migrate --live. The options were not
        passed due to a merge error. As a result the migration
        was not live, instead the suspended guest was migrated.
    
      - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by
        triggering an infinite loop in microcode via #DB
        exception
    
      - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during
        fault delivery (XSA-156)
    
      - bsc#950704 - CVE-2015-7970: xen: x86: Long latency
        populate-on-demand operation is not preemptible
        (XSA-150)
    
      - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand
        balloon size inaccuracy can crash guests (XSA-153)
    
      - Drop
        5604f239-x86-PV-properly-populate-descriptor-tables.patc
        h
    
      - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain
        vcpu pointer array (DoS) (XSA-149)
    
      - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain
        profiling-related vcpu pointer array (DoS) (XSA-151)
    
      - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and
        profiling hypercalls log without rate limiting (XSA-152)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=947165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950703"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950704"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=951845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=954018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=954405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=955399"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956411"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956592"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5307/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7311/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7504/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7969/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7970/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7971/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7972/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8104/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8339/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8340/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8341/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8345/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20152338-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?37a07182"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4 :
    
    zypper in -t patch sdksp4-xen-20151203-12277=1
    
    SUSE Linux Enterprise Server 11-SP4 :
    
    zypper in -t patch slessp4-xen-20151203-12277=1
    
    SUSE Linux Enterprise Desktop 11-SP4 :
    
    zypper in -t patch sledsp4-xen-20151203-12277=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4 :
    
    zypper in -t patch dbgsp4-xen-20151203-12277=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-kmp-default-4.4.3_06_3.0.101_65-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-libs-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-doc-html-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-tools-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"xen-kmp-pae-4.4.3_06_3.0.101_65-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"xen-kmp-default-4.4.3_06_3.0.101_65-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"xen-libs-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"xen-tools-domU-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"xen-kmp-pae-4.4.3_06_3.0.101_65-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-kmp-default-4.4.3_06_3.0.101_65-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-libs-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-tools-domU-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-doc-html-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-libs-32bit-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-tools-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"xen-kmp-pae-4.4.3_06_3.0.101_65-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"xen-kmp-default-4.4.3_06_3.0.101_65-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"xen-libs-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"xen-tools-domU-4.4.3_06-29.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"xen-kmp-pae-4.4.3_06_3.0.101_65-29.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2324-1.NASL
    descriptionThis update fixes the following security issues : - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - Revert x86/IO-APIC: don
    last seen2020-06-01
    modified2020-06-02
    plugin id87588
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87588
    titleSUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2324-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:2324-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87588);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2015-3259", "CVE-2015-4106", "CVE-2015-5154", "CVE-2015-5239", "CVE-2015-5307", "CVE-2015-6815", "CVE-2015-7311", "CVE-2015-7504", "CVE-2015-7835", "CVE-2015-8104", "CVE-2015-8339", "CVE-2015-8340", "CVE-2015-8341", "CVE-2015-8345");
      script_bugtraq_id(74949, 75573);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2324-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security issues :
    
      - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100:
        infinite loop in processing command block list
    
      - Revert x86/IO-APIC: don't create pIRQ mapping from
        masked RTE until kernel maintenance release goes out.
    
      - bsc#956592 - xen: virtual PMU is unsupported (XSA-163)
    
      - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen:
        XENMEM_exchange error handling issues (XSA-159)
    
      - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel
        and initrd on error (XSA-160)
    
      - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow
        vulnerability in pcnet emulator (XSA-162)
    
      - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour
        readonly flag on disks with qemu-xen (xsa-142)
    
      - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by
        triggering an infinite loop in microcode via #DB
        exception
    
      - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during
        fault delivery (XSA-156)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=947165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=954018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=954405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956411"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956592"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=956832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3259/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-4106/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5154/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5239/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5307/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-6815/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7311/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7504/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8104/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8339/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8340/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8341/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8345/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20152324-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fc855953"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-999=1
    
    SUSE Linux Enterprise Server 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-999=1
    
    SUSE Linux Enterprise Desktop 12-SP1 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-999=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-debugsource-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-doc-html-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.5.2_02_k3.12.49_11-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-debuginfo-4.5.2_02_k3.12.49_11-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-libs-32bit-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-libs-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-libs-debuginfo-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-tools-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"xen-tools-domU-debuginfo-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"xen-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"xen-debugsource-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-4.5.2_02_k3.12.49_11-4.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"xen-kmp-default-debuginfo-4.5.2_02_k3.12.49_11-4.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"xen-libs-32bit-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"xen-libs-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.5.2_02-4.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"xen-libs-debuginfo-4.5.2_02-4.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-892.NASL
    descriptionThis update fixes the following security issues : - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970 xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
    last seen2020-06-05
    modified2015-12-16
    plugin id87393
    published2015-12-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87393
    titleopenSUSE Security Update : xen (openSUSE-2015-892)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-892.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87393);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-3259", "CVE-2015-4106", "CVE-2015-5154", "CVE-2015-5239", "CVE-2015-5307", "CVE-2015-6815", "CVE-2015-7311", "CVE-2015-7835", "CVE-2015-7970", "CVE-2015-8104");
    
      script_name(english:"openSUSE Security Update : xen (openSUSE-2015-892)");
      script_summary(english:"Check for the openSUSE-2015-892 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security issues :
    
      - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour
        readonly flag on disks with qemu-xen (xsa-142)
    
      - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by
        triggering an infinite loop in microcode via #DB
        exception
    
      - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during
        fault delivery (XSA-156)
    
