Vulnerabilities > CVE-2016-5008 - Improper Access Control vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Embedding Scripts within Scripts An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
- Signature Spoofing by Key Theft An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3576-1.NASL description Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. (CVE-2017-1000256) Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly handled large QEMU replies. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2018-5748) Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so module. An attacker in a libvirt_lxc session could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6764). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106928 published 2018-02-21 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106928 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : libvirt vulnerabilities (USN-3576-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3576-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(106928); script_version("3.5"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2016-5008", "CVE-2017-1000256", "CVE-2018-5748", "CVE-2018-6764"); script_xref(name:"USN", value:"3576-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : libvirt vulnerabilities (USN-3576-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. (CVE-2017-1000256) Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly handled large QEMU replies. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2018-5748) Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so module. An attacker in a libvirt_lxc session could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6764). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3576-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt-bin and / or libvirt0 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"libvirt-bin", pkgver:"1.2.2-0ubuntu13.1.26")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libvirt0", pkgver:"1.2.2-0ubuntu13.1.26")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libvirt-bin", pkgver:"1.3.1-1ubuntu10.19")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libvirt0", pkgver:"1.3.1-1ubuntu10.19")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"libvirt-bin", pkgver:"3.6.0-1ubuntu6.3")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"libvirt0", pkgver:"3.6.0-1ubuntu6.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt-bin / libvirt0"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20161103_LIBVIRT_ON_SL7_X.NASL description The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). Security Fix(es) : - It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) - A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) - It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) last seen 2020-03-18 modified 2016-12-15 plugin id 95846 published 2016-12-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95846 title Scientific Linux Security Update : libvirt on SL7.x x86_64 (20161103) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(95846); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2015-5160", "CVE-2015-5313", "CVE-2016-5008"); script_name(english:"Scientific Linux Security Update : libvirt on SL7.x x86_64 (20161103)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). Security Fix(es) : - It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) - A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) - It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=9310 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5dce02be" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-login-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-nss"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-client-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-config-network-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-network-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-kvm-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-lxc-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-debuginfo-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-devel-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-docs-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-lock-sanlock-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-login-shell-2.0.0-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-nss-2.0.0-10.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-daemon / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2016-65CC608EBE.NASL description - Rebased to version 1.3.3.2 - Fix xen default video device config (bz #1336629) - Don last seen 2020-06-05 modified 2016-07-25 plugin id 92533 published 2016-07-25 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92533 title Fedora 24 : libvirt (2016-65cc608ebe) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-65cc608ebe. # include("compat.inc"); if (description) { script_id(92533); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5008"); script_xref(name:"FEDORA", value:"2016-65cc608ebe"); script_name(english:"Fedora 24 : libvirt (2016-65cc608ebe)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Rebased to version 1.3.3.2 - Fix xen default video device config (bz #1336629) - Don't reject duplicate disk serials (bz #1349895) - Fix LXC cgroup name mismatch (bz #1350139) - Fix managed save/restore with VM USB Keyboard (bz #1353222) - Missing dep on systemd-container (bz #1355784) - CVE-2016-5008: Setting empty VNC password allows access to unauthorized users (bz #1351516) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-65cc608ebe" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libvirt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"libvirt-1.3.3.2-1.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2577.NASL description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es) : * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 95324 published 2016-11-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95324 title CentOS 7 : libvirt (CESA-2016:2577) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:2577 and # CentOS Errata and Security Advisory 2016:2577 respectively. # include("compat.inc"); if (description) { script_id(95324); script_version("3.6"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2015-5160", "CVE-2015-5313", "CVE-2016-5008"); script_xref(name:"RHSA", value:"2016:2577"); script_name(english:"CentOS 7 : libvirt (CESA-2016:2577)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es) : * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section." ); # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003620.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e54d212d" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5008"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-login-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libvirt-nss"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-client-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-config-network-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-network-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-kvm-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-daemon-lxc-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-devel-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-docs-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-lock-sanlock-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-login-shell-2.0.0-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libvirt-nss-2.0.0-10.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-daemon / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2577.NASL description An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es) : * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 94540 published 2016-11-04 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94540 title RHEL 7 : libvirt (RHSA-2016:2577) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:2577. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(94540); script_version("2.14"); script_cvs_date("Date: 2019/10/24 15:35:42"); script_cve_id("CVE-2015-5160", "CVE-2015-5313", "CVE-2016-5008"); script_xref(name:"RHSA", value:"2016:2577"); script_name(english:"RHEL 7 : libvirt (RHSA-2016:2577)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es) : * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section." ); # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3395ff0b" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:2577" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-5160" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-5313" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-5008" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-nss"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:2577"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", reference:"libvirt-client-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-config-network-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-config-network-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-config-nwfilter-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-interface-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-lxc-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-network-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-network-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-nodedev-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-nwfilter-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-secret-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-storage-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-kvm-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-lxc-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-lxc-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", reference:"libvirt-debuginfo-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", reference:"libvirt-devel-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-docs-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-docs-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-lock-sanlock-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-login-shell-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-login-shell-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL7", reference:"libvirt-nss-2.0.0-10.el7", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-daemon / etc"); } }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-875.NASL description This update for libvirt fixes the following issue : - CVE-2016-5008: empty VNC password disables authentication (boo#987527) last seen 2020-06-05 modified 2016-07-18 plugin id 92353 published 2016-07-18 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/92353 title openSUSE Security Update : libvirt (openSUSE-2016-875) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-875. