The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
{"xen": [{"lastseen": "2022-02-09T20:38:41", "description": "#### ISSUE DESCRIPTION\nThe block interface response structure has some discontiguous fields. Certain backends populate the structure fields of an otherwise uninitialized instance of this structure on their stacks, leaking data through the (internal or trailing) padding field.\n#### IMPACT\nA malicious unprivileged guest may be able to obtain sensitive information from the host or other guests.\n#### VULNERABLE SYSTEMS\nAll Linux versions supporting the xen-blkback, blkback, or blktap drivers are vulnerable.\nFreeBSD, NetBSD and Windows (with or without PV drivers) are not vulnerable (either because they do not have backends at all, or because they use a different implementation technique which does not suffer from this problem).\nAll qemu versions supporting the Xen block backend are vulnerable. The qemu-xen-traditional code base does not include such code, so is not vulnerable. Note that an instance of qemu will be spawned to provide the backend for most non-raw-format disks; so you may need to apply the patch to qemu even if you use only PV guests.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-06-20T11:58:00", "type": "xen", "title": "blkif responses leak backend stack data", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10911"], "modified": "2017-07-07T13:52:00", "id": "XSA-216", "href": "http://xenbits.xen.org/xsa/advisory-216.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2022-02-18T11:56:29", "description": "The make_response function in drivers/block/xen-blkback/blkback.c in the\nLinux kernel before 4.11.8 allows guest OS users to obtain sensitive\ninformation from host OS (or other guest OS) kernel memory by leveraging\nthe copying of uninitialized padding fields in Xen block-interface response\nstructures, aka XSA-216.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-07-04T00:00:00", "type": "ubuntucve", "title": "CVE-2017-10911", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10911"], "modified": "2017-07-04T00:00:00", "id": "UB:CVE-2017-10911", "href": "https://ubuntu.com/security/CVE-2017-10911", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:26:04", "description": "The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2017-07-05T01:29:00", "type": "cve", "title": "CVE-2017-10911", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10911"], "modified": "2018-09-07T10:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.11.7"], "id": "CVE-2017-10911", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10911", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.11.7:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2022-01-21T00:03:19", "description": "The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-07-07T14:53:09", "type": "redhatcve", "title": "CVE-2017-10911", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10911"], "modified": "2022-01-20T21:11:22", "id": "RH:CVE-2017-10911", "href": "https://access.redhat.com/security/cve/cve-2017-10911", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "openvas": [{"lastseen": "2020-01-27T18:36:47", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2017-1000364", "CVE-2017-10911"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171154", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1154\");\n script_version(\"2020-01-23T10:54:09+0000\");\n script_cve_id(\"CVE-2015-8839\", \"CVE-2017-1000364\", \"CVE-2017-10911\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:54:09 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:54:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1154)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1154\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1154\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1154 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be 'jumped' over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).(CVE-2017-1000364)\n\nThe make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911)\n\nMultiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.(CVE-2015-8839)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.138\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:41:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2017-1000364", "CVE-2017-10911"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171155", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171155", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1155\");\n script_version(\"2020-01-23T10:54:11+0000\");\n script_cve_id(\"CVE-2015-8839\", \"CVE-2017-1000364\", \"CVE-2017-10911\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:54:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:54:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1155)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1155\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1155\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1155 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be 'jumped' over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).(CVE-2017-1000364)\n\nThe make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911)\n\nMultiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.(CVE-2015-8839)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.55.58.94.h9\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-gcp USN-3468-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843356", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3468_3.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-gcp USN-3468-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843356\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:03:27 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\",\n \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-gcp USN-3468-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-gcp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the KVM subsystem in\n the Linux kernel did not properly bound guest IRQs. A local attacker in a guest\n VM could use this to cause a denial of service (host system crash).\n (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs)\n implementation in the Linux kernel did not properly validate superblock\n metadata. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-10663) Anthony Perard\n discovered that the Xen virtual block driver did not properly initialize some\n data structures before passing them to user space. A local attacker in a guest\n VM could use this to expose sensitive information from the host OS or other\n guest VMs. (CVE-2017-10911) It was discovered that a use-after-free\n vulnerability existed in the POSIX message queue implementation in the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave Chinner\n discovered that the XFS filesystem did not enforce that the realtime inode flag\n was settable only on filesystems on a realtime device. A local attacker could\n use this to cause a denial of service (system crash). (CVE-2017-14340)\");\n script_tag(name:\"affected\", value:\"linux-gcp on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3468-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3468-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1008-gcp\", ver:\"4.10.0-1008.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.10.0.1008.10\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3468-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843353", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3468_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3468-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843353\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:02:17 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\",\n \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3468-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the KVM subsystem in\n the Linux kernel did not properly bound guest IRQs. A local attacker in a guest\n VM could use this to cause a denial of service (host system crash).\n (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs)\n implementation in the Linux kernel did not properly validate superblock\n metadata. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-10663) Anthony Perard\n discovered that the Xen virtual block driver did not properly initialize some\n data structures before passing them to user space. A local attacker in a guest\n VM could use this to expose sensitive information from the host OS or other\n guest VMs. (CVE-2017-10911) It was discovered that a use-after-free\n vulnerability existed in the POSIX message queue implementation in the Linux\n kernel. