Vulnerabilities > CVE-2017-6058 - Classic Buffer Overflow vulnerability in Qemu

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
qemu
CWE-120
nessus

Summary

Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.

Vulnerable Configurations

Part Description Count
Application
Qemu
236

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201704-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201704-01 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : Remote server can cause a crash in the client causing execution of arbitrary code, and a Denial of Service within the QEMU process. Remote or Local users within a guest QEMU environment can cause a Denial of Service condition of the QEMU guest process. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id99274
    published2017-04-11
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99274
    titleGLSA-201704-01 : QEMU: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201704-01.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99274);
      script_version("3.7");
      script_cvs_date("Date: 2018/09/12 15:00:25");
    
      script_cve_id("CVE-2016-9602", "CVE-2017-2620", "CVE-2017-2630", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-6058", "CVE-2017-6505");
      script_xref(name:"GLSA", value:"201704-01");
      script_xref(name:"IAVB", value:"2017-B-0024");
    
      script_name(english:"GLSA-201704-01 : QEMU: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201704-01
    (QEMU: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in QEMU. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        Remote server can cause a crash in the client causing execution of
          arbitrary code, and a Denial of Service within the QEMU process. Remote
          or Local users within a guest QEMU environment can cause a Denial of
          Service condition of the QEMU guest process.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201704-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All QEMU users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-emulation/qemu-2.8.0-r9'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:qemu");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/11");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-emulation/qemu", unaffected:make_list("ge 2.8.0-r9"), vulnerable:make_list("lt 2.8.0-r9"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "QEMU");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-31B976672B.NASL
    description - CVE-2016-7907: net: imx: infinite loop (bz #1381182) - CVE-2017-5525: audio: memory leakage in ac97 (bz #1414110) - CVE-2017-5526: audio: memory leakage in es1370 (bz #1414210) - CVE-2016-10155 watchdog: memory leakage in i6300esb (bz #1415200) - CVE-2017-5552: virtio-gpu-3d: memory leakage (bz #1415283) - CVE-2017-5578: virtio-gpu: memory leakage (bz #1415797) - CVE-2017-5667: sd: sdhci OOB access during multi block transfer (bz #1417560) - CVE-2017-5856: scsi: megasas: memory leakage (bz #1418344) - CVE-2017-5857: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref (bz #1418383) - CVE-2017-5898: usb: integer overflow in emulated_apdu_from_guest (bz #1419700) - CVE-2017-5987: sd: infinite loop issue in multi block transfers (bz #1422001) - CVE-2017-6058: vmxnet3: OOB access when doing vlan stripping (bz #1423359) - CVE-2017-6505: usb: an infinite loop issue in ohci_service_ed_list (bz #1429434) - CVE-2017-2615: cirrus: oob access while doing bitblt copy backward (bz #1418206) - CVE-2017-2620: cirrus: potential arbitrary code execution (bz #1425419) - Fix spice GL with new mesa/libglvnd (bz #1431905) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-03-20
    plugin id97804
    published2017-03-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97804
    titleFedora 25 : 2:qemu (2017-31b976672b)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-31b976672b.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97804);
      script_version("3.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-10155", "CVE-2016-7907", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5552", "CVE-2017-5578", "CVE-2017-5667", "CVE-2017-5856", "CVE-2017-5857", "CVE-2017-5898", "CVE-2017-5987", "CVE-2017-6058", "CVE-2017-6505");
      script_xref(name:"FEDORA", value:"2017-31b976672b");
      script_xref(name:"IAVB", value:"2017-B-0024");
    
      script_name(english:"Fedora 25 : 2:qemu (2017-31b976672b)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - CVE-2016-7907: net: imx: infinite loop (bz #1381182)
    
      - CVE-2017-5525: audio: memory leakage in ac97 (bz
        #1414110)
    
      - CVE-2017-5526: audio: memory leakage in es1370 (bz
        #1414210)
    
      - CVE-2016-10155 watchdog: memory leakage in i6300esb (bz
        #1415200)
    
      - CVE-2017-5552: virtio-gpu-3d: memory leakage (bz
        #1415283)
    
      - CVE-2017-5578: virtio-gpu: memory leakage (bz #1415797)
    
      - CVE-2017-5667: sd: sdhci OOB access during multi block
        transfer (bz #1417560)
    
      - CVE-2017-5856: scsi: megasas: memory leakage (bz
        #1418344)
    
      - CVE-2017-5857: virtio-gpu-3d: host memory leakage in
        virgl_cmd_resource_unref (bz #1418383)
    
