ID CVE-2017-10915 Type cve Reporter cve@mitre.org Modified 2017-11-04T01:29:00
Description
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
{"gentoo": [{"lastseen": "2017-10-18T08:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA local attacker could escalate privileges, cause a Denial of Service condition, obtain sensitive information, or have other unspecified impacts. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.7.3\"\n \n\nAll Xen pvgrub users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-pvgrub-4.7.3\"\n \n\nAll Xen Tools users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-tools-4.7.3\"", "edition": 1, "modified": "2017-10-18T00:00:00", "published": "2017-10-18T00:00:00", "href": "https://security.gentoo.org/glsa/201710-17", "id": "GLSA-201710-17", "type": "gentoo", "title": "Xen: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-12T11:06:38", "description": "The remote host is affected by the vulnerability described in GLSA-201710-17\n(Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n referenced CVE identifiers for details.\n \nImpact :\n\n A local attacker could escalate privileges, cause a Denial of Service\n condition, obtain sensitive information, or have other unspecified\n impacts.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-10-18T00:00:00", "title": "GLSA-201710-17 : Xen: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "modified": "2017-10-18T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xen", "p-cpe:/a:gentoo:linux:xen-pvgrub", "p-cpe:/a:gentoo:linux:xen-tools"], "id": "GENTOO_GLSA-201710-17.NASL", "href": "https://www.tenable.com/plugins/nessus/103910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201710-17.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103910);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n script_xref(name:\"GLSA\", value:\"201710-17\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"GLSA-201710-17 : Xen: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201710-17\n(Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n referenced CVE identifiers for details.\n \nImpact :\n\n A local attacker could escalate privileges, cause a Denial of Service\n condition, obtain sensitive information, or have other unspecified\n impacts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201710-17\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Xen users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.7.3'\n All Xen pvgrub users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/xen-pvgrub-4.7.3'\n All Xen Tools users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/xen-tools-4.7.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-pvgrub\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/xen\", unaffected:make_list(\"ge 4.7.3\"), vulnerable:make_list(\"lt 4.7.3\"))) flag++;\nif (qpkg_check(package:\"app-emulation/xen-pvgrub\", unaffected:make_list(\"ge 4.7.3\"), vulnerable:make_list(\"lt 4.7.3\"))) flag++;\nif (qpkg_check(package:\"app-emulation/xen-tools\", unaffected:make_list(\"ge 4.7.3\"), vulnerable:make_list(\"lt 4.7.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:12:58", "description": "xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due\nto insufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225] NULL pointer deref in event channel poll [XSA-221]\n(#1463231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-03T00:00:00", "title": "Fedora 24 : xen (2017-b3bdaf58bc)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10919", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10923", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-B3BDAF58BC.NASL", "href": "https://www.tenable.com/plugins/nessus/101183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b3bdaf58bc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101183);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10923\");\n script_xref(name:\"FEDORA\", value:\"2017-b3bdaf58bc\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"Fedora 24 : xen (2017-b3bdaf58bc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due\nto insufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225] NULL pointer deref in event channel poll [XSA-221]\n(#1463231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b3bdaf58bc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"xen-4.6.5-7.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:11:15", "description": "xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] NULL pointer deref in\nevent channel poll [XSA-221] (#1463231) stale P2M mappings due to\ninsufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : xen (2017-5c6a9b07a3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10919", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10923", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-5C6A9B07A3.NASL", "href": "https://www.tenable.com/plugins/nessus/101638", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-5c6a9b07a3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101638);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10923\");\n script_xref(name:\"FEDORA\", value:\"2017-5c6a9b07a3\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"Fedora 26 : xen (2017-5c6a9b07a3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] NULL pointer deref in\nevent channel poll [XSA-221] (#1463231) stale P2M mappings due to\ninsufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c6a9b07a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.1-4.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:13:34", "description": "xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due\nto insufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225] NULL pointer deref in event channel poll [XSA-221]\n(#1463231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-06-23T00:00:00", "title": "Fedora 25 : xen (2017-c3149b5fcb)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10919", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10923", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-06-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-C3149B5FCB.NASL", "href": "https://www.tenable.com/plugins/nessus/101028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-c3149b5fcb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101028);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10923\");\n script_xref(name:\"FEDORA\", value:\"2017-c3149b5fcb\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"Fedora 25 : xen (2017-c3149b5fcb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due\nto insufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225] NULL pointer deref in event channel poll [XSA-221]\n(#1463231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"xen-4.7.2-7.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-30T07:22:03", "description": "The version of Citrix XenServer installed on the remote host is\nmissing a security hotfix. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists that causes grant table operations to fail\n due to improper handling of reference counts. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact.\n\n - An information disclosure vulnerability exists due to\n blkif responses leaking stack data. An unauthenticated,\n remote attacker can exploit this to disclose potentially\n sensitive information.\n\n - A NULL pointer dereference flaw exists in the event\n channel poll that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n\n - A flaw exists in shadow emulation due to insufficient\n reference counts. An unauthenticated, remote attacker\n can exploit this to have an unspecified impact.\n\n - A race condition exists in the grant table unmap code\n that allows an unauthenticated, remote attacker to have\n an unspecified impact.\n\n - An unspecified flaw exists in page transfers that allows\n a local attacker on the PV guest to gain elevated\n privileges.\n\n - A flaw exists that is triggered by stale P2M mappings\n due to insufficient error checking. An unauthenticated,\n remote attacker can exploit this to have an unspecified\n impact.", "edition": 17, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-03T00:00:00", "title": "Citrix XenServer Multiple Vulnerabilities (CTX224740)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-03T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX224740.NASL", "href": "https://www.tenable.com/plugins/nessus/101205", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101205);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/24\");\n\n script_cve_id(\n \"CVE-2017-10911\",\n \"CVE-2017-10912\",\n \"CVE-2017-10913\",\n \"CVE-2017-10914\",\n \"CVE-2017-10915\",\n \"CVE-2017-10917\",\n \"CVE-2017-10918\",\n \"CVE-2017-10920\",\n \"CVE-2017-10921\",\n \"CVE-2017-10922\"\n );\n script_bugtraq_id(\n 99157,\n 99158,\n 99161,\n 99162,\n 99174,\n 99411,\n 99435\n );\n\n script_name(english:\"Citrix XenServer Multiple Vulnerabilities (CTX224740)\");\n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer installed on the remote host is\nmissing a security hotfix. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists that causes grant table operations to fail\n due to improper handling of reference counts. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact.\n\n - An information disclosure vulnerability exists due to\n blkif responses leaking stack data. An unauthenticated,\n remote attacker can exploit this to disclose potentially\n sensitive information.\n\n - A NULL pointer dereference flaw exists in the event\n channel poll that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n\n - A flaw exists in shadow emulation due to insufficient\n reference counts. An unauthenticated, remote attacker\n can exploit this to have an unspecified impact.\n\n - A race condition exists in the grant table unmap code\n that allows an unauthenticated, remote attacker to have\n an unspecified impact.\n\n - An unspecified flaw exists in page transfers that allows\n a local attacker on the PV guest to gain elevated\n privileges.\n\n - A flaw exists that is triggered by stale P2M mappings\n due to insufficient error checking. An unauthenticated,\n remote attacker can exploit this to have an unspecified\n impact.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX224740\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10921\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Citrix XenServer\";\nversion = get_kb_item_or_exit(\"Host/XenServer/version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\npatches = get_kb_item(\"Host/XenServer/patches\");\nvuln = FALSE;\nfix = '';\n\n# two hotfixes for each series\nif (version == \"6.0.2\")\n{\n fix = \"XS602ECC045\"; # CTX224687\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS602ECC046\"; # CTX224693\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^6\\.2\\.0\")\n{\n fix = \"XS62ESP1061\"; # CTX224688\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS62ESP1062\"; # CTX224694\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^6\\.5($|[^0-9])\")\n{\n fix = \"XS65ESP1057\"; # CTX224689\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS65ESP1058\"; # CTX224695\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^7\\.0($|[^0-9])\")\n{\n fix = \"XS70E035\"; # CTX224690\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS70E036\"; # CTX224696\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^7\\.1($|[^0-9])\")\n{\n fix = \"XS71E011\"; # CTX224691\n if (fix >!< patches && \"XS71ECU\" >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS71E012\"; # CTX224697\n if (fix >!< patches && \"XS71ECU\" >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^7\\.2($|[^0-9])\")\n{\n fix = \"XS72E001\"; # CTX224692\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS72E002\"; # CTX224698\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nif (vuln)\n{\n port = 0;\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Missing hotfix\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Missing hotfix\")\n );\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:33:20", "description": "This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913 CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - PKRU and BND* leakage between vCPU-s might have leaked\n information to other guests (XSA-220, bsc#1042923)\n\nThese non-security issues were fixed :\n\n - bsc#1027519: Included various upstream patches \n\n - bsc#1035642: Ensure that rpmbuild works\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.", "edition": 20, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-10T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2017-799)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"], "id": "OPENSUSE-2017-799.NASL", "href": "https://www.tenable.com/plugins/nessus/101349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-799.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101349);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-8309\", \"CVE-2017-9330\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2017-799)\");\n script_summary(english:\"Check for the openSUSE-2017-799 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913 CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - PKRU and BND* leakage between vCPU-s might have leaked\n information to other guests (XSA-220, bsc#1042923)\n\nThese non-security issues were fixed :\n\n - bsc#1027519: Included various upstream patches \n\n - bsc#1035642: Ensure that rpmbuild works\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-debugsource-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-devel-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-libs-debuginfo-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"xen-tools-domU-debuginfo-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.2_06-11.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.2_06-11.