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave Chinner\n discovered that the XFS filesystem did not enforce that the realtime inode flag\n was settable only on filesystems on a realtime device. A local attacker could\n use this to cause a denial of service (system crash). (CVE-2017-14340)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3468-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3468-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1020-raspi2\", ver:\"4.10.0-1020.23\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-generic\", ver:\"4.10.0-38.42\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-generic-lpae\", ver:\"4.10.0-38.42\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-lowlatency\", ver:\"4.10.0-38.42\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.10.0.38.38\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.10.0.38.38\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.10.0.38.38\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.10.0.1020.21\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-hwe USN-3468-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11176", "CVE-2017-1000252", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843352", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843352", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3468_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-hwe USN-3468-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843352\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:01:44 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\",\n \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-hwe USN-3468-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-hwe'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3468-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 17.04. This update provides the corresponding updates\n for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu\n 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not\n properly bound guest IRQs. A local attacker in a guest VM could use this to\n cause a denial of service (host system crash). (CVE-2017-1000252) It was\n discovered that the Flash-Friendly File System (f2fs) implementation in the\n Linux kernel did not properly validate superblock metadata. A local attacker\n could use this to cause a denial of service (system crash) or possibly execute\n arbitrary code. (CVE-2017-10663) Anthony Perard discovered that the Xen virtual\n block driver did not properly initialize some data structures before passing\n them to user space. A local attacker in a guest VM could use this to expose\n sensitive information from the host OS or other guest VMs. (CVE-2017-10911) It\n was discovered that a use-after-free vulnerability existed in the POSIX message\n queue implementation in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-11176) Dave Chinner discovered that the XFS filesystem did not enforce\n that the realtime inode flag was settable only on filesystems on a realtime\n device. A local attacker could use this to cause a denial of service (system\n crash). (CVE-2017-14340)\");\n script_tag(name:\"affected\", value:\"linux-hwe on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3468-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3468-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-generic\", ver:\"4.10.0-38.42~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-generic-lpae\", ver:\"4.10.0-38.42~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-38-lowlatency\", ver:\"4.10.0-38.42~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.10.0.38.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.10.0.38.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.10.0.38.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3470-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11176", "CVE-2016-8632", "CVE-2017-10661", "CVE-2017-10911", "CVE-2017-14340", "CVE-2017-10663", "CVE-2017-10662"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843357", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843357", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3470_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3470-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843357\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:04:00 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2016-8632\", \"CVE-2017-10661\", \"CVE-2017-10662\", \"CVE-2017-10663\",\n \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3470-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Qian Zhang discovered a heap-based buffer\n overflow in the tipc_msg_build() function in the Linux kernel. A local attacker\n could use to cause a denial of service (system crash) or possibly execute\n arbitrary code with administrative privileges. (CVE-2016-8632) Dmitry Vyukov\n discovered that a race condition existed in the timerfd subsystem of the Linux\n kernel when handling might_cancel queuing. A local attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code.\n (CVE-2017-10661) It was discovered that the Flash-Friendly File System (f2fs)\n implementation in the Linux kernel did not properly validate superblock\n metadata. A local attacker could use this to cause a denial of service (system\n crash) or possibly execute arbitrary code. (CVE-2017-10662, CVE-2017-10663)\n Anthony Perard discovered that the Xen virtual block driver did not properly\n initialize some data structures before passing them to user space. A local\n attacker in a guest VM could use this to expose sensitive information from the\n host OS or other guest VMs. (CVE-2017-10911) It was discovered that a\n use-after-free vulnerability existed in the POSIX message queue implementation\n in the Linux kernel. A local attacker could use this to cause a denial of\n service (system crash) or possibly execute arbitrary code. (CVE-2017-11176) Dave\n Chinner discovered that the XFS filesystem did not enforce that the realtime\n inode flag was settable only on filesystems on a realtime device. A local\n attacker could use this to cause a denial of service (system crash).\n (CVE-2017-14340)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3470-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3470-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-generic\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-generic-lpae\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-lowlatency\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc-e500\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc-e500mc\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc-smp\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc64-emb\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-135-powerpc64-smp\", ver:\"3.13.0-135.184\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.135.144\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:49:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-07T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2017:2938-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15268", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-10911", "CVE-2017-13672"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851640", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851640", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851640\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-07 11:05:11 +0100 (Tue, 07 Nov 2017)\");\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12809\", \"CVE-2017-13672\", \"CVE-2017-13711\",\n \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15268\", \"CVE-2017-15289\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2017:2938-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu to version 2.9.1 fixes several issues.\n\n It also announces that the qed storage format will be no longer supported\n in Leap 15.0.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942)\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n\n - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause\n a denial of service (QEMU instance crash) by leveraging failure to\n properly clear ifq_so from pending packets (bsc#1056291).\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n\n - Fiedx package build failure against new glibc (bsc#1055587)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2938-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.9.1~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.10.2~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.10.2~35.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-08-23T11:19:54", "description": "Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310 \nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330 \nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373 \nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374 \nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375 \nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10664 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10911 \nInformation leak in Xen blkif response handling.", "cvss3": {}, "published": "2017-07-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3920-1 (qemu - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9375", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2017-08-08T00:00:00", "id": "OPENVAS:703920", "href": "http://plugins.openvas.org/nasl.php?oid=703920", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3920.nasl 6873 2017-08-08 12:35:26Z teissa $\n# Auto-generated from advisory DSA 3920-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703920);\n script_version(\"$Revision: 6873 $\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10911\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9524\");\n script_name(\"Debian Security Advisory DSA 3920-1 (qemu - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-08-08 14:35:26 +0200 (Tue, 08 Aug 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-07-25 00:00:00 +0200 (Tue, 25 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3920.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"qemu on Debian Linux\");\n script_tag(name: \"insight\", value: \"QEMU is a fast processor emulator: currently the package supports\nARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,\nSPARC and x86-64 emulation. By using dynamic translation it achieves\nreasonable speed while being easy to port on new host CPUs. QEMU has\ntwo operating modes:\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (jessie), a separate DSA will be issued.