      - CVE-2017-5898: usb: integer overflow in
        emulated_apdu_from_guest (bz #1419700)
    
      - CVE-2017-5987: sd: infinite loop issue in multi block
        transfers (bz #1422001)
    
      - CVE-2017-6058: vmxnet3: OOB access when doing vlan
        stripping (bz #1423359)
    
      - CVE-2017-6505: usb: an infinite loop issue in
        ohci_service_ed_list (bz #1429434)
    
      - CVE-2017-2615: cirrus: oob access while doing bitblt
        copy backward (bz #1418206)
    
      - CVE-2017-2620: cirrus: potential arbitrary code
        execution (bz #1425419)
    
      - Fix spice GL with new mesa/libglvnd (bz #1431905)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-31b976672b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 2:qemu package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:qemu");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"qemu-2.7.1-4.fc25", epoch:"2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:qemu");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4713.NASL
    descriptionDescription of changes: [15:3.1.0-5.el7] - Only enable the halt poll control MSR if it is supported by the host (Mark Kanda) [Orabug: 29946722] [15:3.1.0-4.el7] - kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: 29933278] - Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 (Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-9524} - pvrdma: release device resources in case of an error (Prasad J Pandit) [Orabug: 29056678] {CVE-2018-20123} - qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] {CVE-2019-12155} - target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} - docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. Berrang&eacute ) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} - target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} - pvh: block migration if booting using PVH (Liam Merwick) [Orabug: 29796676] - hw/i386/pc: run the multiboot loader before the PVH loader (Stefano Garzarella) [Orabug: 29796676] - optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: 29796676] - hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676] - qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676] - optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676] - linuxboot_dma: move common functions in a new header (Stefano Garzarella) [Orabug: 29796676] - linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano Garzarella) [Orabug: 29796676] - pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) [Orabug: 29796676] - pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) [Orabug: 29796676] - pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: 29796676] - elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676] - elf: Add optional function ptr to load_elf() to parse ELF notes (Liam Merwick) [Orabug: 29796676]
    last seen2020-06-01
    modified2020-06-02
    plugin id126673
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126673
    titleOracle Linux 7 : qemu (ELSA-2019-4713) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2019-4713.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126673);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2017-5931", "CVE-2017-6058", "CVE-2017-9524", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-20123", "CVE-2019-11091", "CVE-2019-12155");
    
      script_name(english:"Oracle Linux 7 : qemu (ELSA-2019-4713) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    [15:3.1.0-5.el7]
    - Only enable the halt poll control MSR if it is supported by the host (Mark
    Kanda) [Orabug: 29946722]
    
    [15:3.1.0-4.el7]
    - kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: 
    29933278]
    - Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 
    (Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} 
    {CVE-2017-9524}
    - pvrdma: release device resources in case of an error (Prasad J Pandit) 
    [Orabug: 29056678] {CVE-2018-20123}
    - qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] 
    {CVE-2019-12155}
    - target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] 
    {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
    - docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. 
    Berrang&eacute ) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} 
    {CVE-2018-12130} {CVE-2019-11091}
    - target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] 
    {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
    - pvh: block migration if booting using PVH (Liam Merwick) [Orabug: 
    29796676]
    - hw/i386/pc: run the multiboot loader before the PVH loader (Stefano 
    Garzarella) [Orabug: 29796676]
    - optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: 
    29796676]
    - hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]
    - qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]
    - optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]
    - linuxboot_dma: move common functions in a new header (Stefano 
    Garzarella) [Orabug: 29796676]
    - linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano 
    Garzarella) [Orabug: 29796676]
    - pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) 
    [Orabug: 29796676]
    - pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) 
    [Orabug: 29796676]
    - pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: 
    29796676]
    - elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]
    - elf: Add optional function ptr to load_elf() to parse ELF notes (Liam 
    Merwick) [Orabug: 29796676]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-July/008891.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected qemu packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-block-gluster");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-img");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-kvm-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-system-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-system-x86-core");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/15");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-3.1.0-5.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-block-gluster-3.1.0-5.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-block-iscsi-3.1.0-5.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-block-rbd-3.1.0-5.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-common-3.1.0-5.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-img-3.1.0-5.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-kvm-3.1.0-5.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-kvm-core-3.1.0-5.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-system-x86-3.1.0-5.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-system-x86-core-3.1.0-5.el7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu / qemu-block-gluster / qemu-block-iscsi / qemu-block-rbd / etc");
    }