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen-debugsource / xen-devel / xen-libs-32bit / xen-libs / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:38:44", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\nCVE-2017-10912\n\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\n\nAndrew Cooper discovered that incorrect reference counting with shadow\npaging might result in privilege escalation.\n\nCVE-2017-10918\n\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\nJan Beulich discovered multiple places where reference counting on\ngrant table operations was incorrect, resulting in potential privilege\nescalation\n\nCVE-2017-12135\n\nJan Beulich found multiple problems in the handling of transitive\ngrants which could result in denial of service and potentially\nprivilege escalation.\n\nCVE-2017-12137\n\nAndrew Cooper discovered that incorrect validation of grants may\nresult in privilege escalation.\n\nCVE-2017-12855\n\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\nMatthew Daley discovered that the NUMA node parameter wasn't verified\nwhich which may result in privilege escalation.\n\nCVE-2017-14317\n\nEric Chanudet discovered that a race conditions in cxenstored might\nresult in information leaks or privilege escalation.\n\nCVE-2017-14318\n\nMatthew Daley discovered that incorrect validation of grants may\nresult in a denial of service.\n\nCVE-2017-14319\n\nAndrew Cooper discovered that insufficient grant unmapping checks may\nresult in denial of service and privilege escalation.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-9.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 19, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-10-12T00:00:00", "title": "Debian DLA-1132-1 : xen security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-14317", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-14318", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "modified": "2017-10-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64", "p-cpe:/a:debian:debian_linux:xen-system-i386", "p-cpe:/a:debian:debian_linux:xen-utils-4.1", "p-cpe:/a:debian:debian_linux:xen-system-amd64", "p-cpe:/a:debian:debian_linux:xenstore-utils", "p-cpe:/a:debian:debian_linux:xen-docs-4.1", "p-cpe:/a:debian:debian_linux:libxen-ocaml", "p-cpe:/a:debian:debian_linux:libxen-ocaml-dev", "p-cpe:/a:debian:debian_linux:libxenstore3.0", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386", "p-cpe:/a:debian:debian_linux:xen-utils-common", "p-cpe:/a:debian:debian_linux:libxen-dev", "p-cpe:/a:debian:debian_linux:libxen-4.1"], "id": "DEBIAN_DLA-1132.NASL", "href": "https://www.tenable.com/plugins/nessus/103791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1132-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103791);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-14316\", \"CVE-2017-14317\", \"CVE-2017-14318\", \"CVE-2017-14319\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"Debian DLA-1132-1 : xen security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\nCVE-2017-10912\n\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\n\nAndrew Cooper discovered that incorrect reference counting with shadow\npaging might result in privilege escalation.\n\nCVE-2017-10918\n\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\nJan Beulich discovered multiple places where reference counting on\ngrant table operations was incorrect, resulting in potential privilege\nescalation\n\nCVE-2017-12135\n\nJan Beulich found multiple problems in the handling of transitive\ngrants which could result in denial of service and potentially\nprivilege escalation.\n\nCVE-2017-12137\n\nAndrew Cooper discovered that incorrect validation of grants may\nresult in privilege escalation.\n\nCVE-2017-12855\n\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\nMatthew Daley discovered that the NUMA node parameter wasn't verified\nwhich which may result in privilege escalation.\n\nCVE-2017-14317\n\nEric Chanudet discovered that a race conditions in cxenstored might\nresult in information leaks or privilege escalation.\n\nCVE-2017-14318\n\nMatthew Daley discovered that incorrect validation of grants may\nresult in a denial of service.\n\nCVE-2017-14319\n\nAndrew Cooper discovered that insufficient grant unmapping checks may\nresult in denial of service and privilege escalation.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-9.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/xen\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-ocaml-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxenstore3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-docs-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xenstore-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxen-4.1\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-dev\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml-dev\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxenstore3.0\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-docs-4.1\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-amd64\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-i386\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-amd64\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-i386\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-4.1\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-common\", reference:\"4.1.6.lts1-9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xenstore-utils\", reference:\"4.1.6.lts1-9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:50:41", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2017-10912\n Jann Horn discovered that incorrectly handling of page\n transfers might result in privilege escalation.\n\n - CVE-2017-10913 / CVE-2017-10914\n Jann Horn discovered that race conditions in grant\n handling might result in information leaks or privilege\n escalation.\n\n - CVE-2017-10915\n Andrew Cooper discovered that incorrect reference\n counting with shadow paging might result in privilege\n escalation.\n\n - CVE-2017-10916\n Andrew Cooper discovered an information leak in the\n handling of the Memory Protection Extensions (MPX) and\n Protection Key (PKU) CPU features. This only affects\n Debian stretch.\n\n - CVE-2017-10917\n Ankur Arora discovered a NULL pointer dereference in\n event polling, resulting in denial of service.\n\n - CVE-2017-10918\n Julien Grall discovered that incorrect error handling in\n physical-to-machine memory mappings may result in\n privilege escalation, denial of service or an\n information leak.\n\n - CVE-2017-10919\n Julien Grall discovered that incorrect handling of\n virtual interrupt injection on ARM systems may result in\n denial of service.\n\n - CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n Jan Beulich discovered multiple places where reference\n counting on grant table operations was incorrect,\n resulting in potential privilege escalation.\n\n - CVE-2017-12135\n Jan Beulich found multiple problems in the handling of\n transitive grants which could result in denial of\n service and potentially privilege escalation.