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310 \nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330 \nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373 \nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374 \nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375 \nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10664 \nDenial of service in qemu-nbd server.\n\nCVE-2017-10911 \nInformation leak in Xen blkif response handling.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-block-extra\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.8+dfsg-6+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:34:29", "description": "Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310\nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330\nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373\nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374\nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375\nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524\nDenial of service in qemu-nbd server.\n\nCVE-2017-10664\nDenial of service in qemu-nbd server.\n\nCVE-2017-10911\nInformation leak in Xen blkif response handling.", "cvss3": {}, "published": "2017-07-25T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3920-1 (qemu - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9375", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703920", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3920.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3920-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703920\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10911\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9524\");\n script_name(\"Debian Security Advisory DSA 3920-1 (qemu - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-25 00:00:00 +0200 (Tue, 25 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3920.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), a separate DSA will be issued.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in qemu, a fast processor\nemulator:\n\nCVE-2017-9310\nDenial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330\nDenial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373\nDenial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374\nDenial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375\nDenial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524\nDenial of service in qemu-nbd server.\n\nCVE-2017-10664\nDenial of service in qemu-nbd server.\n\nCVE-2017-10911\nInformation leak in Xen blkif response handling.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-block-extra\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.8+dfsg-6+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-07T18:26:26", "description": "A number of security issues have been identified within Citrix XenServer.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "openvas", "title": "Citrix XenServer Multiple Security Updates (CTX224740)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310106915", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106915", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Citrix XenServer Multiple Security Updates (CTX224740)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106915\");\n script_version(\"2020-04-02T13:53:24+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 13:53:24 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-06-30 16:20:13 +0700 (Fri, 30 Jun 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\",\n \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Citrix XenServer Multiple Security Updates (CTX224740)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\", \"xenserver/patches\");\n\n script_tag(name:\"summary\", value:\"A number of security issues have been identified within Citrix XenServer.\");\n\n script_tag(name:\"impact\", value:\"These issues could, if exploited, allow a malicious administrator of a guest VM\n to compromise the host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities have been addressed:\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922 (High): Grant table operations mishandle reference counts.\n\n - CVE-2017-10918 (High): Stale P1M mappings due to insufficient error checking.\n\n - CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.\n\n - CVE-2017-10913, CVE-2017-10914 (Medium): Races in the grant table unmap code.\n\n - CVE-2017-10915 (Medium): x85: insufficient reference counts during shadow emulation.\n\n - CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.\n\n - CVE-2017-10911 (Low): blkif responses leak backend stack data.\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed hotfixes.\");\n\n script_tag(name:\"affected\", value:\"XenServer versions 7.2, 7.1, 7.0, 6.5, 6.2.0, 6.0.2.\");\n\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_xref(name:\"URL\", value:\"https://support.citrix.com/article/CTX224740\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif (!version = get_app_version(cpe: CPE))\n exit(0);\n\nif (!hotfixes = get_kb_item(\"xenserver/patches\"))\n exit(0);\n\npatches = make_array();\n\npatches['7.2.0'] = make_list('XS72E001', 'XS72E002');\npatches['7.1.0'] = make_list('XS71E011', 'XS71E012');\npatches['7.0.0'] = make_list('XS70E035', 'XS70E036');\npatches['6.5.0'] = make_list('XS65ESP1057', 'XS65ESP1058');\npatches['6.2.0'] = make_list('XS62ESP1061', 'XS62ESP1062');\npatches['6.0.2'] = make_list('XS602ECC045', 'XS602ECC046');\n\ncitrix_xenserver_check_report_is_vulnerable(version: version, hotfixes: hotfixes, patches: patches);\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:10", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7346\nLi Qiang discovered that the DRM driver for VMware virtual GPUs does\nnot properly check user-controlled values in the\nvmw_surface_define_ioctl() functions for upper limits. A local user\ncan take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\nFan Wu and Shixiong Zhao discovered a race condition between inotify\nevents and VFS rename operations allowing an unprivileged local\nattacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\nA buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\ndriver could allow a local user to cause kernel memory corruption,\nleading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-9605\nMurray McAllister discovered that the DRM driver for VMware virtual\nGPUs does not properly initialize memory, potentially allowing a\nlocal attacker to obtain sensitive information from uninitialized\nkernel memory via a crafted ioctl call.\n\nCVE-2017-10810\nLi Qiang discovered a memory leak flaw within the VirtIO GPU driver\nresulting in denial of service (memory consumption).\n\nCVE-2017-10911 /\nXSA-216\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\nIt was discovered that the mq_notify() function does not set the\nsock pointer to NULL upon entry into the retry logic. An attacker\ncan take advantage of this flaw during a user-space close of a\nNetlink socket to cause a denial of service or potentially cause\nother impact.\n\nCVE-2017-1000365\nIt was discovered that argument and environment pointers are not\ntaken properly into account to the imposed size restrictions on\narguments and environmental strings passed through\nRLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\nthis flaw in conjunction with other flaws to execute arbitrary code.", "cvss3": {}, "published": "2017-08-07T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3927-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11176", "CVE-2017-7346", "CVE-2017-10810", "CVE-2017-7533", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-9605", "CVE-2017-1000365"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703927", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703927", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3927.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3927-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703927\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-1000365\", \"CVE-2017-10810\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-7346\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-9605\");\n script_name(\"Debian Security Advisory DSA 3927-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-07 00:00:00 +0200 (Mon, 07 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3927.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems will be fixed in\na subsequent DSA.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u3.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7346\nLi Qiang discovered that the DRM driver for VMware virtual GPUs does\nnot properly check user-controlled values in the\nvmw_surface_define_ioctl() functions for upper limits. A local user\ncan take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\nFan Wu and Shixiong Zhao discovered a race condition between inotify\nevents and VFS rename operations allowing an unprivileged local\nattacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\nA buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\ndriver could allow a local user to cause kernel memory corruption,\nleading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-9605\nMurray McAllister discovered that the DRM driver for VMware virtual\nGPUs does not properly initialize memory, potentially allowing a\nlocal attacker to obtain sensitive information from uninitialized\nkernel memory via a crafted ioctl call.\n\nCVE-2017-10810\nLi Qiang discovered a memory leak flaw within the VirtIO GPU driver\nresulting in denial of service (memory consumption).