Vulnerabilities > CVE-2018-5748 - Resource Exhaustion vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
redhat
debian
CWE-400
nessus

Summary

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1396.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ# 1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525)
    last seen2020-06-01
    modified2020-06-02
    plugin id109833
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109833
    titleRHEL 7 : libvirt (RHSA-2018:1396)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:1396. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109833);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/24 15:35:44");
    
      script_cve_id("CVE-2018-1064", "CVE-2018-5748");
      script_xref(name:"RHSA", value:"2018:1396");
    
      script_name(english:"RHEL 7 : libvirt (RHSA-2018:1396)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for libvirt is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    The libvirt library contains a C API for managing and interacting with
    the virtualization capabilities of Linux and other operating systems.
    In addition, libvirt provides tools for remote management of
    virtualized systems.
    
    Security Fix(es) :
    
    * libvirt: Resource exhaustion via qemuMonitorIORead() method
    (CVE-2018-5748)
    
    * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest
    agent (CVE-2018-1064)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red
    Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange
    (Red Hat) and Peter Krempa (Red Hat).
    
    Bug Fix(es) :
    
    * Previously, the check for a non-unique device boot order did not
    properly handle updates of existing devices when a new device was
    attached to a guest. Consequently, updating any device with a
    specified boot order failed. With this update, the duplicity check
    detects correctly handles updates and ignores the original device,
    which avoids reporting false conflicts. As a result, updating a device
    with a boot order succeeds. (BZ# 1557922)
    
    * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough
    enabled failed to boot because of changes in kernel CGroup detection.
    With this update, libvirt fetches dependencies and adds them to the
    device CGroup. As a result, and the affected guests now start as
    expected. (BZ#1564996)
    
    * The VMX parser in libvirt did not parse more than four network
    interfaces. As a consequence, the esx driver did not expose more than
    four network interface cards (NICs) for guests running ESXi. With this
    update, the VMX parser parses all the available NICs in .vmx files. As
    a result, libvirt reports all the NICs of guests running ESXi.
    (BZ#1566524)
    
    * Previously, user aliases for PTY devices that were longer than 32
    characters were not supported. Consequently, if a domain included a
    PTY device with a user alias longer than 32 characters, the domain
    would not start. With this update, a static buffer was replaced with a
    dynamic buffer. As a result, the domain starts even if the length of
    the user alias for a PTY device is longer than 32 characters.
    (BZ#1566525)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:1396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-5748"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-admin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-disk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-gluster");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-logical");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-mpath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage-scsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-nss");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:1396";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-admin-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-admin-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libvirt-client-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-config-network-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-config-network-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-interface-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-lxc-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-network-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-network-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-qemu-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-secret-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-storage-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-kvm-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-kvm-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-lxc-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-lxc-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libvirt-debuginfo-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libvirt-devel-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-docs-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-docs-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libvirt-libs-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-lock-sanlock-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-lock-sanlock-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-login-shell-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-login-shell-3.9.0-14.el7_5.4")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"libvirt-nss-3.9.0-14.el7_5.4")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-admin / libvirt-client / libvirt-daemon / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180619_LIBVIRT_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) - libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064)
    last seen2020-03-18
    modified2018-07-03
    plugin id110888
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110888
    titleScientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20180619)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110888);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2018-1064", "CVE-2018-5748");
    
      script_name(english:"Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20180619)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - libvirt: Resource exhaustion via qemuMonitorIORead()
        method (CVE-2018-5748)
    
      - libvirt: Incomplete fix for CVE-2018-5748 triggered by
        QEMU guest agent (CVE-2018-1064)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=2766
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?25c231b9"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-python");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"libvirt-0.10.2-64.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libvirt-client-0.10.2-64.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libvirt-debuginfo-0.10.2-64.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libvirt-devel-0.10.2-64.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"libvirt-lock-sanlock-0.10.2-64.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libvirt-python-0.10.2-64.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-debuginfo / libvirt-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0385-1.NASL
    descriptionThis update for libvirt provides several fixes. This security issue was fixed : - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500). These security issues were fixed : - Add a qemu hook script providing functionality similar to Xen
    last seen2020-06-01
    modified2020-06-02
    plugin id106674
    published2018-02-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106674
    titleSUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0385-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:0385-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106674);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/10 13:51:46");
    
      script_cve_id("CVE-2018-5748");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0385-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libvirt provides several fixes. This security issue
    was fixed :
    