\n\n - CVE-2017-12136\n Ian Jackson discovered that race conditions in the\n allocator for grant mappings may result in denial of\n service or privilege escalation. This only affects\n Debian stretch.\n\n - CVE-2017-12137\n Andrew Cooper discovered that incorrect validation of\n grants may result in privilege escalation.\n\n - CVE-2017-12855\n Jan Beulich discovered that incorrect grant status\n handling, thus incorrectly informing the guest that the\n grant is no longer in use.\n\n - XSA-235 (no CVE yet)\n\n Wei Liu discovered that incorrect locking of\n add-to-physmap operations on ARM may result in denial of\n service.", "edition": 30, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-09-13T00:00:00", "title": "Debian DSA-3969-1 : xen - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-12136", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915", "CVE-2017-15596"], "modified": "2017-09-13T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:xen", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3969.NASL", "href": "https://www.tenable.com/plugins/nessus/103146", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3969. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103146);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-15596\");\n script_xref(name:\"DSA\", value:\"3969\");\n\n script_name(english:\"Debian DSA-3969-1 : xen - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2017-10912\n Jann Horn discovered that incorrectly handling of page\n transfers might result in privilege escalation.\n\n - CVE-2017-10913 / CVE-2017-10914\n Jann Horn discovered that race conditions in grant\n handling might result in information leaks or privilege\n escalation.\n\n - CVE-2017-10915\n Andrew Cooper discovered that incorrect reference\n counting with shadow paging might result in privilege\n escalation.\n\n - CVE-2017-10916\n Andrew Cooper discovered an information leak in the\n handling of the Memory Protection Extensions (MPX) and\n Protection Key (PKU) CPU features. This only affects\n Debian stretch.\n\n - CVE-2017-10917\n Ankur Arora discovered a NULL pointer dereference in\n event polling, resulting in denial of service.\n\n - CVE-2017-10918\n Julien Grall discovered that incorrect error handling in\n physical-to-machine memory mappings may result in\n privilege escalation, denial of service or an\n information leak.\n\n - CVE-2017-10919\n Julien Grall discovered that incorrect handling of\n virtual interrupt injection on ARM systems may result in\n denial of service.\n\n - CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n Jan Beulich discovered multiple places where reference\n counting on grant table operations was incorrect,\n resulting in potential privilege escalation.\n\n - CVE-2017-12135\n Jan Beulich found multiple problems in the handling of\n transitive grants which could result in denial of\n service and potentially privilege escalation.\n\n - CVE-2017-12136\n Ian Jackson discovered that race conditions in the\n allocator for grant mappings may result in denial of\n service or privilege escalation. This only affects\n Debian stretch.\n\n - CVE-2017-12137\n Andrew Cooper discovered that incorrect validation of\n grants may result in privilege escalation.\n\n - CVE-2017-12855\n Jan Beulich discovered that incorrect grant status\n handling, thus incorrectly informing the guest that the\n grant is no longer in use.\n\n - XSA-235 (no CVE yet)\n\n Wei Liu discovered that incorrect locking of\n add-to-physmap operations on ARM may result in denial of\n service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-12855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 4.4.1-9+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.8.1-1+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxen-4.4\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxen-dev\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxenstore3.0\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-amd64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-arm64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-armhf\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-amd64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-arm64\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-armhf\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-4.4\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-common\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xenstore-utils\", reference:\"4.4.1-9+deb8u10\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-4.8\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-dev\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxenstore3.0\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-amd64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-arm64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-armhf\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-amd64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-arm64\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-armhf\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-4.8\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-common\", reference:\"4.8.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xenstore-utils\", reference:\"4.8.1-1+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:26:01", "description": "This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043074)\n\n - CVE-2017-10911: blkif responses leaked backend stack\n data, which allowed unprivileged guest to obtain\n sensitive information from the host or other guests\n (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 36, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-07T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:1795-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-07T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2017-1795-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1795-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101293);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8905\", \"CVE-2017-9330\", \"CVE-2017-9374\", \"CVE-2017-9503\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:1795-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043074)\n\n - CVE-2017-10911: blkif responses leaked backend stack\n data, which allowed unprivileged guest to obtain\n sensitive information from the host or other guests\n (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10912/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10918/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10920/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8905/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171795-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?022392d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-1118=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1118=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_21_k3.12.61_52.77-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.4_21_k3.12.61_52.77-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.4.4_21-22.42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:26:02", "description": "This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-10911: blkif responses leaked backend stack\n data, which allowed unprivileged guest to obtain\n sensitive information from the host or other guests\n (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10922, CVE-2017-10921, CVE-2017-10920: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-10916: PKRU and BND* leakage between vCPU-s\n might have leaked information to other guests (XSA-220,\n bsc#1042923)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043074)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 34, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-10T00:00:00", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:1812-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-10T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2017-1812-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101350", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1812-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101350);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8905\", \"CVE-2017-9330\", \"CVE-2017-9374\", \"CVE-2017-9503\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:1812-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-10911: blkif responses leaked backend stack\n data, which allowed unprivileged guest to obtain\n sensitive information from the host or other guests\n (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10922, CVE-2017-10921, CVE-2017-10920: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-10916: PKRU and BND* leakage between vCPU-s\n might have leaked information to other guests (XSA-220,\n bsc#1042923)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043074)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10912/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10916/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10918/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10920/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8905/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171812-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4f0ffc1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1121=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1121=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1121=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.5.5_12_k3.12.74_60.64.45-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.5.5_12_k3.12.74_60.64.45-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.5.5_12-22.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "citrix": [{"lastseen": "2020-11-20T15:42:18", "bulletinFamily": "software", "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922"], "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues have the identifiers:</p>\n<ul>\n<li>CVE-2017-10920, CVE-2017-10921 and CVE-2017-10922 (High): Grant table operations mishandle reference counts.</li>\n<li>CVE-2017-10918 (High): Stale P2M mappings due to insufficient error checking.</li>\n<li>CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.</li>\n<li>CVE-2017-10913 and CVE-2017-10914 (Medium): Races in the grant table unmap code.</li>\n<li>CVE-2017-10915 (Medium): x86: insufficient reference counts during shadow emulation.</li>\n<li>CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.</li>\n<li>CVE-2017-10911 (Low): blkif responses leak backend stack data.</li>\n</ul>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes, which can be downloaded from the following locations:</p>\n<p>Citrix XenServer 7.2: CTX224692 \u2013 <a href=\"https://support.citrix.com/article/CTX224692\">https://support.citrix.com/article/CTX224692</a> and CTX224698 \u2013 <a href=\"https://support.citrix.com/article/CTX224698\">https://support.citrix.com/article/CTX224698</a></p>\n<p>Citrix XenServer 7.1: CTX224691 \u2013 <a href=\"https://support.citrix.com/article/CTX224691\">https://support.citrix.com/article/CTX224691</a> and CTX224697 \u2013 <a href=\"https://support.citrix.com/article/CTX224697\">https://support.citrix.com/article/CTX224697</a></p>\n<p>Citrix XenServer 7.0: CTX224690 \u2013 <a href=\"https://support.citrix.com/article/CTX224690\">https://support.citrix.com/article/CTX224690</a> and CTX224696 \u2013 <a href=\"https://support.citrix.com/article/CTX224696\">https://support.citrix.com/article/CTX224696</a></p>\n<p>Citrix XenServer 6.5 SP1: CTX224689 \u2013 <a href=\"https://support.citrix.com/article/CTX224689\">https://support.citrix.com/article/CTX224689</a> and CTX224695 \u2013 <a href=\"https://support.citrix.com/article/CTX224695\">https://support.citrix.com/article/CTX224695</a></p>\n<p>Customers who have deployed Citrix XenServer 6.2 SP1 on older hardware that does not have Hardware Assisted Paging support (Intel: EPT, AMD: RVI) should upgrade to Citrix XenServer 6.5 SP1 or later to ensure that they are protected against these issues.</p>\n<p>Citrix XenServer 6.2 SP1: CTX224688 \u2013 <a href=\"https://support.citrix.com/article/CTX224688\">https://support.citrix.com/article/CTX224688</a> and CTX224694 \u2013 <a href=\"https://support.citrix.com/article/CTX224694\">https://support.citrix.com/article/CTX224694</a></p>\n<p>Citrix XenServer 6.0.2 Common Criteria: CTX224687 \u2013 <a href=\"https://support.citrix.com/article/CTX224687\">https://support.citrix.com/article/CTX224687</a> and CTX224693 \u2013 <a href=\"https://support.citrix.com/article/CTX224693\">https://support.citrix.com/article/CTX224693</a></p>\n<p>Customers who are using the Live Patching feature of Citrix XenServer 7.2 may apply the relevant hotfixes without requiring a reboot. Customers who are using the Live Patching feature of Citrix XenServer 7.1 who have previously deployed all earlier hotfixes may apply the relevant hotfixes without requiring a reboot.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>21st June, 2017</td>\n<td>Initial publishing</td>\n</tr>\n<tr>\n<td>7th July, 2017</td>\n<td>Added CVE identifiers</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "modified": "2017-07-10T04:00:00", "published": "2017-06-27T04:00:00", "id": "CTX224740", "href": "https://support.citrix.com/article/CTX224740", "type": "citrix", "title": "Citrix XenServer Multiple Security Updates", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-04-07T18:26:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "description": "A number of security issues have been identified within Citrix XenServer.", "modified": "2020-04-02T00:00:00", "published": "2017-06-30T00:00:00", "id": "OPENVAS:1361412562310106915", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106915", "type": "openvas", "title": "Citrix XenServer Multiple Security Updates (CTX224740)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Citrix XenServer Multiple Security Updates (CTX224740)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106915\");\n script_version(\"2020-04-02T13:53:24+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 13:53:24 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX224740)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\", \"xenserver/patches\");\n\n script_tag(name:\"summary\", value:\"A number of security issues have been identified within Citrix XenServer.