\n\nCVE-2017-10911 /\nXSA-216\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\nIt was discovered that the mq_notify() function does not set the\nsock pointer to NULL upon entry into the retry logic. An attacker\ncan take advantage of this flaw during a user-space close of a\nNetlink socket to cause a denial of service or potentially cause\nother impact.\n\nCVE-2017-1000365\nIt was discovered that argument and environment pointers are not\ntaken properly into account to the imposed size restrictions on\narguments and environmental strings passed through\nRLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\nthis flaw in conjunction with other flaws to execute arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3469-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843354", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3469_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-lts-xenial USN-3469-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843354\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:02:28 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12192\", \"CVE-2017-14051\",\n \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\",\n \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\", \"CVE-2017-12154\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3469-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3469-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding\n updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\n Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver\n did not properly initialize some data structures before passing them to user\n space. A local attacker in a guest VM could use this to expose sensitive\n information from the host OS or other guest VMs. (CVE-2017-10911) Bo Zhang\n discovered that the netlink wireless configuration interface in the Linux kernel\n did not properly validate attributes when handling certain requests. A local\n attacker with the CAP_NET_ADMIN could use this to cause a denial of service\n (system crash). (CVE-2017-12153) It was discovered that the nested KVM\n implementation in the Linux kernel in some situations did not properly prevent\n second level guests from reading and writing the hardware CR8 register. A local\n attacker in a guest could use this to cause a denial of service (system crash).\n It was discovered that the key management subsystem in the Linux kernel did not\n properly restrict key reads on negatively instantiated keys. A local attacker\n could use this to cause a denial of service (system crash). (CVE-2017-12192) It\n was discovered that an integer overflow existed in the sysfs interface for the\n QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker\n could use this to cause a denial of service (system crash). (CVE-2017-14051) It\n was discovered that the ATI Radeon framebuffer driver in the Linux kernel did\n not properly initialize a data structure returned to user space. A local\n attacker could use this to expose sensitive information (kernel memory).\n (CVE-2017-14156) Dave Chinner discovered that the XFS filesystem did not enforce\n that the realtime inode flag was settable only on filesystems on a realtime\n device. A local attacker could use this to cause a denial of service (system\n crash). (CVE-2017-14340) ChunYu Wang discovered that the iSCSI transport\n implementation in the Linux kernel did not properly validate data structures. A\n local attacker could use this to cause a denial of service (system crash).\n (CVE-2017-14489) It was discovered that the generic SCSI driver in the Linux\n kernel did not properly initialize data returned to user space in some\n situations. A local attacker could use this to expose sensitive information\n (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating\n Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts\n to set reserved bits in a tas ... Description truncated, for more information\n please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3469-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3469-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-generic\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-generic-lpae\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-lowlatency\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc-e500mc\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc-smp\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc64-emb\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc64-smp\", ver:\"4.4.0-98.121~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.98.82\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:49:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-07T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2017:2941-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15268", "CVE-2017-11334", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-10806", "CVE-2017-13672", "CVE-2017-11434", "CVE-2017-9524"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851641", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851641\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-07 11:05:48 +0100 (Tue, 07 Nov 2017)\");\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11334\",\n \"CVE-2017-11434\", \"CVE-2017-12809\", \"CVE-2017-13672\", \"CVE-2017-14167\",\n \"CVE-2017-15038\", \"CVE-2017-15268\", \"CVE-2017-15289\", \"CVE-2017-9524\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2017:2941-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942).\n\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block\n Device (NBD) Server support allowed remote attackers to cause a denial\n of service (segmentation fault and server crash) by leveraging failure\n to ensure that all initialization occurs talking to a client in the\n nbd_negotiate function (bsc#1043808).\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block are ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2941-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg\", rpm:\"qemu-block-dmg~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-dmg-debuginfo\", rpm:\"qemu-block-dmg-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi\", rpm:\"qemu-block-iscsi~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-iscsi-debuginfo\", rpm:\"qemu-block-iscsi-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh\", rpm:\"qemu-block-ssh~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-ssh-debuginfo\", rpm:\"qemu-block-ssh-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-testsuite\", rpm:\"qemu-testsuite~2.6.2~31.9.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.9.1~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-sgabios\", rpm:\"qemu-sgabios~8~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.9.1~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd\", rpm:\"qemu-block-rbd~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-block-rbd-debuginfo\", rpm:\"qemu-block-rbd-debuginfo~2.6.2~31.9.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-01T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3469-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3469_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3469-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843358\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-01 05:04:22 +0100 (Wed, 01 Nov 2017)\");\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12192\", \"CVE-2017-14051\",\n \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\",\n \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\", \"CVE-2017-12154\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3469-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Anthony Perard discovered that the Xen\n virtual block driver did not properly initialize some data structures before\n passing them to user space. A local attacker in a guest VM could use this to\n expose sensitive information from the host OS or other guest VMs.\n (CVE-2017-10911) Bo Zhang discovered that the netlink wireless configuration\n interface in the Linux kernel did not properly validate attributes when handling\n certain requests. A local attacker with the CAP_NET_ADMIN could use this to\n cause a denial of service (system crash). (CVE-2017-12153) It was discovered\n that the nested KVM implementation in the Linux kernel in some situations did\n not properly prevent second level guests from reading and writing the hardware\n CR8 register. A local attacker in a guest could use this to cause a denial of\n service (system crash). It was discovered that the key management subsystem in\n the Linux kernel did not properly restrict key reads on negatively instantiated\n keys. A local attacker could use this to cause a denial of service (system\n crash). (CVE-2017-12192) It was discovered that an integer overflow existed in\n the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\n A local privileged attacker could use this to cause a denial of service (system\n crash). (CVE-2017-14051) It was discovered that the ATI Radeon framebuffer\n driver in the Linux kernel did not properly initialize a data structure returned\n to user space. A local attacker could use this to expose sensitive information\n (kernel memory). (CVE-2017-14156) Dave Chinner discovered that the XFS\n filesystem did not enforce that the realtime inode flag was settable only on\n filesystems on a realtime device. A local attacker could use this to cause a\n denial of service (system crash). (CVE-2017-14340) ChunYu Wang discovered that\n the iSCSI transport implementation in the Linux kernel did not properly validate\n data structures. A local attacker could use this to cause a denial of service\n (system crash). (CVE-2017-14489) It was discovered that the generic SCSI driver\n in the Linux kernel did not properly initialize data returned to user space in\n some situations. A local attacker could use this to expose sensitive information\n (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating\n Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts\n to set reserved bits in a task's extended state (xstate) area. A local attacker\n could use this to cause a denial of service (system crash). (CVE-2017-15537)\n Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in\n the Linux kernel contained race conditions when fetching from the ring-buffer. A\n local attacker could use this to cause a denial of service (infinite loop).