ID CVE-2011-2178 Type cve Reporter NVD Modified 2012-08-02T00:00:00
Description
The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2178", "history": [], "scanner": [], "lastseen": "2016-09-03T15:23:25", "bulletinFamily": "NVD", "title": "CVE-2011-2178", "cpe": ["cpe:/a:redhat:libvirt:0.9.1", "cpe:/a:redhat:libvirt:0.9.0", "cpe:/a:redhat:libvirt:0.8.8"], "viewCount": 0, "id": "CVE-2011-2178", "hash": "1322489be38e073e1b3e6d70e7a3134ae2eaee68058c7268aab9f9f57013a1f6", "references": ["http://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html", "http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-2178.html", "https://bugzilla.redhat.com/show_bug.cgi?id=709769", "http://libvirt.org/news.html", "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html", "https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html", "https://bugzilla.redhat.com/show_bug.cgi?id=709775", "http://www.ubuntu.com/usn/USN-1152-1"], "edition": 1, "assessment": {"href": "", "system": "", "name": ""}, "cvelist": ["CVE-2011-2178"], "description": "The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of \"security manager private data\" that \"reopens disk probing\" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.", "modified": "2012-08-02T00:00:00", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2011-08-10T16:55:01", "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-09-03T15:23:25"}, "dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_11_4_LIBVIRT-110614.NASL", "FEDORA_2011-9091.NASL", "UBUNTU_USN-1152-1.NASL", "GENTOO_GLSA-201202-07.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863350", "OPENVAS:863350", "OPENVAS:1361412562310840680", "OPENVAS:840680", "OPENVAS:71182", "OPENVAS:136141256231071182"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11743", "SECURITYVULNS:DOC:26570"]}, {"type": "ubuntu", "idList": ["USN-1152-1"]}, {"type": "gentoo", "idList": ["GLSA-201202-07"]}], "modified": "2016-09-03T15:23:25"}, "vulnersScore": 5.0}}
{"nessus": [{"lastseen": "2019-02-21T01:21:51", "bulletinFamily": "scanner", "description": "A regression re-introduced automatic disk probing again which potentially allowed to uses to access arbitrary files (CVE-2011-2178).", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_4_LIBVIRT-110614.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75929", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libvirt (openSUSE-SU-2011:0643-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libvirt-4712.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75929);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2011-2178\");\n\n script_name(english:\"openSUSE Security Update : libvirt (openSUSE-SU-2011:0643-1)\");\n script_summary(english:\"Check for the libvirt-4712 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A regression re-introduced automatic disk probing again which\npotentially allowed to uses to access arbitrary files (CVE-2011-2178).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-06/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-0.8.8-0.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-client-0.8.8-0.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-client-debuginfo-0.8.8-0.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-debuginfo-0.8.8-0.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-debugsource-0.8.8-0.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-devel-0.8.8-0.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-python-0.8.8-0.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libvirt-python-debuginfo-0.8.8-0.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-devel / libvirt-python / etc\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:09", "bulletinFamily": "scanner", "description": "Fix for CVE-2011-2178, regression introduced in disk probe logic,\n\nFix for CVE-2011-2511, integer overflow in VirDomainGetVcpus\n\nMake commandtest more robust,\n\nAdd ARM to NUMA excludes\n\nAdd several build and runtime dependencies to specfile\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-20T00:00:00", "id": "FEDORA_2011-9091.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55561", "published": "2011-07-12T00:00:00", "title": "Fedora 15 : libvirt-0.8.8-7.fc15 (2011-9091)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9091.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55561);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:24 $\");\n\n script_cve_id(\"CVE-2011-2178\", \"CVE-2011-2511\");\n script_bugtraq_id(48321, 48478);\n script_xref(name:\"FEDORA\", value:\"2011-9091\");\n\n script_name(english:\"Fedora 15 : libvirt-0.8.8-7.fc15 (2011-9091)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2011-2178, regression introduced in disk probe logic,\n\nFix for CVE-2011-2511, integer overflow in VirDomainGetVcpus\n\nMake commandtest more robust,\n\nAdd ARM to NUMA excludes\n\nAdd several build and runtime dependencies to specfile\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=680270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=709775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=717204\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0f11553\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libvirt-0.8.8-7.