      - CVE-2018-5748: Prevent resource exhaustion via
        qemuMonitorIORead() method which allowed to cause DoS
        (bsc#1076500). These security issues were fixed :
    
      - Add a qemu hook script providing functionality similar
        to Xen's block-dmmd script. (fate#324177)
    
      - schema: Make disk driver name attribute optional.
        (bsc#1073973)
    
      - virt-create-rootfs: Handle all SLE 12 versions.
        (bsc#1072887)
    
      - libvirt-guests: Fix the 'stop' operation when action is
        'suspend'. (bsc#1070130)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1070130"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1072887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1073973"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1076500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-5748/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20180385-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ae3e1d7d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
    SUSE-SLE-WE-12-SP2-2018-272=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2018-272=1
    
    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
    patch SUSE-SLE-RPI-12-SP2-2018-272=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2018-272=1
    
    SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP2-2018-272=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-xen-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-client-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-client-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-config-network-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-config-nwfilter-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-interface-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-interface-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-lxc-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-network-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-network-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-nodedev-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-nwfilter-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-qemu-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-secret-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-secret-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-storage-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-driver-storage-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-lxc-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-daemon-qemu-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-debugsource-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-doc-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-lock-sanlock-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-lock-sanlock-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-nss-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libvirt-nss-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-client-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-client-32bit-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-client-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-client-debuginfo-32bit-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-config-network-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-network-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-network-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-debuginfo-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-lxc-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-qemu-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-daemon-xen-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-debugsource-2.0.0-27.29.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libvirt-doc-2.0.0-27.29.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3576-1.NASL
    descriptionVivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. (CVE-2017-1000256) Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly handled large QEMU replies. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. (CVE-2018-5748) Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so module. An attacker in a libvirt_lxc session could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6764). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106928
    published2018-02-21
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106928
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : libvirt vulnerabilities (USN-3576-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3576-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106928);
      script_version("3.5");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2016-5008", "CVE-2017-1000256", "CVE-2018-5748", "CVE-2018-6764");
      script_xref(name:"USN", value:"3576-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : libvirt vulnerabilities (USN-3576-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vivian Zhang and Christoph Anton Mitterer discovered that libvirt
    incorrectly disabled password authentication when the VNC password was
    set to an empty string. A remote attacker could possibly use this
    issue to bypass authentication, contrary to expectations. This issue
    only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008)
    
    Daniel P. Berrange discovered that libvirt incorrectly handled
    validating SSL/TLS certificates. A remote attacker could possibly use
    this issue to obtain sensitive information. This issue only affected
    Ubuntu 17.10. (CVE-2017-1000256)
    
    Daniel P. Berrange and Peter Krempa discovered that libvirt
    incorrectly handled large QEMU replies. An attacker could possibly use
    this issue to cause libvirt to crash, resulting in a denial of
    service. (CVE-2018-5748)
    
    Pedro Sampaio discovered that libvirt incorrectly handled the
    libnss_dns.so module. An attacker in a libvirt_lxc session could
    possibly use this issue to execute arbitrary code. This issue only
    affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-6764).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3576-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libvirt-bin and / or libvirt0 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libvirt-bin", pkgver:"1.2.2-0ubuntu13.1.26")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libvirt0", pkgver:"1.2.2-0ubuntu13.1.26")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libvirt-bin", pkgver:"1.3.1-1ubuntu10.19")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libvirt0", pkgver:"1.3.1-1ubuntu10.19")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"libvirt-bin", pkgver:"3.6.0-1ubuntu6.3")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"libvirt0", pkgver:"3.6.0-1ubuntu6.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt-bin / libvirt0");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4137.NASL
    descriptionSeveral vulnerabilities were discovered in Libvirt, a virtualisation abstraction library : - CVE-2018-1064 Daniel Berrange discovered that the QEMU guest agent performed insufficient validation of incoming data, which allows a privileged user in the guest to exhaust resources on the virtualisation host, resulting in denial of service. - CVE-2018-5748 Daniel Berrange and Peter Krempa discovered that the QEMU monitor was susceptible to denial of service by memory exhaustion. This was already fixed in Debian stretch and only affects Debian jessie. - CVE-2018-6764 Pedro Sampaio discovered that LXC containers detected the hostname insecurely. This only affects Debian stretch.
    last seen2020-06-01
    modified2020-06-02
    plugin id108346
    published2018-03-15
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108346
    titleDebian DSA-4137-1 : libvirt - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4137. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108346);
      script_version("1.5");
      script_cvs_date("Date: 2018/11/13 12:30:46");
    