\n (CVE-2017-9984, CVE-2017-9985)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3469-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3469-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1009-kvm\", ver:\"4.4.0-1009.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1033-gke\", ver:\"4.4.0-1033.33\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1039-aws\", ver:\"4.4.0-1039.48\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1076-raspi2\", ver:\"4.4.0-1076.84\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1078-snapdragon\", ver:\"4.4.0-1078.83\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-generic\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-generic-lpae\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-lowlatency\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc-e500mc\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc-smp\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc64-emb\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-98-powerpc64-smp\", ver:\"4.4.0-98.121\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1039.41\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.4.0.1033.34\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1009.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.98.103\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1076.76\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1078.70\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:58", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2014-9940\nA use-after-free flaw in the voltage and current regulator driver\ncould allow a local user to cause a denial of service or potentially\nescalate privileges.\n\nCVE-2017-7346\nLi Qiang discovered that the DRM driver for VMware virtual GPUs does\nnot properly check user-controlled values in the\nvmw_surface_define_ioctl() functions for upper limits. A local user\ncan take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\nFan Wu and Shixiong Zhao discovered a race condition between inotify\nevents and VFS rename operations allowing an unprivileged local\nattacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\nA buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\ndriver could allow a local user to cause kernel memory corruption,\nleading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain\nsensitive information or potentially execute arbitrary code.\n\nCVE-2017-9605\nMurray McAllister discovered that the DRM driver for VMware virtual\nGPUs does not properly initialize memory, potentially allowing a\nlocal attacker to obtain sensitive information from uninitialized\nkernel memory via a crafted ioctl call.\n\nCVE-2017-10911\n/ XSA-216\n\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\nIt was discovered that the mq_notify() function does not set the\nsock pointer to NULL upon entry into the retry logic. An attacker\ncan take advantage of this flaw during a userspace close of a\nNetlink socket to cause a denial of service or potentially cause\nother impact.\n\nCVE-2017-1000363\nRoee Hay reported that the lp driver does not properly bounds-check\npassed arguments, allowing a local attacker with write access to the\nkernel command line arguments to execute arbitrary code.\n\nCVE-2017-1000365\nIt was discovered that argument and environment pointers are not\ntaken properly into account to the imposed size restrictions on\narguments and environmental strings passed through\nRLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\nthis flaw in conjunction with other flaws to execute arbitrary code.", "cvss3": {}, "published": "2017-08-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3945-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11176", "CVE-2017-7889", "CVE-2017-7346", "CVE-2014-9940", "CVE-2017-7533", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-1000363", "CVE-2017-7542", "CVE-2017-9605", "CVE-2017-1000365"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703945", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703945", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3945.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3945-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703945\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-7346\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-7889\", \"CVE-2017-9605\");\n script_name(\"Debian Security Advisory DSA 3945-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-17 00:00:00 +0200 (Thu, 17 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3945.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u3.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2014-9940\nA use-after-free flaw in the voltage and current regulator driver\ncould allow a local user to cause a denial of service or potentially\nescalate privileges.\n\nCVE-2017-7346\nLi Qiang discovered that the DRM driver for VMware virtual GPUs does\nnot properly check user-controlled values in the\nvmw_surface_define_ioctl() functions for upper limits. A local user\ncan take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\nFan Wu and Shixiong Zhao discovered a race condition between inotify\nevents and VFS rename operations allowing an unprivileged local\nattacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\nA buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\ndriver could allow a local user to cause kernel memory corruption,\nleading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain\nsensitive information or potentially execute arbitrary code.\n\nCVE-2017-9605\nMurray McAllister discovered that the DRM driver for VMware virtual\nGPUs does not properly initialize memory, potentially allowing a\nlocal attacker to obtain sensitive information from uninitialized\nkernel memory via a crafted ioctl call.\n\nCVE-2017-10911\n/ XSA-216\n\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\nIt was discovered that the mq_notify() function does not set the\nsock pointer to NULL upon entry into the retry logic. An attacker\ncan take advantage of this flaw during a userspace close of a\nNetlink socket to cause a denial of service or potentially cause\nother impact.\n\nCVE-2017-1000363\nRoee Hay reported that the lp driver does not properly bounds-check\npassed arguments, allowing a local attacker with write access to the\nkernel command line arguments to execute arbitrary code.\n\nCVE-2017-1000365\nIt was discovered that argument and environment pointers are not\ntaken properly into account to the imposed size restrictions on\narguments and environmental strings passed through\nRLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\nthis flaw in conjunction with other flaws to execute arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-14T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2017-c3149b5fcb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10919", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10923", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872848", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872848", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2017-c3149b5fcb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872848\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:55:13 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\",\n \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10918\", \"CVE-2017-10919\",\n \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-10923\",\n \"CVE-2017-10917\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2017-c3149b5fcb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-c3149b5fcb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2YX6P3ST264BWLGBSE2UODOT2T4KEXK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.7.2~7.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for qemu USN-3414-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9503", "CVE-2017-9375", "CVE-2017-8112", "CVE-2017-7493", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-8380", "CVE-2017-12809", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9060", "CVE-2017-10806", "CVE-2017-11434", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843303", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843303", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3414_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for qemu USN-3414-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843303\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-14 07:19:48 +0200 (Thu, 14 Sep 2017)\");\n script_cve_id(\"CVE-2017-7493\", \"CVE-2017-8112\", \"CVE-2017-8380\", \"CVE-2017-9060\",\n \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\",\n \"CVE-2017-9375\", \"CVE-2017-9503\", \"CVE-2017-9524\", \"CVE-2017-10664\",\n \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11434\", \"CVE-2017-12809\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qemu USN-3414-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Leo Gaspard discovered that QEMU incorrectly\n handled VirtFS access control. A guest attacker could use this issue to elevate\n privileges inside the guest. (CVE-2017-7493) Li Qiang discovered that QEMU\n incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the\n guest could use this issue to cause QEMU to consume resources or crash,\n resulting in a denial of service. (CVE-2017-8112) It was discovered that QEMU\n incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A\n privileged attacker inside the guest could use this issue to cause QEMU to\n crash, resulting in a denial of service, or possibly to obtain sensitive host\n memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04.