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:05", "bulletinFamily": "scanner", "description": "It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. (CVE-2011-1486)\n\nEric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix for CVE-2010-2238. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 11.04. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. (CVE-2011-2178).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1152-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55167", "published": "2011-06-17T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : libvirt vulnerabilities (USN-1152-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1152-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55167);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2010-2238\", \"CVE-2011-1486\", \"CVE-2011-2178\");\n script_bugtraq_id(47148);\n script_xref(name:\"USN\", value:\"1152-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : libvirt vulnerabilities (USN-1152-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libvirt did not use thread-safe error\nreporting. A remote attacker could exploit this to cause a denial of\nservice via application crash. (CVE-2011-1486)\n\nEric Blake discovered that libvirt had an off-by-one error which could\nbe used to reopen disk probing and bypass the fix for CVE-2010-2238. A\nprivileged attacker in the guest could exploit this to read arbitrary\nfiles on the host. This issue only affected Ubuntu 11.04. By default,\nguests are confined by an AppArmor profile which provided partial\nprotection against this flaw. (CVE-2011-2178).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1152-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt-bin and / or libvirt0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvirt-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libvirt0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvirt-bin\", pkgver:\"0.7.5-5ubuntu27.13\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libvirt0\", pkgver:\"0.7.5-5ubuntu27.13\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libvirt-bin\", pkgver:\"0.8.3-1ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libvirt0\", pkgver:\"0.8.3-1ubuntu18\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libvirt-bin\", pkgver:\"0.8.8-1ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libvirt0\", pkgver:\"0.8.8-1ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt-bin / libvirt0\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:09", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201202-07 (libvirt: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details.\n Impact :\n\n These vulnerabilities allow a remote attacker to cause a Denial of Service condition on the host server or libvirt daemon, or might allow guest OS users to read arbitrary files on the host OS.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-201202-07.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58139", "published": "2012-02-28T00:00:00", "title": "GLSA-201202-07 : libvirt: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201202-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58139);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2011-1146\", \"CVE-2011-1486\", \"CVE-2011-2178\", \"CVE-2011-2511\");\n script_bugtraq_id(46820, 47148, 48321, 48478);\n script_xref(name:\"GLSA\", value:\"201202-07\");\n\n script_name(english:\"GLSA-201202-07 : libvirt: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201202-07\n(libvirt: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libvirt. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n These vulnerabilities allow a remote attacker to cause a Denial of\n Service condition on the host server or libvirt daemon, or might allow\n guest OS users to read arbitrary files on the host OS.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201202-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libvirt users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/libvirt-0.9.3-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/libvirt\", unaffected:make_list(\"ge 0.9.3-r1\"), vulnerable:make_list(\"lt 0.9.3-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "description": "DoS, off-by-one.", "modified": "2011-06-19T00:00:00", "published": "2011-06-19T00:00:00", "id": "SECURITYVULNS:VULN:11743", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11743", "title": "libvirt security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "==========================================================================\r\nUbuntu Security Notice USN-1152-1\r\nJune 16, 2011\r\n\r\nlibvirt vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nLibvirt could be made to crash or read arbitrary files on the host.