      script_cve_id("CVE-2018-1064", "CVE-2018-5748", "CVE-2018-6764");
      script_xref(name:"DSA", value:"4137");
    
      script_name(english:"Debian DSA-4137-1 : libvirt - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in Libvirt, a virtualisation
    abstraction library :
    
      - CVE-2018-1064
        Daniel Berrange discovered that the QEMU guest agent
        performed insufficient validation of incoming data,
        which allows a privileged user in the guest to exhaust
        resources on the virtualisation host, resulting in
        denial of service.
    
      - CVE-2018-5748
        Daniel Berrange and Peter Krempa discovered that the
        QEMU monitor was susceptible to denial of service by
        memory exhaustion. This was already fixed in Debian
        stretch and only affects Debian jessie.
    
      - CVE-2018-6764
        Pedro Sampaio discovered that LXC containers detected
        the hostname insecurely. This only affects Debian
        stretch."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-1064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-5748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2018-6764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/libvirt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/libvirt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/libvirt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2018/dsa-4137"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libvirt packages.
    
    For the oldstable distribution (jessie), these problems have been
    fixed in version 1.2.9-9+deb8u5.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 3.0.0-4+deb9u3."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libvirt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libvirt-bin", reference:"1.2.9-9+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"libvirt-clients", reference:"1.2.9-9+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"libvirt-daemon", reference:"1.2.9-9+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"libvirt-daemon-system", reference:"1.2.9-9+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"libvirt-dev", reference:"1.2.9-9+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"libvirt-doc", reference:"1.2.9-9+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"libvirt-sanlock", reference:"1.2.9-9+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"libvirt0", reference:"1.2.9-9+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"libvirt0-dbg", reference:"1.2.9-9+deb8u5")) flag++;
    if (deb_check(release:"9.0", prefix:"libnss-libvirt", reference:"3.0.0-4+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libvirt-clients", reference:"3.0.0-4+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libvirt-daemon", reference:"3.0.0-4+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libvirt-daemon-system", reference:"3.0.0-4+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libvirt-dev", reference:"3.0.0-4+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libvirt-doc", reference:"3.0.0-4+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libvirt-sanlock", reference:"3.0.0-4+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libvirt0", reference:"3.0.0-4+deb9u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0279-1.NASL
    descriptionThis update for libvirt provides several fixes. This security issue was fixed : - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500). These security issues were fixed : - Add a qemu hook script providing functionality similar to Xen
    last seen2020-06-01
    modified2020-06-02
    plugin id106526
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106526
    titleSUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0279-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:0279-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106526);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/10 13:51:46");
    
      script_cve_id("CVE-2018-5748");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0279-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libvirt provides several fixes. This security issue
    was fixed :
    
      - CVE-2018-5748: Prevent resource exhaustion via
        qemuMonitorIORead() method which allowed to cause DoS
        (bsc#1076500). These security issues were fixed :
    
      - Add a qemu hook script providing functionality similar
        to Xen's block-dmmd script. (fate#324177)
    
      - schema: Make disk driver name attribute optional.
        (bsc#1073973)
    
      - virt-create-rootfs: Handle all SLE 12 versions.
        (bsc#1072887)
    
      - libvirt-guests: Fix the 'stop' operation when action is
        'suspend'. (bsc#1070130)
    
      - s390: Fix missing host cpu model info. (bsc#1065766)
    
      - cpu: Add new EPYC CPU model. (bsc#1052825, fate#324038)
    