\");\n\n script_tag(name:\"impact\", value:\"These issues could, if exploited, allow a malicious administrator of a guest VM\n to compromise the host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities have been addressed:\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n - CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n - CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n - CVE-2017-10913, CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n - CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n - CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n - CVE-2017-10911 (Low): blkif responses leak backend stack data.\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed hotfixes.\");\n\n script_tag(name:\"affected\", value:\"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name:\"URL\", value:\"https://support.citrix.com/article/CTX224740\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E001', 'XS72E002');\npatches['7.1.0'] = make_list('XS71E011', 'XS71E012');\npatches['7.0.0'] = make_list('XS70E035', 'XS70E036');\npatches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');\npatches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');\npatches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');\n\ncitrix_xenserver_check_report_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:28:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-07-14T00:00:00", "id": "OPENVAS:1361412562310851577", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851577", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2017:1826-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851577\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:54:54 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\",\n \"CVE-2017-10922\", \"CVE-2017-8309\", \"CVE-2017-9330\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2017:1826-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code\n allowed for information leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n\n - PKRU and BND* leakage between vCPU-s might have leaked information to\n other guests (XSA-220, bsc#1042923)\n\n These non-security issues were fixed:\n\n - bsc#1027519: Included various upstream patches\n\n - bsc#1035642: Ensure that rpmbuild works\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1826-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.7.2_06~11.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10923", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-07-14T00:00:00", "id": "OPENVAS:1361412562310872848", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872848", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-c3149b5fcb", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2017-c3149b5fcb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872848\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:55:13 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\",\n \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10918\", \"CVE-2017-10919\",\n \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-10923\",\n \"CVE-2017-10917\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-c3149b5fcb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-c3149b5fcb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2YX6P3ST264BWLGBSE2UODOT2T4KEXK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.2~7.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-12136", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10916\nAndrew Cooper discovered an information leak in the handling\nof the Memory Protection Extensions (MPX) and Protection\nKey (PKU) CPU features. This only affects Debian stretch.\n\nCVE-2017-10917\nAnkur Arora discovered a NULL pointer dereference in event\npolling, resulting in denial of service.\n\nCVE-2017-10918\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10919\nJulien Grall discovered that incorrect handling of\nvirtual interrupt injection on ARM systems may result in\ndenial of service.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation.\n\nCVE-2017-12135\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12136\nIan Jackson discovered that race conditions in the allocator\nfor grant mappings may result in denial of service or privilege\nescalation. This only affects Debian stretch.\n\nCVE-2017-12137\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nXSA-235 (no CVE yet)\n\nWei Liu discovered that incorrect locking of add-to-physmap\noperations on ARM may result in denial of service.", "modified": "2019-03-18T00:00:00", "published": "2017-09-12T00:00:00", "id": "OPENVAS:1361412562310703969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703969", "type": "openvas", "title": "Debian Security Advisory DSA 3969-1 (xen - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3969.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3969-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703969\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-12855\");\n script_name(\"Debian Security Advisory DSA 3969-1 (xen - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-12 00:00:00 +0200 (Tue, 12 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3969.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 4.4.1-9+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.1-1+deb9u3.\n\nWe recommend that you upgrade your xen packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10916\nAndrew Cooper discovered an information leak in the handling\nof the Memory Protection Extensions (MPX) and Protection\nKey (PKU) CPU features. This only affects Debian stretch.\n\nCVE-2017-10917\nAnkur Arora discovered a NULL pointer dereference in event\npolling, resulting in denial of service.\n\nCVE-2017-10918\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10919\nJulien Grall discovered that incorrect handling of\nvirtual interrupt injection on ARM systems may result in\ndenial of service.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation.\n\nCVE-2017-12135\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12136\nIan Jackson discovered that race conditions in the allocator\nfor grant mappings may result in denial of service or privilege\nescalation. This only affects Debian stretch.