Vulnerabilities > CVE-2018-7540 - Resource Exhaustion vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- XML Ping of the Death An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
- XML Entity Expansion An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
- Inducing Account Lockout An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
- Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1300.NASL description Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation. For Debian 7 last seen 2020-03-17 modified 2018-03-06 plugin id 107134 published 2018-03-06 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/107134 title Debian DLA-1300-1 : xen security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1300-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(107134); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2018-7540", "CVE-2018-7541"); script_name(english:"Debian DLA-1300-1 : xen security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation. For Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-13. We recommend that you upgrade your xen packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/xen" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxen-4.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxen-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxen-ocaml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxen-ocaml-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxenstore3.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-docs-4.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-system-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-system-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-utils-4.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-utils-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xenstore-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libxen-4.1", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"libxen-dev", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"libxen-ocaml", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"libxen-ocaml-dev", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"libxenstore3.0", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"xen-docs-4.1", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-amd64", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-i386", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"xen-system-amd64", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"xen-system-i386", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"xen-utils-4.1", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"xen-utils-common", reference:"4.1.6.lts1-13")) flag++; if (deb_check(release:"7.0", prefix:"xenstore-utils", reference:"4.1.6.lts1-13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2018-C553A586C8.NASL description add Xen page-table isolation (XPTI) mitigation and Branch Target Injection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition may crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS the host [XSA-256] (#1549572) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-07 plugin id 107176 published 2018-03-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107176 title Fedora 27 : xen (2018-c553a586c8) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-c553a586c8. # include("compat.inc"); if (description) { script_id(107176); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"); script_xref(name:"FEDORA", value:"2018-c553a586c8"); script_name(english:"Fedora 27 : xen (2018-c553a586c8)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "add Xen page-table isolation (XPTI) mitigation and Branch Target Injection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition may crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS the host [XSA-256] (#1549572) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c553a586c8" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/27"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"xen-4.9.1-5.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4131.NASL description Multiple vulnerabilities have been discovered in the Xen hypervisor : - CVE-2018-7540 Jann Horn discovered that missing checks in page table freeing may result in denial of service. - CVE-2018-7541 Jan Beulich discovered that incorrect error handling in grant table checks may result in guest-to-host denial of service and potentially privilege escalation. - CVE-2018-7542 Ian Jackson discovered that insufficient handling of x86 PVH guests without local APICs may result in guest-to-host denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 107123 published 2018-03-05 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107123 title Debian DSA-4131-1 : xen - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4131. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(107123); script_version("3.4"); script_cvs_date("Date: 2018/11/13 12:30:46"); script_cve_id("CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"); script_xref(name:"DSA", value:"4131"); script_name(english:"Debian DSA-4131-1 : xen - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities have been discovered in the Xen hypervisor : - CVE-2018-7540 Jann Horn discovered that missing checks in page table freeing may result in denial of service. - CVE-2018-7541 Jan Beulich discovered that incorrect error handling in grant table checks may result in guest-to-host denial of service and potentially privilege escalation. - CVE-2018-7542 Ian Jackson discovered that insufficient handling of x86 PVH guests without local APICs may result in guest-to-host denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-7540" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-7541" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-7542" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/xen" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/xen" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4131" ); script_set_attribute( attribute:"solution", value: "Upgrade the xen packages. For the stable distribution (stretch), these problems have been fixed in version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"libxen-4.8", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"libxen-dev", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"libxenstore3.0", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"xen-hypervisor-4.8-amd64", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"xen-hypervisor-4.8-arm64", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"xen-hypervisor-4.8-armhf", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"xen-system-amd64", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"xen-system-arm64", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"xen-system-armhf", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"xen-utils-4.8", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"xen-utils-common", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"xenstore-utils", reference:"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0678-1.NASL description