      - pci: Fix the detection of the link's maximum speed.
        (bsc#1064947)
    
      - nodedev: Increase the netlink socket buffer size.
        (bsc#1035442)
    
      - storage: Fix a race between the volume creation and the
        pool refresh. (bsc#1062571)
    
      - daemon: Drop the minsize directive from hypervisor
        logrotate files. (bsc#1062760)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1035442"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062571"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064947"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065766"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1070130"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1072887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1073973"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1076500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-5748/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20180279-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c7b67a9b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-202=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-202=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2018-202=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-admin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-admin-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-core-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-disk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-logical-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-mpath-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-scsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libvirt-nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-xen-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-admin-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-admin-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-client-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-client-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-config-network-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-config-nwfilter-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-interface-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-interface-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-lxc-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-network-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-network-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-nodedev-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-nwfilter-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-qemu-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-secret-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-secret-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-core-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-disk-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-iscsi-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-logical-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-mpath-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-scsi-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-lxc-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-daemon-qemu-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-debugsource-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-doc-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-libs-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-libs-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-lock-sanlock-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-lock-sanlock-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-nss-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libvirt-nss-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-admin-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-admin-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-client-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-client-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-config-network-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-network-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-network-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-core-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-disk-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-iscsi-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-logical-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-mpath-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-scsi-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-lxc-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-qemu-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-daemon-xen-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-debugsource-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-doc-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-libs-3.3.0-5.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libvirt-libs-debuginfo-3.3.0-5.13.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1049.NASL
    descriptionAn incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111336
    published2018-07-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111336
    titleAmazon Linux 2 : libvirt (ALAS-2018-1049) (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2018-1049.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111336);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/05 23:25:05");
    
      script_cve_id("CVE-2018-1064", "CVE-2018-3639", "CVE-2018-5748");
      script_xref(name:"ALAS", value:"2018-1049");
    
      script_name(english:"Amazon Linux 2 : libvirt (ALAS-2018-1049) (Spectre)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading
    to a resource exhaustion but now also triggered via QEMU guest
    agent.(CVE-2018-1064)
    
    qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of
    service (memory consumption) via a large QEMU reply.(CVE-2018-5748)
    