\n (CVE-2017-8380) Li Qiang discovered that QEMU incorrectly handled the Virtio GPU\n device. An attacker inside the guest could use this issue to cause QEMU to\n consume resources and crash, resulting in a denial of service. This issue only\n affected Ubuntu 17.04. (CVE-2017-9060) Li Qiang discovered that QEMU incorrectly\n handled the e1000e device. A privileged attacker inside the guest could use this\n issue to cause QEMU to hang, resulting in a denial of service. This issue only\n affected Ubuntu 17.04. (CVE-2017-9310) Li Qiang discovered that QEMU incorrectly\n handled USB OHCI emulation support. An attacker inside the guest could use this\n issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330)\n Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A\n privileged attacker inside the guest could use this issue to cause QEMU to\n consume resources and crash, resulting in a denial of service. (CVE-2017-9373)\n Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A\n privileged attacker inside the guest could use this issue to cause QEMU to\n consume resources and crash, resulting in a denial of service. (CVE-2017-9374)\n Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A\n privileged attacker inside the guest could use this issue to cause QEMU to hang,\n resulting in a denial of service. (CVE-2017-9375) Zhangyanyu discovered that\n QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support. A privileged attacker inside the guest could use this issue to cause\n QEMU to crash, resulting in a denial of service. (CVE-2017-9503) It was\n discovered that the QEMU qemu-nbd server incorrectly handled initialization. A\n remote attacker could use this issue to cause the server to crash, resulting in\n a denial of service. (CVE-2017-9524) It was discovered t ... Description\n truncated, for more information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3414-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3414-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.0.0+dfsg-2ubuntu1.35\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.0.0+dfsg-2ubuntu1.35\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.0.0+dfsg-2ubuntu1.35\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.0.0+dfsg-2ubuntu1.35\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.0.0+dfsg-2ubuntu1.35\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.0.0+dfsg-2ubuntu1.35\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.0.0+dfsg-2ubuntu1.35\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.0.0+dfsg-2ubuntu1.35\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-3ubuntu2.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.8+dfsg-3ubuntu2.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-3ubuntu2.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-3ubuntu2.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-3ubuntu2.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-3ubuntu2.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.8+dfsg-3ubuntu2.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-3ubuntu2.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-3ubuntu2.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.5+dfsg-5ubuntu10.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.5+dfsg-5ubuntu10.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.5+dfsg-5ubuntu10.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.5+dfsg-5ubuntu10.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.5+dfsg-5ubuntu10.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.5+dfsg-5ubuntu10.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.5+dfsg-5ubuntu10.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.5+dfsg-5ubuntu10.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.5+dfsg-5ubuntu10.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for qemu USN-3414-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9503", "CVE-2017-9375", "CVE-2017-8112", "CVE-2017-7493", "CVE-2017-9374", "CVE-2017-9330", "CVE-2017-8380", "CVE-2017-12809", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-9060", "CVE-2017-10806", "CVE-2017-11434", "CVE-2017-9373", "CVE-2017-9524", "CVE-2017-9310"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3414_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for qemu USN-3414-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843314\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-21 07:18:56 +0200 (Thu, 21 Sep 2017)\");\n script_cve_id(\"CVE-2017-9375\", \"CVE-2017-7493\", \"CVE-2017-8112\", \"CVE-2017-8380\",\n \"CVE-2017-9060\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\",\n \"CVE-2017-9374\", \"CVE-2017-9503\", \"CVE-2017-9524\", \"CVE-2017-10664\",\n \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11434\", \"CVE-2017-12809\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for qemu USN-3414-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3414-1 fixed vulnerabilities in QEMU.\n The patch backport for CVE-2017-9375 was incomplete and caused a regression in\n the USB xHCI controller emulation support. This update fixes the problem. We\n apologize for the inconvenience. Original advisory details: Leo Gaspard\n discovered that QEMU incorrectly handled VirtFS access control. A guest attacker\n could use this issue to elevate privileges inside the guest. (CVE-2017-7493) Li\n Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A\n privileged attacker inside the guest could use this issue to cause QEMU to\n consume resources or crash, resulting in a denial of service. (CVE-2017-8112) It\n was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus\n Adapter emulation support. A privileged attacker inside the guest could use this\n issue to cause QEMU to crash, resulting in a denial of service, or possibly to\n obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and\n Ubuntu 17.04. (CVE-2017-8380) Li Qiang discovered that QEMU incorrectly handled\n the Virtio GPU device. An attacker inside the guest could use this issue to\n cause QEMU to consume resources and crash, resulting in a denial of service.\n This issue only affected Ubuntu 17.04. (CVE-2017-9060) Li Qiang discovered that\n QEMU incorrectly handled the e1000e device. A privileged attacker inside the\n guest could use this issue to cause QEMU to hang, resulting in a denial of\n service. This issue only affected Ubuntu 17.04. (CVE-2017-9310) Li Qiang\n discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker\n inside the guest could use this issue to cause QEMU to crash, resulting in a\n denial of service. (CVE-2017-9330) Li Qiang discovered that QEMU incorrectly\n handled IDE AHCI emulation support. A privileged attacker inside the guest could\n use this issue to cause QEMU to consume resources and crash, resulting in a\n denial of service. (CVE-2017-9373) Li Qiang discovered that QEMU incorrectly\n handled USB EHCI emulation support. A privileged attacker inside the guest could\n use this issue to cause QEMU to consume resources and crash, resulting in a\n denial of service. (CVE-2017-9374) Li Qiang discovered that QEMU incorrectly\n handled USB xHCI emulation support. A privileged attacker inside the guest could\n use this issue to cause QEMU to hang, resulting in a denial of service.\n (CVE-2017-9375) Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS\n 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the\n guest could use this issue to cause QEMU to crash, resulting in a denial ...\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"qemu on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3414-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3414-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"2.0.0+dfsg-2ubuntu1.36\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"2.0.0+dfsg-2ubuntu1.36\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"2.0.0+dfsg-2ubuntu1.36\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"2.0.0+dfsg-2ubuntu1.36\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"2.0.0+dfsg-2ubuntu1.36\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"2.0.0+dfsg-2ubuntu1.36\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"2.0.0+dfsg-2ubuntu1.36\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"2.0.0+dfsg-2ubuntu1.36\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.8+dfsg-3ubuntu2.5\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.8+dfsg-3ubuntu2.5\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.8+dfsg-3ubuntu2.5\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.8+dfsg-3ubuntu2.5\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.8+dfsg-3ubuntu2.5\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.8+dfsg-3ubuntu2.5\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.8+dfsg-3ubuntu2.5\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.8+dfsg-3ubuntu2.5\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.8+dfsg-3ubuntu2.5\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.5+dfsg-5ubuntu10.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-aarch64\", ver:\"1:2.5+dfsg-5ubuntu10.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.5+dfsg-5ubuntu10.