This update for xen fixes several issues. These security issues were fixed : - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka last seen 2020-06-01 modified 2020-06-02 plugin id 108369 published 2018-03-15 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108369 title SUSE SLES11 Security Update : xen (SUSE-SU-2018:0678-1) (Meltdown) (Spectre) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:0678-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(108369); script_version("1.7"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-11334", "CVE-2017-15595", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2017-18030", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5898", "CVE-2018-5683", "CVE-2018-7540", "CVE-2018-7541"); script_xref(name:"IAVA", value:"2018-A-0019"); script_xref(name:"IAVA", value:"2018-A-0020"); script_name(english:"SUSE SLES11 Security Update : xen (SUSE-SU-2018:0678-1) (Meltdown) (Spectre)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for xen fixes several issues. These security issues were fixed : - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - Added missing intermediate preemption checks for guest requesting removal of memory. This allowed malicious guest administrator to cause denial of service due to the high cost of this operation (bsc#1080635). - Because of XEN not returning the proper error messages when transitioning grant tables from v2 to v1 a malicious guest was able to cause DoS or potentially allowed for privilege escalation as well as information leaks (bsc#1080662). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307) - Unprivileged domains could have issued well-timed writes to xenstore which conflict with transactions to stall progress of the control domain or driver domain, possibly leading to DoS (bsc#1030144, XSA-206). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1024307" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1030144" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1061081" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1068032" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1070158" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1070159" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1070160" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1070163" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1074562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076116" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076180" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080635" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080662" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-11334/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-15595/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-17563/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-17564/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-17565/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-17566/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-18030/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-5715/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-5753/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-5754/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-5898/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-5683/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7540/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7541/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20180678-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?39d89a0f" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch slessp3-xen-13511=1 SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-xen-13511=1 SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch dbgsp3-xen-13511=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/15"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "i386|i486|i586|i686|x86_64") audit(AUDIT_ARCH_NOT, "i386 / i486 / i586 / i686 / x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-default-4.2.5_21_3.0.101_0.47.106.14-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-libs-4.2.5_21-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-tools-domU-4.2.5_21-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-4.2.5_21-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-doc-html-4.2.5_21-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-doc-pdf-4.2.5_21-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-libs-32bit-4.2.5_21-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-tools-4.2.5_21-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.14-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-default-4.2.5_21_3.0.101_0.47.106.14-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-libs-4.2.5_21-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-tools-domU-4.2.5_21-45.19.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.14-45.19.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family Fedora Local Security Checks NASL id FEDORA_2018-0746DAC335.NASL description update Xen page-table isolation (XPTI) mitigation and add Branch Target Injection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition may crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS the host [XSA-256] (#1549572) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-21 plugin id 108492 published 2018-03-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108492 title Fedora 26 : xen (2018-0746dac335) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-0746dac335. # include("compat.inc"); if (description) { script_id(108492); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"); script_xref(name:"FEDORA", value:"2018-0746dac335"); script_name(english:"Fedora 26 : xen (2018-0746dac335)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "update Xen page-table isolation (XPTI) mitigation and add Branch Target Injection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition may crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS the host [XSA-256] (#1549572) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0746dac335" ); script_set_attribute(attribute:"solution", value:"Update the affected xen package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/27"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC26", reference:"xen-4.8.3-3.fc26")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen"); }NASL family Misc. NASL id XEN_SERVER_XSA-252.NASL description According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall. last seen 2020-06-01 modified 2020-06-02 plugin id 107097 published 2018-03-02 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107097 title Xen guest_remove_page() Function Pagetable Unpinning Handling Guest-to-host DoS (XSA-252) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(107097); script_version("1.3"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2018-7540"); script_bugtraq_id(103174); script_name(english:"Xen guest_remove_page() Function Pagetable Unpinning Handling Guest-to-host DoS (XSA-252)"); script_summary(english:"Checks 'xl info' output for the Xen hypervisor version."); script_set_attribute(attribute:"synopsis", value: "The remote Xen hypervisor installation is missing a security update."