    An industry-wide issue was found in the way many modern microprocessor
    designs have implemented speculative execution of Load & Store
    instructions (a commonly used performance optimization). It relies on
    the presence of a precisely-defined instruction sequence in the
    privileged code as well as the fact that memory read from address to
    which a recent memory write has occurred may see an older value and
    subsequently cause an update into the microprocessor's data cache even
    for speculatively executed instructions that never actually commit
    (retire). As a result, an unprivileged attacker could use this flaw to
    read privileged memory by conducting targeted cache side-channel
    attacks.(CVE-2018-3639)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1049.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update libvirt' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-admin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-config-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-config-nwfilter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-interface");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-lxc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-nodedev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-nwfilter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-secret");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-disk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-gluster");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-logical");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-mpath");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-scsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-lxc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-lock-sanlock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-login-shell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-nss");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/24");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-admin-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-client-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-config-network-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-network-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-core-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-disk-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-gluster-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-iscsi-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-logical-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-mpath-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-scsi-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-kvm-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-lxc-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-debuginfo-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-devel-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-docs-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-libs-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-lock-sanlock-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-login-shell-3.9.0-14.amzn2.6")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-nss-3.9.0-14.amzn2.6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-admin / libvirt-client / libvirt-daemon / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1929.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110651
    published2018-06-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110651
    titleCentOS 6 : libvirt (CESA-2018:1929)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1396.NASL
    descriptionFrom Red Hat Security Advisory 2018:1396 : An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ# 1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525)
    last seen2020-06-01
    modified2020-06-02
    plugin id109808
    published2018-05-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109808
    titleOracle Linux 7 : libvirt (ELSA-2018-1396)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201804-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201804-07 (libvirt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact : A local privileged attacker could execute arbitrary commands or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id108928
    published2018-04-10
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/108928
    titleGLSA-201804-07 : libvirt: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1929.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110606
    published2018-06-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110606
    titleRHEL 6 : libvirt (RHSA-2018:1929)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-115.NASL
    descriptionThis update for libvirt provides several fixes. This security issue was fixed : - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500). These security issues were fixed : - Add a qemu hook script providing functionality similar to Xen
    last seen2020-06-05
    modified2018-02-01
    plugin id106546
    published2018-02-01
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106546
    titleopenSUSE Security Update : libvirt (openSUSE-2018-115)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2141-1.NASL
    descriptionThis update for libvirt fixes the following issues: Security issues fixed : - CVE-2018-3639: Add support for
    last seen2020-06-01
    modified2020-06-02
    plugin id111503
    published2018-08-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111503
    titleSUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2141-1) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1277.NASL
    descriptionAccording to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.(CVE-2018-6764) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117585
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117585
    titleEulerOS Virtualization 2.5.0 : libvirt (EulerOS-SA-2018-1277)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0838-1.NASL
    descriptionThis update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka
    last seen2020-06-01
    modified2020-06-02
    plugin id108745
    published2018-03-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108745
    titleSUSE SLES11 Security Update : libvirt (SUSE-SU-2018:0838-1) (Spectre)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10917_184R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id121068
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121068
    titleJuniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2468.NASL
    descriptionAccording to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2018-12126) - Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2019-11091) - Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2018-12130) - Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/docu ments/corporate-information/SA00233-microcode-update-gu idance_05132019.pdf(CVE-2018-12127) - An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.(CVE-2019-3886) - libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.(CVE-2018-1064) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.(CVE-2018-3639) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131621
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131621
    titleEulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-2468)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0132_LIBVIRT.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has libvirt packages installed that are affected by multiple vulnerabilities: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id127387
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127387
    titleNewStart CGSL MAIN 4.05 : libvirt Multiple Vulnerabilities (NS-SA-2019-0132)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2082-1.NASL
    descriptionThis update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka
    last seen2020-06-01
    modified2020-06-02
    plugin id111434
    published2018-07-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111434
    titleSUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2082-1) (Spectre)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201804-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201804-08 (QEMU: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in QEMU. Please review the CVE identifiers referenced below for details. Impact : An attacker could execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id108929
    published2018-04-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108929
    titleGLSA-201804-08 : QEMU: Multiple vulnerabilities (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1253.NASL
    descriptionAccording to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064) - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.(CVE-2018-6764) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117562
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117562
    titleEulerOS Virtualization 2.5.1 : libvirt (EulerOS-SA-2018-1253)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1197.NASL
    descriptionAccording to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-05-06
    modified2018-07-03
    plugin id110861
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110861
    titleEulerOS 2.0 SP3 : libvirt (EulerOS-SA-2018-1197)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1315.NASL
    descriptionDaniel P. Berrange and Peter Krempa of Red Hat discovered a flaw in libvirt, a virtualization API. A lack of restriction for the amount of data read by QEMU Monitor socket can lead to a denial of service by exhaustion of memory resources. For Debian 7
    last seen2020-03-17
    modified2018-03-27
    plugin id108605
    published2018-03-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108605
    titleDebian DLA-1315-1 : libvirt security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1295-1.NASL
    descriptionThis update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Spectre fixes for libvirt (bsc#1079869, bsc#1088147, bsc#1087887). - CVE-2018-1064: Avoid denial of service reading from QEMU guest agent (bsc#1083625). - CVE-2018-5748: Avoid denial of service reading from QEMU monitor (bsc#1076500). Bug fixes : - bsc#1025340: Use xend for nodeGetFreeMemory API. - bsc#960742: Allow read access to script directories in libvirtd AppArmor profile. - bsc#936233: Introduce qemuDomainDefCheckABIStability. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109861
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109861
    titleSUSE SLES11 Security Update : libvirt (SUSE-SU-2018:1295-1) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1396.NASL
    descriptionAn update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ# 1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525)
    last seen2020-06-01
    modified2020-06-02
    plugin id110247
    published2018-05-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110247
    titleCentOS 7 : libvirt (CESA-2018:1396)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1929.NASL
    descriptionFrom Red Hat Security Advisory 2018:1929 : An update for libvirt is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es) : * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110706
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110706
    titleOracle Linux 6 : libvirt (ELSA-2018-1929)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1394.NASL
    descriptionAccording to the versions of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.(CVE-2018-6764) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) - libvirt version 2.3.0 and later is vulnerable to a bad default configuration of
    last seen2020-06-01
    modified2020-06-02
    plugin id124897
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124897
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : libvirt (EulerOS-SA-2019-1394)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1456.NASL
    descriptionAccording to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.(CVE-2018-6764) - qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748) - libvirt version 2.3.0 and later is vulnerable to a bad default configuration of
    last seen2020-06-01
    modified2020-06-02
    plugin id124959
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124959
    titleEulerOS Virtualization 3.0.1.0 : libvirt (EulerOS-SA-2019-1456)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180515_LIBVIRT_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) - libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) The CVE-2018-1064 issue was discovered by Daniel P. Berrang (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es) : - Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. - In Scientific Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. - The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. - Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters.
    last seen2020-03-18
    modified2018-05-16
    plugin id109853
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109853
    titleScientific Linux Security Update : libvirt on SL7.x x86_64 (20180515)