\r\n\r\nSoftware Description:\r\n- libvirt: Libvirt virtualization toolkit\r\n\r\nDetails:\r\n\r\nIt was discovered that libvirt did not use thread-safe error reporting. A\r\nremote attacker could exploit this to cause a denial of service via\r\napplication crash. (CVE-2011-1486)\r\n\r\nEric Blake discovered that libvirt had an off-by-one error which could\r\nbe used to reopen disk probing and bypass the fix for CVE-2010-2238. A\r\nprivileged attacker in the guest could exploit this to read arbitrary files\r\non the host. This issue only affected Ubuntu 11.04. By default, guests are\r\nconfined by an AppArmor profile which provided partial protection against\r\nthis flaw. (CVE-2011-2178)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n libvirt-bin 0.8.8-1ubuntu6.2\r\n libvirt0 0.8.8-1ubuntu6.2\r\n\r\nUbuntu 10.10:\r\n libvirt-bin 0.8.3-1ubuntu18\r\n libvirt0 0.8.3-1ubuntu18\r\n\r\nUbuntu 10.04 LTS:\r\n libvirt-bin 0.7.5-5ubuntu27.13\r\n libvirt0 0.7.5-5ubuntu27.13\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n CVE-2011-1486, CVE-2011-2178\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libvirt/0.8.8-1ubuntu6.2\r\n https://launchpad.net/ubuntu/+source/libvirt/0.8.3-1ubuntu18\r\n https://launchpad.net/ubuntu/+source/libvirt/0.7.5-5ubuntu27.13\r\n\r\n", "modified": "2011-06-19T00:00:00", "published": "2011-06-19T00:00:00", "id": "SECURITYVULNS:DOC:26570", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26570", "title": "[USN-1152-1] libvirt vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2019-03-18T14:42:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-07-18T00:00:00", "id": "OPENVAS:1361412562310863350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863350", "title": "Fedora Update for libvirt FEDORA-2011-9091", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvirt FEDORA-2011-9091\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863350\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-9091\");\n script_cve_id(\"CVE-2011-2178\", \"CVE-2011-2511\");\n script_name(\"Fedora Update for libvirt FEDORA-2011-9091\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libvirt on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.8.8~7.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:53", "bulletinFamily": "scanner", "description": "Check for the Version of libvirt", "modified": "2017-07-10T00:00:00", "published": "2011-07-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863350", "id": "OPENVAS:863350", "title": "Fedora Update for libvirt FEDORA-2011-9091", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvirt FEDORA-2011-9091\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libvirt on Fedora 15\";\ntag_insight = \"Libvirt is a C toolkit to interact with the virtualization capabilities\n of recent versions of Linux (and other OSes). The main package includes\n the libvirtd server exporting the virtualization support.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062515.html\");\n script_id(863350);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-9091\");\n script_cve_id(\"CVE-2011-2178\", \"CVE-2011-2511\");\n script_name(\"Fedora Update for libvirt FEDORA-2011-9091\");\n\n script_summary(\"Check for the Version of libvirt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~0.8.8~7.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-04T11:27:17", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1152-1", "modified": "2017-12-01T00:00:00", "published": "2011-06-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840680", "id": "OPENVAS:840680", "title": "Ubuntu Update for libvirt USN-1152-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1152_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for libvirt USN-1152-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that libvirt did not use thread-safe error reporting. A\n remote attacker could exploit this to cause a denial of service via\n application crash. (CVE-2011-1486)\n\n Eric Blake discovered that libvirt had an off-by-one error which could\n be used to reopen disk probing and bypass the fix for CVE-2010-2238. A\n privileged attacker in the guest could exploit this to read arbitrary files\n on the host. This issue only affected Ubuntu 11.04. By default, guests are\n confined by an AppArmor profile which provided partial protection against\n this flaw. (CVE-2011-2178)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1152-1\";\ntag_affected = \"libvirt on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1152-1/\");\n script_id(840680);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1152-1\");\n script_cve_id(\"CVE-2011-1486\", \"CVE-2010-2238\", \"CVE-2011-2178\");\n script_name(\"Ubuntu Update for libvirt USN-1152-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"0.8.3-1ubuntu18\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"0.8.3-1ubuntu18\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"0.7.5-5ubuntu27.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"0.7.5-5ubuntu27.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"0.8.8-1ubuntu6.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"0.8.8-1ubuntu6.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-03-14T14:35:23", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1152-1", "modified": "2019-03-13T00:00:00", "published": "2011-06-20T00:00:00", "id": "OPENVAS:1361412562310840680", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840680", "title": "Ubuntu Update for libvirt USN-1152-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1152_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libvirt USN-1152-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1152-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840680\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1152-1\");\n script_cve_id(\"CVE-2011-1486\", \"CVE-2010-2238\", \"CVE-2011-2178\");\n script_name(\"Ubuntu Update for libvirt USN-1152-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1152-1\");\n