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.5+dfsg-5ubuntu10.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.5+dfsg-5ubuntu10.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.5+dfsg-5ubuntu10.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-s390x\", ver:\"1:2.5+dfsg-5ubuntu10.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.5+dfsg-5ubuntu10.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.5+dfsg-5ubuntu10.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-09T17:48:36", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1498)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9806", "CVE-2017-11176", "CVE-2016-9794", "CVE-2016-9754", "CVE-2017-12188", "CVE-2017-1000111", "CVE-2016-9793", "CVE-2017-1000252", "CVE-2017-10810", "CVE-2017-11473", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-1000364", "CVE-2017-10911", "CVE-2017-1000410", "CVE-2017-1000370", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "modified": "2020-06-08T00:00:00", "id": "OPENVAS:1361412562311220191498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191498", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1498\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_cve_id(\"CVE-2016-9754\", \"CVE-2016-9793\", \"CVE-2016-9794\", \"CVE-2016-9806\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000252\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000410\", \"CVE-2017-10661\", \"CVE-2017-10810\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-11600\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12188\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:56:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1498)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1498\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1498\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1498 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754)\n\nA flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND<pipe>RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption.(CVE-2016-9793)\n\nA use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9794)\n\nA double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806)\n\nA race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) can use this issue to crash the system.(CVE-2017-1000111)\n\nAn exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.(CVE-2017-1000112)\n\nA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64le), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execute ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-09T19:17:21", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\n\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain\nsensitive information or potentially execute arbitrary code.\n\nDescription truncated. Please see the references for more information.\n\nFor Debian 7 ", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for linux (DLA-1099-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11176", "CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-7889", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000363", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "modified": "2020-06-08T00:00:00", "id": "OPENVAS:1361412562310891099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891099", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891099\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-11600\", \"CVE-2017-12134\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14106\", \"CVE-2017-14140\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-7482\", \"CVE-2017-7542\", \"CVE-2017-7889\");\n script_name(\"Debian LTS: Security Advisory for linux (DLA-1099-1)\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00017.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 'Stretch', these problems have been fixed in version\n4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\n\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain\nsensitive information or potentially execute arbitrary code.\n\nDescription truncated. Please see the references for more information.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-486\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armel\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-armhf\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-all-i386\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-common-rt\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-iop32x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-ixp4xx\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-kirkwood\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mv78xx0\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-mx5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-omap\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-orion5x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-rt-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-versatile\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.2.0-5-vexpress\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-486\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-686-pae-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-amd64-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-iop32x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-ixp4xx\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-kirkwood\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mv78xx0\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-mx5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-omap\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-orion5x\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-686-pae-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-rt-amd64-dbg\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-versatile\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.2.0-5-vexpress\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.2.0-5\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-686-pae\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-5-amd64\", ver:\"3.2.93-1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:38:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1478)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-5828", "CVE-2017-7645", "CVE-2017-5967", "CVE-2013-4270", "CVE-2017-16537", "CVE-2016-2544", "CVE-2015-0570", "CVE-2016-4558", "CVE-2017-10911", "CVE-2017-16647", "CVE-2015-5697", "CVE-2017-16643", "CVE-2017-2647", "CVE-2018-12233", "CVE-2014-5207", "CVE-2016-6130", "CVE-2015-8845", "CVE-2013-4299", "CVE-2018-15572"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191478", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1478\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-4270\", \"CVE-2013-4299\", \"CVE-2014-5207\", \"CVE-2015-0570\", \"CVE-2015-5697\", \"CVE-2015-8845\", \"CVE-2016-2544\", \"CVE-2016-4558\", \"CVE-2016-5828\", \"CVE-2016-6130\", \"CVE-2017-10911\", \"CVE-2017-16537\", \"CVE-2017-16643\", \"CVE-2017-16647\", \"CVE-2017-2647\", \"CVE-2017-5967\", \"CVE-2017-7472\", \"CVE-2017-7645\", \"CVE-2018-12233\", \"CVE-2018-15572\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:51:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1478)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1478\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1478\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1478 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.(CVE-2018-12233)\n\nThe spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.(CVE-2018-15572)\n\nRace condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.(CVE-2016-2544)\n\nA flaw was found in the Linux kernel's implementation of BPF in which systems can application can overflow a 32 bit refcount in both program and map refcount. This refcount can wrap and end up a user after free.(CVE-2016-4558)\n\nInterpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.(CVE-2013-4299)\n\nThe imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537)\n\nA vulnerability in the handling of Transactional Memory on powerpc systems was found. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec() class system calls.(CVE-2016-5828)\n\nA cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read private information from user space that would not otherwise have been accessible.(CVE-2015-5697)\n\nThe parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643)\n\nRace condition in the ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:06:50", "description": "Infinite loop issues in the USB xHCI, in the transfer mode register\nof the SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\nImproper access control issues in the host directory sharing via\n9pfs support.