Redhat

advisories
  • bugzilla
    id1566525
    titleHosted Engine VM (deployed in the past) fails to reboot with 'libvirtError: internal error: failed to format device alias for PTY retrieval' due to an error in console device in libvirt XML generated by the engine [rhel-7.5.z]
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibvirt-daemon-lxc is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396001
          • commentlibvirt-daemon-lxc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914030
        • AND
          • commentlibvirt-docs is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396003
          • commentlibvirt-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914028
        • AND
          • commentlibvirt-lock-sanlock is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396005
          • commentlibvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581002
        • AND
          • commentlibvirt-nss is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396007
          • commentlibvirt-nss is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20162577036
        • AND
          • commentlibvirt-admin is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396009
          • commentlibvirt-admin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029056
        • AND
          • commentlibvirt-devel is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396011
          • commentlibvirt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581004
        • AND
          • commentlibvirt-login-shell is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396013
          • commentlibvirt-login-shell is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914034
        • AND
          • commentlibvirt-daemon-driver-lxc is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396015
          • commentlibvirt-daemon-driver-lxc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914038
        • AND
          • commentlibvirt-daemon-config-network is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396017
          • commentlibvirt-daemon-config-network is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914026
        • AND
          • commentlibvirt-daemon-driver-interface is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396019
          • commentlibvirt-daemon-driver-interface is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914012
        • AND
          • commentlibvirt-daemon-driver-storage-disk is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396021
          • commentlibvirt-daemon-driver-storage-disk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029008
        • AND
          • commentlibvirt-daemon-driver-storage-gluster is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396023
          • commentlibvirt-daemon-driver-storage-gluster is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029048
        • AND
          • commentlibvirt-daemon is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396025
          • commentlibvirt-daemon is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914008
        • AND
          • commentlibvirt-daemon-driver-qemu is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396027
          • commentlibvirt-daemon-driver-qemu is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914016
        • AND
          • commentlibvirt-daemon-driver-nwfilter is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396029
          • commentlibvirt-daemon-driver-nwfilter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914002
        • AND
          • commentlibvirt-daemon-driver-storage-scsi is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396031
          • commentlibvirt-daemon-driver-storage-scsi is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029028
        • AND
          • commentlibvirt-daemon-config-nwfilter is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396033
          • commentlibvirt-daemon-config-nwfilter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914020
        • AND
          • commentlibvirt-daemon-driver-storage-iscsi is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396035
          • commentlibvirt-daemon-driver-storage-iscsi is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029014
        • AND
          • commentlibvirt-daemon-driver-secret is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396037
          • commentlibvirt-daemon-driver-secret is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914024
        • AND
          • commentlibvirt-daemon-driver-storage is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396039
          • commentlibvirt-daemon-driver-storage is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914040
        • AND
          • commentlibvirt-daemon-driver-nodedev is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396041
          • commentlibvirt-daemon-driver-nodedev is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914006
        • AND
          • commentlibvirt-daemon-driver-storage-core is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396043