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(92353); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5008"); script_name(english:"openSUSE Security Update : libvirt (openSUSE-2016-875)"); script_summary(english:"Check for the openSUSE-2016-875 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for libvirt fixes the following issue : - CVE-2016-5008: empty VNC password disables authentication (boo#987527)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=987527" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-client-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-client-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-config-network-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-config-nwfilter-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-interface-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-interface-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-lxc-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-lxc-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-network-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-network-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-nodedev-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-nodedev-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-nwfilter-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-qemu-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-qemu-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-secret-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-secret-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-storage-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-storage-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-uml-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-uml-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-vbox-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-vbox-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-lxc-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-qemu-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-uml-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-vbox-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-debugsource-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-devel-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-lock-sanlock-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-lock-sanlock-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-login-shell-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-login-shell-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-client-32bit-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-client-debuginfo-32bit-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-daemon-xen-1.2.18.2-11.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-devel-32bit-1.2.18.2-11.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-client-32bit / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-943.NASL description This update for libvirt fixes the following issues : - Update to libvirt 1.2.18.4 stable release - Inherit many upstream bug fixes, including CVE-2016-5008 boo#987527. For details, see http://wiki.libvirt.org/page/Maintenance_Releases - virsh: improve waiting for block job readines (boo#989755) last seen 2020-06-05 modified 2016-08-08 plugin id 92773 published 2016-08-08 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92773 title openSUSE Security Update : libvirt (openSUSE-2016-943) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-943. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(92773); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5008"); script_name(english:"openSUSE Security Update : libvirt (openSUSE-2016-943)"); script_summary(english:"Check for the openSUSE-2016-943 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for libvirt fixes the following issues : - Update to libvirt 1.2.18.4 stable release - Inherit many upstream bug fixes, including CVE-2016-5008 boo#987527. For details, see http://wiki.libvirt.org/page/Maintenance_Releases - virsh: improve waiting for block job readines (boo#989755)" ); # http://wiki.libvirt.org/page/Maintenance_Releases script_set_attribute( attribute:"see_also", value:"https://wiki.libvirt.org/page/Maintenance_Releases" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=987527" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989755" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-client-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-client-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-config-network-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-config-nwfilter-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-interface-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-interface-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-lxc-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-network-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-network-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-nodedev-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-nwfilter-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-qemu-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-secret-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-secret-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-storage-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-storage-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-uml-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-uml-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-vbox-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-driver-vbox-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-lxc-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-qemu-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-uml-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-daemon-vbox-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-debugsource-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-devel-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-lock-sanlock-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-lock-sanlock-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-login-shell-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libvirt-login-shell-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-client-32bit-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-client-debuginfo-32bit-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-daemon-xen-1.2.18.4-14.2") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libvirt-devel-32bit-1.2.18.4-14.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-client-32bit / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2141-1.NASL description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2018-3639: Add support for last seen 2020-06-01 modified 2020-06-02 plugin id 111503 published 2018-08-02 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111503 title SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2141-1) (Spectre) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:2141-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(111503); script_version("1.8"); script_cvs_date("Date: 2019/09/10 13:51:48"); script_cve_id("CVE-2016-5008", "CVE-2017-5715", "CVE-2018-1064", "CVE-2018-3639", "CVE-2018-5748"); script_xref(name:"IAVA", value:"2018-A-0020"); script_name(english:"SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2141-1) (Spectre)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for libvirt fixes the following issues: Security issues fixed : - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka 'Memory Disambiguation' (bsc#1092885). - CVE-2018-1064: Fix denial of service problem during reading from guest agent (bsc#1083625). - CVE-2018-5748: Fix resource exhaustion via qemuMonitorIORead() method (bsc#1076500). - CVE-2016-5008: Fix that an empty VNC password disables authentication (bsc#987527). - CVE-2017-5715: Fix speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). Bug fixes : - bsc#980558: Fix NUMA node memory allocation. - bsc#968483: Restart daemons in %posttrans after connection drivers. - bsc#897352: Systemd fails to ignore LSB services. - bsc#956298: virsh domxml-to-native causes segfault of libvirtd. - bsc#964465: libvirtd.service causes systemd warning about xencommons service. - bsc#954872: Script block-dmmd not working as expected. - bsc#854343: libvirt installation run inappropriate systemd restart. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076500" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079869" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083625" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1092885" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=854343" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=897352" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=954872" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=956298" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=964465" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968483" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980558" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=987527" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5008/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-5715/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1064/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-3639/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-5748/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20182141-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2121114c" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2018-1455=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/02"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"libvirt-daemon-xen-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-client-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-client-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-config-network-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-config-nwfilter-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-interface-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-interface-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-lxc-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-lxc-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-network-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-network-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-nodedev-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-nodedev-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-nwfilter-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-nwfilter-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-qemu-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-qemu-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-secret-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-secret-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-storage-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-driver-storage-debuginfo-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-lxc-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-daemon-qemu-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-debugsource-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-doc-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-lock-sanlock-1.2.5-27.13.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libvirt-lock-sanlock-debuginfo-1.2.5-27.13.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-874.NASL description This update for libvirt fixes the following issues : - CVE-2016-5008: empty VNC password disables authentication (boo#987527) last seen 2020-06-05 modified 2016-07-18 plugin id 92352 published 2016-07-18 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/92352 title openSUSE Security Update : libvirt (openSUSE-2016-874) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-874. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(92352); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5008"); script_name(english:"openSUSE Security Update : libvirt (openSUSE-2016-874)"); script_summary(english:"Check for the openSUSE-2016-874 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for libvirt fixes the following issues : - CVE-2016-5008: empty VNC password disables authentication (boo#987527)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=854343" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968483" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=987527" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-uml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-daemon-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-login-shell-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-client-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-client-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-config-network-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-config-nwfilter-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-interface-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-interface-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-lxc-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-lxc-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-network-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-network-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-nodedev-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-nodedev-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-nwfilter-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-nwfilter-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-qemu-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-qemu-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-secret-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-secret-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-storage-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-storage-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-uml-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-uml-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-vbox-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-driver-vbox-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-lxc-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-qemu-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-uml-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-daemon-vbox-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-debugsource-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-devel-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-lock-sanlock-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-lock-sanlock-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-login-shell-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"libvirt-login-shell-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-client-32bit-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-client-debuginfo-32bit-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-driver-xen-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-driver-xen-debuginfo-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-daemon-xen-1.2.9-31.1") ) flag++; if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libvirt-devel-32bit-1.2.9-31.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-client-32bit / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1944-1.NASL description This update for libvirt fixes the following issues: Security issues fixed : - CVE-2016-5008: empty VNC password disables authentication (bsc#987527) Bugs fixed : - bsc#970906: Fixed a race condition in xenstore event handling. - bsc#952889: Change hap setting to align with Xen behavior. - Fixed last seen 2020-06-01 modified 2020-06-02 plugin id 93188 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93188 title SUSE SLES11 Security Update : libvirt (SUSE-SU-2016:1944-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:1944-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93188); script_version("2.8"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2016-5008"); script_name(english:"SUSE SLES11 Security Update : libvirt (SUSE-SU-2016:1944-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for libvirt fixes the following issues: Security issues fixed : - CVE-2016-5008: empty VNC password disables authentication (bsc#987527) Bugs fixed : - bsc#970906: Fixed a race condition in xenstore event handling. - bsc#952889: Change hap setting to align with Xen behavior. - Fixed 'make check' failures. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=952889" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=970906" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=987527" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5008/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20161944-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0d021ef7" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-libvirt-12674=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-libvirt-12674=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-libvirt-12674=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-Sys-Virt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libvirt-client-32bit-1.2.5-15.3")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libvirt-client-32bit-1.2.5-15.3")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libvirt-1.2.5-15.3")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libvirt-client-1.2.5-15.3")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libvirt-doc-1.2.5-15.3")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libvirt-lock-sanlock-1.2.5-15.3")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"perl-Sys-Virt-1.2.5-4.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-541.NASL description It was discovered that there was a password policy issue in libvirt, a library for interfacing with different virtualization systems. Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behave like that. VNC would happily accept the empty password. We enforce the behavior by setting password expiration to last seen 2020-03-17 modified 2016-07-05 plugin id 91921 published 2016-07-05 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91921 title Debian DLA-541-1 : libvirt security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-541-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(91921); script_version("2.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2016-5008"); script_name(english:"Debian DLA-541-1 : libvirt security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that there was a password policy issue in libvirt, a library for interfacing with different virtualization systems. Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behave like that. VNC would happily accept the empty password. We enforce the behavior by setting password expiration to 'now'. For Debian 7 'Wheezy', this issue has been fixed in libvirt version 0.9.12.3-1+deb7u2. We recommend that you upgrade your libvirt packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2016/07/msg00001.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libvirt" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvirt-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvirt-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvirt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvirt0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvirt0-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-libvirt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libvirt-bin", reference:"0.9.12.3-1+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libvirt-dev", reference:"0.9.12.3-1+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libvirt-doc", reference:"0.9.12.3-1+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libvirt0", reference:"0.9.12.3-1+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"libvirt0-dbg", reference:"0.9.12.3-1+deb7u2")) flag++; if (deb_check(release:"7.0", prefix:"python-libvirt", reference:"0.9.12.3-1+deb7u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2016-7B7E16A39E.NASL description - Rebased to version 1.2.18.4 - CVE-2016-5008: Setting empty VNC password allows access to unauthorized users (bz #1351516) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-28 plugin id 92591 published 2016-07-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92591 title Fedora 23 : libvirt (2016-7b7e16a39e) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-7b7e16a39e. # include("compat.inc"); if (description) { script_id(92591); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5008"); script_xref(name:"FEDORA", value:"2016-7b7e16a39e"); script_name(english:"Fedora 23 : libvirt (2016-7b7e16a39e)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Rebased to version 1.2.18.4 - CVE-2016-5008: Setting empty VNC password allows access to unauthorized users (bz #1351516) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b7e16a39e" ); script_set_attribute( attribute:"solution", value:"Update the affected libvirt package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libvirt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"libvirt-1.2.18.4-1.fc23")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2053-1.NASL description This update for libvirt fixes one security issue : - CVE-2016-5008: Empty VNC password disables authentication. (bsc#987527) Additionally, the update includes the following non-security fixes : - Improve waiting for block job readines in virsh. (bsc#989755) - Parse negative values in augeas lenses. (bsc#975729) - Restart daemons in %posttrans after connection drivers have been processed. (bsc#854343, bsc#968483) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93287 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93287 title SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2016:2053-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2053-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93287); script_version("2.8"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2016-5008"); script_name(english:"SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2016:2053-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for libvirt fixes one security issue : - CVE-2016-5008: Empty VNC password disables authentication. (bsc#987527) Additionally, the update includes the following non-security fixes : - Improve waiting for block job readines in virsh. (bsc#989755) - Parse negative values in augeas lenses. (bsc#975729) - Restart daemons in %posttrans after connection drivers have been processed. (bsc#854343, bsc#968483) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=854343" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968483" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=975729" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=987527" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=989755" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5008/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162053-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?52181706" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1208=1 SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1208=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1208=1 SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1208=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-xen-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-client-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-client-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-config-network-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-config-nwfilter-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-interface-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-interface-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-lxc-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-network-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-network-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-nodedev-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-nwfilter-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-qemu-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-secret-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-secret-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-storage-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-driver-storage-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-lxc-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-daemon-qemu-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-debugsource-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-doc-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-lock-sanlock-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libvirt-lock-sanlock-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-client-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-client-32bit-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-client-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-client-debuginfo-32bit-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-config-network-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-network-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-network-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-debuginfo-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-lxc-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-qemu-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-daemon-xen-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-debugsource-1.2.18.4-11.7")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libvirt-doc-1.2.18.4-11.7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1053.NASL description According to the version of the libvirt package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication.(CVE-2016-5008) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99898 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99898 title EulerOS 2.0 SP1 : libvirt (EulerOS-SA-2017-1053) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1052.NASL description According to the version of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication.(CVE-2016-5008) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99897 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99897 title EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2017-1052) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2577.NASL description From Red Hat Security Advisory 2016:2577 : An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es) : * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 94700 published 2016-11-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94700 title Oracle Linux 7 : libvirt (ELSA-2016-2577) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3613.NASL description Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to connect, despite the documentation declaring that setting an empty password for the VNC server prevents all client connections. With this update the behaviour is enforced by setting the password expiration to last seen 2020-06-01 modified 2020-06-02 plugin id 91924 published 2016-07-05 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91924 title Debian DSA-3613-1 : libvirt - security update
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00054.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00054.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00055.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00055.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2016-2577.html
- http://rhn.redhat.com/errata/RHSA-2016-2577.html
- http://security.libvirt.org/2016/0001.html
- http://security.libvirt.org/2016/0001.html
- http://www.debian.org/security/2016/dsa-3613
- http://www.debian.org/security/2016/dsa-3613
- http://www.securityfocus.com/bid/91562
- http://www.securityfocus.com/bid/91562
- https://bugzilla.redhat.com/show_bug.cgi?id=1180092
- https://bugzilla.redhat.com/show_bug.cgi?id=1180092
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZZMOMRXNPALA34XDF5NK363KDLAYSTL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZZMOMRXNPALA34XDF5NK363KDLAYSTL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTQF6LXKEEMJG4VOOCIAPJAD6ACBYP4W/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTQF6LXKEEMJG4VOOCIAPJAD6ACBYP4W/
- https://usn.ubuntu.com/3576-1/
- https://usn.ubuntu.com/3576-1/