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall."); script_set_attribute(attribute:"see_also", value:"http://xenbits.xen.org/xsa/advisory-252.html"); script_set_attribute(attribute:"see_also", value:"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7540"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/27"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/02"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:xen:xen"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("xen_server_detect.nbin"); script_require_keys("installed_sw/Xen Hypervisor", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("install_func.inc"); include("misc_func.inc"); app_name = "Xen Hypervisor"; install = get_single_install(app_name:app_name); if (report_paranoia < 2) audit(AUDIT_PARANOID); version = install['version']; display_version = install['display_version']; path = install['path']; managed_status = install['Managed status']; changeset = install['Changeset']; if (!empty_or_null(changeset)) display_version += " (changeset " + changeset + ")"; # Installations that are vendor-managed are handled by OS-specific local package checks if (managed_status == "managed") audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path); fixes['4.6']['fixed_ver'] = '4.6.6'; fixes['4.6']['affected_ver_regex'] = '^4\\.6\\.'; fixes['4.7']['fixed_ver'] = '4.7.5-pre'; fixes['4.7']['affected_ver_regex'] = '^4\\.7\\.'; fixes['4.8']['fixed_ver'] = '4.8.4-pre'; fixes['4.8']['affected_ver_regex'] = '^4\\.8\\.'; fixes['4.9']['fixed_ver'] = '4.9.2-pre'; fixes['4.9']['affected_ver_regex'] = '^4\\.9\\.'; fixes['4.10']['fixed_ver'] = '4.10.1-pre'; fixes['4.10']['affected_ver_regex'] = '^4\\.10\\.'; fix = NULL; foreach ver_branch (keys(fixes)) { if (version =~ fixes[ver_branch]['affected_ver_regex']) { fix = fixes[ver_branch]['fixed_ver']; } } if (empty_or_null(fix)) audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path); items = make_array( "Installed version", display_version, "Fixed version", fix, "Path", path ); order = make_list("Path", "Installed version", "Fixed version"); report = report_items_str(report_items:items, ordered_fields:order) + '\n'; security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0218.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0218 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 109987 published 2018-05-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109987 title OracleVM 3.4 : xen (OVMSA-2018-0218) (Meltdown) (Spectre) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2018-0218. # include("compat.inc"); if (description) { script_id(109987); script_version("1.10"); script_cvs_date("Date: 2019/09/27 13:00:35"); script_cve_id("CVE-2017-17565", "CVE-2017-17566", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897"); script_name(english:"OracleVM 3.4 : xen (OVMSA-2018-0218) (Meltdown) (Spectre)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0218 for details." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000856.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/23"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_exists(rpm:"xen-4.4.4-105", release:"OVS3.4") && rpm_check(release:"OVS3.4", reference:"xen-4.4.4-105.0.45.el6")) flag++; if (rpm_exists(rpm:"xen-tools-4.4.4-105", release:"OVS3.4") && rpm_check(release:"OVS3.4", reference:"xen-tools-4.4.4-105.0.45.el6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-tools"); }NASL family Misc. NASL id CITRIX_XENSERVER_CTX232096.NASL description The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 108886 published 2018-04-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108886 title Citrix XenServer Multiple Vulnerabilities (CTX232096) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108886); script_version("1.4"); script_cvs_date("Date: 2019/11/08"); script_cve_id( "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-7540", "CVE-2018-7541" ); script_bugtraq_id( 102167, 102169, 102172, 103174, 103177 ); script_name(english:"Citrix XenServer Multiple Vulnerabilities (CTX232096)"); script_summary(english:"Checks for patches."); script_set_attribute(attribute:"synopsis", value: "A server virtualization platform installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://support.citrix.com/article/CTX232096"); script_set_attribute(attribute:"solution", value: "Apply the appropriate hotfix according to the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/03"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:citrix:xenserver"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("citrix_xenserver_version.nbin"); script_require_keys("Host/XenServer/version", "Host/local_checks_enabled", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); app_name = "Citrix XenServer"; version = get_kb_item_or_exit("Host/XenServer/version"); get_kb_item_or_exit("Host/local_checks_enabled"); patches = get_kb_item("Host/XenServer/patches"); vuln = FALSE; fix = ''; pending = "Refer to vendor for patch/mitigation options"; if (version == "6.0.2") { fix = "XS602ECC051"; # CTX232082 if (fix >!< patches) vuln = TRUE; } else if (version =~ "^6\.2") { fix = "XS62ESP1067"; # CTX232083 if (fix >!< patches) vuln = TRUE; } else if (version =~ "^6\.5($|[^0-9])") { fix = "XS65ESP1065"; # CTX232084 if (fix >!< patches) vuln = TRUE; } else audit(AUDIT_INST_VER_NOT_VULN, app_name, version); if (vuln) { port = 0; report = report_items_str( report_items:make_array( "Installed version", version, "Missing hotfix", fix ), ordered_fields:make_list("Installed version", "Missing hotfix") ); security_report_v4(port:port, severity:SECURITY_WARNING, extra:report); } else audit(AUDIT_PATCH_INSTALLED, fix);NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0272.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0272 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 118963 published 2018-11-15 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118963 title OracleVM 3.2 : xen (OVMSA-2018-0272) (Foreshadow) (Spectre) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2018-0272. # include("compat.inc"); if (description) { script_id(118963); script_version("1.3"); script_cvs_date("Date: 2019/09/27 13:00:35"); script_cve_id("CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897"); script_name(english:"OracleVM 3.2 : xen (OVMSA-2018-0272) (Foreshadow) (Spectre)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0272 for details." ); # https://oss.oracle.com/pipermail/oraclevm-errata/2018-November/000906.