          • commentlibvirt-daemon-driver-storage-core is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029010
        • AND
          • commentlibvirt-daemon-driver-storage-rbd is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396045
          • commentlibvirt-daemon-driver-storage-rbd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029040
        • AND
          • commentlibvirt-daemon-kvm is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396047
          • commentlibvirt-daemon-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914022
        • AND
          • commentlibvirt is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396049
          • commentlibvirt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581010
        • AND
          • commentlibvirt-daemon-driver-storage-mpath is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396051
          • commentlibvirt-daemon-driver-storage-mpath is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029026
        • AND
          • commentlibvirt-daemon-driver-network is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396053
          • commentlibvirt-daemon-driver-network is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140914010
        • AND
          • commentlibvirt-daemon-driver-storage-logical is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396055
          • commentlibvirt-daemon-driver-storage-logical is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029020
        • AND
          • commentlibvirt-libs is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396057
          • commentlibvirt-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20180029018
        • AND
          • commentlibvirt-client is earlier than 0:3.9.0-14.el7_5.4
            ovaloval:com.redhat.rhsa:tst:20181396059
          • commentlibvirt-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581008
    rhsa
    idRHSA-2018:1396
    released2018-05-14
    severityLow
    titleRHSA-2018:1396: libvirt security and bug fix update (Low)
  • bugzilla
    id1550672
    titleCVE-2018-1064 libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentlibvirt-lock-sanlock is earlier than 0:0.10.2-64.el6
            ovaloval:com.redhat.rhsa:tst:20181929001
          • commentlibvirt-lock-sanlock is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581002
        • AND
          • commentlibvirt-devel is earlier than 0:0.10.2-64.el6
            ovaloval:com.redhat.rhsa:tst:20181929003
          • commentlibvirt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581004
        • AND
          • commentlibvirt is earlier than 0:0.10.2-64.el6
            ovaloval:com.redhat.rhsa:tst:20181929005
          • commentlibvirt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581010
        • AND
          • commentlibvirt-client is earlier than 0:0.10.2-64.el6
            ovaloval:com.redhat.rhsa:tst:20181929007
          • commentlibvirt-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581008
        • AND
          • commentlibvirt-python is earlier than 0:0.10.2-64.el6
            ovaloval:com.redhat.rhsa:tst:20181929009
          • commentlibvirt-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20131581006
    rhsa
    idRHSA-2018:1929
    released2018-06-19
    severityLow
    titleRHSA-2018:1929: libvirt security update (Low)
rpms
  • libvirt-0:3.9.0-14.el7_5.4
  • libvirt-admin-0:3.9.0-14.el7_5.4
  • libvirt-client-0:3.9.0-14.el7_5.4
  • libvirt-daemon-0:3.9.0-14.el7_5.4
  • libvirt-daemon-config-network-0:3.9.0-14.el7_5.4
  • libvirt-daemon-config-nwfilter-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-interface-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-lxc-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-network-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-nodedev-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-nwfilter-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-qemu-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-secret-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-core-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-disk-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-gluster-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-iscsi-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-logical-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-mpath-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-rbd-0:3.9.0-14.el7_5.4
  • libvirt-daemon-driver-storage-scsi-0:3.9.0-14.el7_5.4
  • libvirt-daemon-kvm-0:3.9.0-14.el7_5.4
  • libvirt-daemon-lxc-0:3.9.0-14.el7_5.4
  • libvirt-debuginfo-0:3.9.0-14.el7_5.4
  • libvirt-devel-0:3.9.0-14.el7_5.4
  • libvirt-docs-0:3.9.0-14.el7_5.4
  • libvirt-libs-0:3.9.0-14.el7_5.4
  • libvirt-lock-sanlock-0:3.9.0-14.el7_5.4
  • libvirt-login-shell-0:3.9.0-14.el7_5.4
  • libvirt-nss-0:3.9.0-14.el7_5.4
  • libvirt-0:0.10.2-64.el6
  • libvirt-client-0:0.10.2-64.el6
  • libvirt-debuginfo-0:0.10.2-64.el6
  • libvirt-devel-0:0.10.2-64.el6
  • libvirt-lock-sanlock-0:0.10.2-64.el6
  • libvirt-python-0:0.10.2-64.el6