\n\nCVE-2017-12137\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nXSA-235 (no CVE yet)\n\nWei Liu discovered that incorrect locking of add-to-physmap\noperations on ARM may result in denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxen-4.4\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-amd64\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-arm64\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-armhf\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.4\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.4.1-9+deb8u10\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-4.8\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-amd64\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-arm64\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-armhf\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.8\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.8.1-1+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:11:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-14317", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-14318", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\n\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10918\n\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation\n\nCVE-2017-12135\n\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12137\n\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\n\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\nMatthew Daley discovered that the NUMA node parameter wasn", "modified": "2020-01-29T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310891132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891132", "type": "openvas", "title": "Debian LTS: Security Advisory for xen (DLA-1132-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891132\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12855\", \"CVE-2017-14316\", \"CVE-2017-14317\", \"CVE-2017-14318\", \"CVE-2017-14319\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1132-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00011.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-9.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\nJann Horn discovered that incorrectly handling of page transfers might\nresult in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\nJann Horn discovered that race conditions in grant handling might\nresult in information leaks or privilege escalation.\n\nCVE-2017-10915\n\nAndrew Cooper discovered that incorrect reference counting with\nshadow paging might result in privilege escalation.\n\nCVE-2017-10918\n\nJulien Grall discovered that incorrect error handling in\nphysical-to-machine memory mappings may result in privilege\nescalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\nJan Beulich discovered multiple places where reference\ncounting on grant table operations was incorrect, resulting\nin potential privilege escalation\n\nCVE-2017-12135\n\nJan Beulich found multiple problems in the handling of\ntransitive grants which could result in denial of service\nand potentially privilege escalation.\n\nCVE-2017-12137\n\nAndrew Cooper discovered that incorrect validation of\ngrants may result in privilege escalation.\n\nCVE-2017-12855\n\nJan Beulich discovered that incorrect grant status handling, thus\nincorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\nMatthew Daley discovered that the NUMA node parameter wasn't\nverified which which may result in privilege escalation.\n\nCVE-2017-14317\n\nEric Chanudet discovered that a race conditions in cxenstored might\nresult in information leaks or privilege escalation.\n\nCVE-2017-14318\n\nMatthew Daley discovered that incorrect validation of\ngrants may result in a denial of service.\n\nCVE-2017-14319\n\nAndrew Cooper discovered that insufficient grant unmapping\nchecks may result in denial of service and privilege escalation.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.6.lts1-9\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-07-08T16:48:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n - CVE-2017-10913 CVE-2017-10914: Races in the grant table unmap code\n allowed for informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n - PKRU and BND* leakage between vCPU-s might have leaked information to\n other guests (XSA-220, bsc#1042923)\n\n These non-security issues were fixed:\n\n - bsc#1027519: Included various upstream patches\n - bsc#1035642: Ensure that rpmbuild works\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2017-07-08T15:12:52", "published": "2017-07-08T15:12:52", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00011.html", "id": "OPENSUSE-SU-2017:1826-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-06T16:48:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a null pointer dereference issue which allowed\n a privileged user inside guest to crash the Qemu process on the host\n resulting in DoS (bsc#1043297)\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak,\n allowing for DoS (bsc#1043074)\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed\n unprivileged guest to obtain sensitive information from the host or\n other guests (XSA-216, bsc#1042863)\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code\n allowed for informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged\n users to cause a denial of service (infinite loop and CPU consumption)\n via the message ring page count (bsc#1036470)\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV\n guest OS users to execute arbitrary code on the host OS (XSA-215,\n bsc#1034845).\n\n These non-security issues were fixed:\n\n - bsc#1031460: Fixed DomU Live Migration\n - bsc#1014136: Fixed kdump SLES12-SP2\n - bsc#1026236: Equalized paravirtualized vs. fully virtualized migration\n speed\n - bsc#1032148: Ensure that time doesn't goes backwards during live\n migration of HVM domU\n - bsc#1027519: Included various upstream patches\n\n", "edition": 1, "modified": "2017-07-06T15:15:02", "published": "2017-07-06T15:15:02", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00005.html", "id": "SUSE-SU-2017:1795-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-07T16:48:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed\n unprivileged guest to obtain sensitive information from the host or\n other guests (XSA-216, bsc#1042863)\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code\n allowed for informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n - CVE-2017-10922, CVE-2017-10921, CVE-2017-10920: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n - CVE-2017-10916: PKRU and BND* leakage between vCPU-s might have leaked\n information to other guests (XSA-220, bsc#1042923)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged\n users to cause a denial of service (infinite loop and CPU consumption)\n via the message ring page count (bsc#1036470)\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV\n guest OS users to execute arbitrary code on the host OS (XSA-215,\n bsc#1034845).