      - bsc#950704 - CVE-2015-7970 xen: x86: Long latency
        populate-on-demand operation is not preemptible
        (XSA-150)
        563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=947165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950704"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954405"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"xen-debugsource-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"xen-devel-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"xen-libs-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"xen-libs-debuginfo-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"xen-tools-domU-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"xen-tools-domU-debuginfo-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"xen-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"xen-doc-html-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"xen-kmp-default-4.5.2_01_k4.1.12_1-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"xen-kmp-default-debuginfo-4.5.2_01_k4.1.12_1-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"xen-libs-32bit-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"xen-tools-4.5.2_01-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.5.2_01-6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen-debugsource / xen-devel / xen-libs-32bit / xen-libs / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1853-1.NASL
    descriptionxen was updated to fix nine security issues. These security issues were fixed : - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86704
    published2015-11-03
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86704
    titleSUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1853-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-15943.NASL
    descriptionlibxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-22
    plugin id86055
    published2015-09-22
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86055
    titleFedora 23 : xen-4.5.1-8.fc23 (2015-15943)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-34.NASL
    descriptionThis update for xen fixes the following security issues : - CVE-2015-8550: paravirtualized drivers incautious about shared memory contents (XSA-155, boo#957988) - CVE-2015-8558: qemu: usb: infinite loop in ehci_advance_state results in DoS (boo#959006) - CVE-2015-7549: qemu pci: NULL pointer dereference issue (boo#958918) - CVE-2015-8504: qemu: ui: vnc: avoid floating point exception (boo#958493) - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164, boo#958007) - CVE-2015-8555: information leak in legacy x86 FPU/XMM initialization (XSA-165, boo#958009) - boo#958523 xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list (boo#956832) - boo#956592: xen: virtual PMU is unsupported (XSA-163) - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159, boo#956408) - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160, boo#956409) - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162, boo#956411) - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142, boo#947165) - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception (boo#954405) - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156, boo#954018) - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150, boo#950704)
    last seen2020-06-05
    modified2016-01-25
    plugin id88124
    published2016-01-25
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88124
    titleopenSUSE Security Update : xen (openSUSE-2016-34)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201604-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201604-03 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A local attacker could possibly cause a Denial of Service condition or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id90380
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90380
    titleGLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1908-1.NASL
    descriptionxen was updated to version 4.4.3 to fix nine security issues. These security issues were fixed : - CVE-2015-4037: The slirp_smb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program (bsc#932267). - CVE-2014-0222: Integer overflow in the qcow_open function allowed remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl in Xen did not properly handle the readonly flag on disks when using the qemu-xen device model, which allowed local guest users to write to a read-only disk image (bsc#947165). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: With e1000 NIC emulation support it was possible to enter an infinite loop (bsc#944697). - CVE-2015-7969: Leak of main per-domain vcpu pointer array leading to denial of service (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling- related vcpu pointer array leading to denial of service (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86756
    published2015-11-05
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86756
    titleSUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:1908-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-15946.NASL
    descriptionlibxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)] ---- update to xen-4.4.3, including Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166], QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-28
    plugin id86163
    published2015-09-28
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86163
    titleFedora 21 : xen-4.4.3-3.fc21 (2015-15946)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_301B04D7881C11E5AB94002590263BF5.NASL
    descriptionThe Xen Project reports : Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl to pass this information to qemu-xen (the upstream-based qemu); and indeed there is no way in qemu to make a disk read-only. The vulnerability is exploitable only via devices emulated by the device model, not the parallel PV devices for supporting PVHVM. Normally the PVHVM device unplug protocol renders the emulated devices inaccessible early in boot. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected.
    last seen2020-06-01
    modified2020-06-02
    plugin id86835
    published2015-11-11
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86835
    titleFreeBSD : xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen (301b04d7-881c-11e5-ab94-002590263bf5)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-729.NASL
    descriptionxen was updated to fix 13 security issues. These security issues were fixed : - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests (bsc#951845). - CVE-2015-7969: Leak of main per-domain vcpu pointer array (DoS) (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array (DoS) (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). - CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267). - CVE-2014-0222: Validate L2 table size to avoid integer overflows (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl fails to honour readonly flag on disks with qemu-xen (bsc#947165). - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712). - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: e1000: infinite loop issue (bsc#944697). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). This non-security issues was fixed : - bsc#941074: VmError: Device 51728 (vbd) could not be connected. Hotplug scripts not working.
    last seen2020-06-05
    modified2015-11-13
    plugin id86863
    published2015-11-13
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86863
    titleopenSUSE Security Update : xen (openSUSE-2015-729)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2326-1.NASL
    descriptionThis update fixes the following security issues : - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87590
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87590
    titleSUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:2326-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-15944.NASL
    descriptionlibxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)] ---- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-28
    plugin id86162
    published2015-09-28
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86162
    titleFedora 22 : xen-4.5.1-8.fc22 (2015-15944)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-2328-1.NASL
    descriptionThis update fixes the following security issues : - bsc#956832 - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list - bsc#956592 - xen: virtual PMU is unsupported (XSA-163) - bsc#956408 - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) - bsc#956409 - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) - bsc#956411 - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) - bsc#947165 - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) - bsc#954405 - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) CVE-2015-5307-xsa156.patch - bsc#950704 - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch - bsc#951845 - CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) xsa153-libxl.patch xend-xsa153.patch - Drop 5604f239-x86-PV-properly-populate-descriptor-tables.patc h - bsc#950703 - CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) - bsc#950705 - CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) - bsc#950706 - CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id87591
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87591
    titleSUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2328-1)