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f53ac2a8" ); script_set_attribute( attribute:"solution", value:"Update the affected xen / xen-devel / xen-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/27"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/15"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.223.214")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.223.214")) flag++; if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.223.214")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools"); }NASL family Misc. NASL id CITRIX_XENSERVER_CTX232655.NASL description The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 108887 published 2018-04-06 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108887 title Citrix XenServer Multiple Vulnerabilities (CTX232655) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108887); script_version("1.5"); script_cvs_date("Date: 2018/07/09 12:26:58"); script_cve_id("CVE-2016-2074", "CVE-2018-7540", "CVE-2018-7541"); script_bugtraq_id(85700, 103174, 103177); script_name(english:"Citrix XenServer Multiple Vulnerabilities (CTX232655)"); script_summary(english:"Checks for patches."); script_set_attribute(attribute:"synopsis", value: "A server virtualization platform installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities." ); script_set_attribute(attribute:"see_also", value:"https://support.citrix.com/article/CTX232655"); script_set_attribute(attribute:"solution", value: "Apply the appropriate hotfix according to the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date",value:"2018/03/21"); script_set_attribute(attribute:"patch_publication_date",value:"2018/03/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/06"); script_set_attribute(attribute:"plugin_type",value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:citrix:xenserver"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("citrix_xenserver_version.nbin"); script_require_keys("Host/XenServer/version", "Host/local_checks_enabled", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); app_name = "Citrix XenServer"; version = get_kb_item_or_exit("Host/XenServer/version"); get_kb_item_or_exit("Host/local_checks_enabled"); patches = get_kb_item("Host/XenServer/patches"); vuln = FALSE; fix = ''; if (version =~ "^7\.0($|[^0-9])") { fix1 = "XS70E052"; # CTX233362 fix2 = "XS70E051"; # CTX233364 if (fix1 >!< patches && fix2 >!< patches) vuln = TRUE; } else if (version =~ "^7\.1($|[^0-9])") { fix = "XS71ECU1012"; # CTX233365 fix2 = "XS71ECU1013"; # CTX233363 if (fix >!< patches && fix2 >!< patches) vuln = TRUE; } else if (version =~ "^7\.2($|[^0-9])") { fix = "XS72E016"; # CTX233366 if (fix >!< patches) vuln = TRUE; } else if (version =~ "^7\.3($|[^0-9])") { fix = "XS73E003"; # CTX233368 if (fix >!< patches) vuln = TRUE; } else audit(AUDIT_INST_VER_NOT_VULN, app_name, version); if (vuln) { port = 0; report = report_items_str( report_items:make_array( "Installed version", version, "Missing hotfix", fix ), ordered_fields:make_list("Installed version", "Missing hotfix") ); security_report_v4(port:port, severity:SECURITY_HOLE, extra:report); } else audit(AUDIT_PATCH_INSTALLED, fix);NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0248.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 111992 published 2018-08-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111992 title OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0020.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=9ccc143584e12027a8db854d19ce8a120d22cfac - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - gnttab: don last seen 2020-06-01 modified 2020-06-02 plugin id 107129 published 2018-03-05 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107129 title OracleVM 3.4 : xen (OVMSA-2018-0020) (Meltdown) (Spectre) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: xen commit=b2a6db11ced11291a472bc1bda20ce329eda4d66 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - gnttab: don last seen 2020-06-01 modified 2020-06-02 plugin id 107130 published 2018-03-05 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107130 title OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-454.NASL description This update for xen to version 4.9.2 fixes several issues. This feature was added : - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via last seen 2020-06-05 modified 2018-05-14 plugin id 109751 published 2018-05-14 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109751 title openSUSE Security Update : xen (openSUSE-2018-454) (Meltdown) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1577.NASL description Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 118892 published 2018-11-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118892 title Debian DLA-1577-1 : xen security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0909-1.NASL description This update for xen fixes the following issues: Update to Xen 4.7.5 bug fix only release (bsc#1027519) Security issues fixed : - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) (bsc#1080635) - CVE-2018-7541: A grant table v2 -> v1 transition may crash Xen (XSA-255) (bsc#1080662) - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed information leaks via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation. (bsc#1074562) - Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) (bsc#1087251) - Xen HVM: Fixed unchecked MSR access error (bsc#1072834) - Add script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU They are triggered via xl vcpu-set domU N (fate#324965) - Make sure tools and tools-domU require libs from the very same build Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109001 published 2018-04-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109001 title SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0909-1) (Meltdown) (Spectre) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1184-1.NASL description This update for xen to version 4.9.2 fixes several issues. This feature was added : - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via last seen 2020-06-01 modified 2020-06-02 plugin id 109677 published 2018-05-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109677 title SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:1184-1) (Meltdown) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201810-06.NASL description The remote host is affected by the vulnerability described in GLSA-201810-06 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact : A local attacker could cause a Denial of Service condition or disclose sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 118506 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118506 title GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0271.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0271 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 118962 published 2018-11-15 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118962 title OracleVM 3.3 : xen (OVMSA-2018-0271) (Foreshadow) (Spectre)
References
- https://xenbits.xen.org/xsa/advisory-252.html
- https://www.debian.org/security/2018/dsa-4131
- https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html
- https://support.citrix.com/article/CTX232655
- http://www.securityfocus.com/bid/103174
- https://support.citrix.com/article/CTX232096
- http://www.securitytracker.com/id/1040773
- https://security.gentoo.org/glsa/201810-06
- https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html