script_tag(name:\"affected\", value:\"libvirt on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that libvirt did not use thread-safe error reporting. A\n remote attacker could exploit this to cause a denial of service via\n application crash. (CVE-2011-1486)\n\n Eric Blake discovered that libvirt had an off-by-one error which could\n be used to reopen disk probing and bypass the fix for CVE-2010-2238. A\n privileged attacker in the guest could exploit this to read arbitrary files\n on the host. This issue only affected Ubuntu 11.04. By default, guests are\n confined by an AppArmor profile which provided partial protection against\n this flaw. (CVE-2011-2178)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"0.8.3-1ubuntu18\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"0.8.3-1ubuntu18\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"0.7.5-5ubuntu27.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"0.7.5-5ubuntu27.13\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"0.8.8-1ubuntu6.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"0.8.8-1ubuntu6.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:51:20", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201202-07.", "modified": "2017-07-07T00:00:00", "published": "2012-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71182", "id": "OPENVAS:71182", "title": "Gentoo Security Advisory GLSA 201202-07 (libvirt)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were found in libvirt, the worst of which\n might allow guest OS users to read arbitrary files on the host OS.\";\ntag_solution = \"All libvirt users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/libvirt-0.9.3-r1'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201202-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=358877\nhttp://bugs.gentoo.org/show_bug.cgi?id=372963\nhttp://bugs.gentoo.org/show_bug.cgi?id=373991\nhttp://bugs.gentoo.org/show_bug.cgi?id=386287\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201202-07.\";\n\n \n \nif(description)\n{\n script_id(71182);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1146\", \"CVE-2011-1486\", \"CVE-2011-2178\", \"CVE-2011-2511\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:34 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201202-07 (libvirt)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-emulation/libvirt\", unaffected: make_list(\"ge 0.9.3-r1\"), vulnerable: make_list(\"lt 0.9.3-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:43:03", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201202-07.", "modified": "2018-10-12T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:136141256231071182", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071182", "title": "Gentoo Security Advisory GLSA 201202-07 (libvirt)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201202_07.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71182\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1146\", \"CVE-2011-1486\", \"CVE-2011-2178\", \"CVE-2011-2511\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:34 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201202-07 (libvirt)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in libvirt, the worst of which\n might allow guest OS users to read arbitrary files on the host OS.\");\n script_tag(name:\"solution\", value:\"All libvirt users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/libvirt-0.9.3-r1'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201202-07\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=358877\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=372963\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=373991\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386287\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201202-07.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-emulation/libvirt\", unaffected: make_list(\"ge 0.9.3-r1\"), vulnerable: make_list(\"lt 0.9.3-r1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:23", "bulletinFamily": "unix", "description": "It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. (CVE-2011-1486)\n\nEric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix for CVE-2010-2238. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 11.04. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. (CVE-2011-2178)", "modified": "2011-06-16T00:00:00", "published": "2011-06-16T00:00:00", "id": "USN-1152-1", "href": "https://usn.ubuntu.com/1152-1/", "title": "libvirt vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:09", "bulletinFamily": "unix", "description": "### Background\n\nlibvirt is a C toolkit to manipulate virtual machines.\n\n### Description\n\nMultiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThese vulnerabilities allow a remote attacker to cause a Denial of Service condition on the host server or libvirt daemon, or might allow guest OS users to read arbitrary files on the host OS. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libvirt users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/libvirt-0.9.3-r1\"", "modified": "2012-02-27T00:00:00", "published": "2012-02-27T00:00:00", "id": "GLSA-201202-07", "href": "https://security.gentoo.org/glsa/201202-07", "type": "gentoo", "title": "libvirt: Multiple vulnerabilities", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