\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a null pointer dereference issue which allowed\n a privileged user inside guest to crash the Qemu process on the host\n resulting in DoS (bsc#1043297)\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak,\n allowing for DoS (bsc#1043074)\n\n These non-security issues were fixed:\n\n - bsc#1031460: Fixed DomU Live Migration\n - bsc#1014136: Fixed kdump SLES12-SP2\n - bsc#1026236: Equalized paravirtualized vs. fully virtualized migration\n speed\n\n", "edition": 1, "modified": "2017-07-07T15:09:38", "published": "2017-07-07T15:09:38", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00008.html", "id": "SUSE-SU-2017:1812-1", "title": "Security update for xen (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10916", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10919", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10923"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2017-07-07T23:15:23", "published": "2017-07-07T23:15:23", "id": "FEDORA:CB27F60C8AF5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.1-4.fc26", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10916", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10919", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10923"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2017-07-12T03:27:01", "published": "2017-07-12T03:27:01", "id": "FEDORA:7BEB56056026", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: xen-4.7.2-7.fc25", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-09-12T01:06:34", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-12136", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3969-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 12, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914\n CVE-2017-10915 CVE-2017-10916 CVE-2017-10917\n\t\t CVE-2017-10918 CVE-2017-10919 CVE-2017-10920\n\t\t CVE-2017-10921 CVE-2017-10922 CVE-2017-12135 \n CVE-2017-12136 CVE-2017-12137 CVE-2017-12855\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\n Jann Horn discovered that incorrectly handling of page transfers might\n result in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\n Jann Horn discovered that race conditions in grant handling might\n result in information leaks or privilege escalation.\n\nCVE-2017-10915\n\n Andrew Cooper discovered that incorrect reference counting with\n shadow paging might result in privilege escalation.\n\nCVE-2017-10916\n\n Andrew Cooper discovered an information leak in the handling\n of the the Memory Protection Extensions (MPX) and Protection\n Key (PKU) CPU features. This only affects Debian stretch.\n\nCVE-2017-10917\n\n Ankur Arora discovered a NULL pointer dereference in event\n polling, resulting in denial of service.\n\nCVE-2017-10918\n\n Julien Grall discovered that incorrect error handling in\n physical-to-machine memory mappings may result in privilege\n escalation, denial of service or an information leak.\n\nCVE-2017-10919\n\n Julien Grall discovered that that incorrect handling of\n virtual interrupt injection on ARM systems may result in\n denial of service.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\n Jan Beulich discovered multiple places where reference\n counting on grant table operations was incorrect, resulting\n in potential privilege escalation\n\nCVE-2017-12135\n\n Jan Beulich found multiple problems in the handling of\n transitive grants which could result in denial of service\n and potentially privilege escalation.\n\nCVE-2017-12136\n\n Ian Jackson discovered that race conditions in the allocator\n for grant mappings may result in denial of service or privilege\n escalation. This only affects Debian stretch.\n\nCVE-2017-12137\n\n Andrew Cooper discovered that incorrect validation of\n grants may result in privilege escalation.\n\nCVE-2017-12855\n\n Jan Beulich discovered that incorrect grant status handling, thus\n incorrectly informing the guest that the grant is no longer in use.\n\nXSA-235 (no CVE yet)\n\n Wei Liu discovered that incorrect locking of add-to-physmap\n operations on ARM may result in denial of service.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 4.4.1-9+deb8u10.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.1-1+deb9u3.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2017-09-12T21:06:17", "published": "2017-09-12T21:06:17", "id": "DEBIAN:DSA-3969-1:F2748", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00231.html", "title": "[SECURITY] [DSA 3969-1] xen security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-14317", "CVE-2017-10922", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-10913", "CVE-2017-12137", "CVE-2017-10918", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-14318", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10915"], "description": "Package : xen\nVersion : 4.1.6.lts1-9\nCVE ID : CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 \n CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 \n CVE-2017-12135 CVE-2017-12137 CVE-2017-12855 CVE-2017-14316 \n CVE-2017-14317 CVE-2017-14318 CVE-2017-14319\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2017-10912\n\n Jann Horn discovered that incorrectly handling of page transfers might\n result in privilege escalation.\n\nCVE-2017-10913 / CVE-2017-10914\n\n Jann Horn discovered that race conditions in grant handling might\n result in information leaks or privilege escalation.\n\nCVE-2017-10915\n\n Andrew Cooper discovered that incorrect reference counting with\n shadow paging might result in privilege escalation.\n\nCVE-2017-10918\n\n Julien Grall discovered that incorrect error handling in\n physical-to-machine memory mappings may result in privilege\n escalation, denial of service or an information leak.\n\nCVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n\n Jan Beulich discovered multiple places where reference\n counting on grant table operations was incorrect, resulting\n in potential privilege escalation\n\nCVE-2017-12135\n\n Jan Beulich found multiple problems in the handling of\n transitive grants which could result in denial of service\n and potentially privilege escalation.\n\nCVE-2017-12137\n\n Andrew Cooper discovered that incorrect validation of\n grants may result in privilege escalation.\n\nCVE-2017-12855\n\n Jan Beulich discovered that incorrect grant status handling, thus\n incorrectly informing the guest that the grant is no longer in use.\n\nCVE-2017-14316\n\n Matthew Daley discovered that the NUMA node parameter wasn't\n verified which which may result in privilege escalation.\n\nCVE-2017-14317\n\n Eric Chanudet discovered that a race conditions in cxenstored might\n result in information leaks or privilege escalation.\n\n\nCVE-2017-14318\n\n Matthew Daley discovered that incorrect validation of\n grants may result in a denial of service.\n\nCVE-2017-14319\n\n Andrew Cooper discovered that insufficient grant unmapping\n checks may result in denial of service and privilege escalation.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n4.1.6.lts1-9.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-10-11T12:10:49", "published": "2017-10-11T12:10:49", "id": "DEBIAN:DLA-1132-1:FB7F1", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201710/msg00011.html", "title": "[SECURITY] [DLA 1132-1] xen security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