\n\nCVE-2017-7980\n\nHeap-based buffer overflow in the Cirrus VGA device that could allow\nlocal guest OS users to execute arbitrary code or cause a denial of\nservice\n\nCVE-2017-8086\n\n9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\nInfinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\nHost memory leakage issues via the audio capture buffer and the\nkeyboard input event handlers\n\nCVE-2017-9330\n\nInfinite loop due to incorrect return value in USB OHCI that may\nresult in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\nHost memory leakage during hot unplug in IDE AHCI and USB emulated\ndevices that could result in denial of service\n\nCVE-2017-9503\n\nNull pointer dereference while processing megasas command\n\nCVE-2017-10806\n\nStack buffer overflow in USB redirector\n\nCVE-2017-10911\n\nXen disk may leak stack data via response ring\n\nCVE-2017-11434\n\nOut-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\nOut-of-bounds access while processing multiboot headers that could\nresult in the execution of arbitrary code\n\nCVE-2017-15038\n\n9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\nOut-of-bounds write access issue in the Cirrus graphic adaptor that\ncould result in denial of service\n\nCVE-2017-16845\n\nInformation leak in the PS/2 mouse and keyboard emulation support that\ncould be exploited during instance migration\n\nCVE-2017-18043\n\nInteger overflow in the macro ROUND_UP (n, d) that could result in\ndenial of service\n\nCVE-2018-7550\n\nIncorrect handling of memory during multiboot that could may result in\nexecution of arbitrary code", "cvss3": {}, "published": "2018-09-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for qemu (DLA-1497-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16845", "CVE-2018-5683", "CVE-2017-9503", "CVE-2016-9776", "CVE-2017-8112", "CVE-2017-7493", "CVE-2016-9915", "CVE-2017-7718", "CVE-2016-10155", "CVE-2016-9922", "CVE-2017-9374", "CVE-2017-8379", "CVE-2017-7980", "CVE-2017-15038", "CVE-2017-2615", "CVE-2015-8666", "CVE-2017-8086", "CVE-2017-5526", "CVE-2017-6505", "CVE-2016-9916", "CVE-2017-14167", "CVE-2017-9330", "CVE-2016-6835", "CVE-2017-7377", "CVE-2016-8669", "CVE-2017-5525", "CVE-2017-15289", "CVE-2017-5579", "CVE-2016-9914", "CVE-2017-5973", "CVE-2017-8309", "CVE-2017-5715", "CVE-2017-5987", "CVE-2017-18030", "CVE-2016-8667", "CVE-2017-10911", "CVE-2016-2198", "CVE-2017-10806", "CVE-2016-9921", "CVE-2016-8576", "CVE-2016-9602", "CVE-2017-2620", "CVE-2017-5856", "CVE-2017-5667", "CVE-2016-6833", "CVE-2016-9907", "CVE-2016-9911", "CVE-2018-7550", "CVE-2017-11434", "CVE-2017-9373", "CVE-2017-18043", "CVE-2016-9603"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891497", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891497", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891497\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-8666\", \"CVE-2016-10155\", \"CVE-2016-2198\", \"CVE-2016-6833\", \"CVE-2016-6835\",\n \"CVE-2016-8576\", \"CVE-2016-8667\", \"CVE-2016-8669\", \"CVE-2016-9602\", \"CVE-2016-9603\",\n \"CVE-2016-9776\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9914\", \"CVE-2016-9915\",\n \"CVE-2016-9916\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-10806\", \"CVE-2017-10911\",\n \"CVE-2017-11434\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15289\", \"CVE-2017-16845\",\n \"CVE-2017-18030\", \"CVE-2017-18043\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\",\n \"CVE-2017-5526\", \"CVE-2017-5579\", \"CVE-2017-5667\", \"CVE-2017-5715\", \"CVE-2017-5856\",\n \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2017-6505\", \"CVE-2017-7377\", \"CVE-2017-7493\",\n \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8112\", \"CVE-2017-8309\",\n \"CVE-2017-8379\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9503\",\n \"CVE-2018-5683\", \"CVE-2018-7550\");\n script_name(\"Debian LTS: Security Advisory for qemu (DLA-1497-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-07 00:00:00 +0200 (Fri, 07 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"qemu on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:2.1+dfsg-12+deb8u7.\n\nWe recommend that you upgrade your qemu packages.\");\n\n script_tag(name:\"summary\", value:\"Infinite loop issues in the USB xHCI, in the transfer mode register\nof the SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\nImproper access control issues in the host directory sharing via\n9pfs support.\n\nCVE-2017-7980\n\nHeap-based buffer overflow in the Cirrus VGA device that could allow\nlocal guest OS users to execute arbitrary code or cause a denial of\nservice\n\nCVE-2017-8086\n\n9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\nInfinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\nHost memory leakage issues via the audio capture buffer and the\nkeyboard input event handlers\n\nCVE-2017-9330\n\nInfinite loop due to incorrect return value in USB OHCI that may\nresult in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\nHost memory leakage during hot unplug in IDE AHCI and USB emulated\ndevices that could result in denial of service\n\nCVE-2017-9503\n\nNull pointer dereference while processing megasas command\n\nCVE-2017-10806\n\nStack buffer overflow in USB redirector\n\nCVE-2017-10911\n\nXen disk may leak stack data via response ring\n\nCVE-2017-11434\n\nOut-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\nOut-of-bounds access while processing multiboot headers that could\nresult in the execution of arbitrary code\n\nCVE-2017-15038\n\n9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\nOut-of-bounds write access issue in the Cirrus graphic adaptor that\ncould result in denial of service\n\nCVE-2017-16845\n\nInformation leak in the PS/2 mouse and keyboard emulation support that\ncould be exploited during instance migration\n\nCVE-2017-18043\n\nInteger overflow in the macro ROUND_UP (n, d) that could result in\ndenial of service\n\nCVE-2018-7550\n\nIncorrect handling of memory during multiboot that could may result in\nexecution of arbitrary code\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"qemu\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-guest-agent\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-arm\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-common\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-mips\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-misc\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-ppc\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-sparc\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-system-x86\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-binfmt\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"1:2.1+dfsg-12+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:35:51", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be 'jumped' over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).(CVE-2017-1000364)\n\n - The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911)\n\n - Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.(CVE-2015-8839)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2017-1000364", "CVE-2017-10911"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1154.NASL", "href": "https://www.tenable.com/plugins/nessus/102241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102241);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-8839\",\n \"CVE-2017-1000364\",\n \"CVE-2017-10911\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1154)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the size of the stack guard\n page on Linux, specifically a 4k stack guard page is\n not sufficiently large and can be 'jumped' over (the\n stack guard page is bypassed), this affects Linux\n Kernel versions 4.11.5 and earlier (the stackguard page\n was introduced in 2010).(CVE-2017-1000364)\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911)\n\n - Multiple race conditions in the ext4 filesystem\n implementation in the Linux kernel before 4.5 allow\n local users to cause a denial of service (disk\n corruption) by writing to a page that is associated\n with a different user's file after unsynchronized hole\n punching and page-fault handling.(CVE-2015-8839)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1154\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?63dbe3aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.138\",\n \"kernel-debug-3.10.0-229.49.1.138\",\n \"kernel-debuginfo-3.10.0-229.49.1.138\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.138\",\n \"kernel-devel-3.10.0-229.49.1.138\",\n \"kernel-headers-3.10.0-229.49.1.138\",\n \"kernel-tools-3.10.0-229.49.1.138\",\n \"kernel-tools-libs-3.10.0-229.49.1.138\",\n \"perf-3.10.0-229.49.1.138\",\n \"python-perf-3.10.0-229.49.1.138\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:58", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be 'jumped' over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).(CVE-2017-1000364)\n\n - The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911)\n\n - Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.(CVE-2015-8839)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2017-1000364", "CVE-2017-10911"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1155.NASL", "href": "https://www.tenable.com/plugins/nessus/102242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102242);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-8839\",\n \"CVE-2017-1000364\",\n \"CVE-2017-10911\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1155)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the size of the stack guard\n page on Linux, specifically a 4k stack guard page is\n not sufficiently large and can be 'jumped' over (the\n stack guard page is bypassed), this affects Linux\n Kernel versions 4.11.5 and earlier (the stackguard page\n was introduced in 2010).(CVE-2017-1000364)\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911)\n\n - Multiple race conditions in the ext4 filesystem\n implementation in the Linux kernel before 4.5 allow\n local users to cause a denial of service (disk\n corruption) by writing to a page that is associated\n with a different user's file after unsynchronized hole\n punching and page-fault handling.(CVE-2015-8839)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1155\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f563fb84\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.55.58.94.h9\",\n \"kernel-debug-3.10.0-327.55.58.94.h9\",\n \"kernel-debug-devel-3.10.0-327.55.58.94.h9\",\n \"kernel-debuginfo-3.10.0-327.55.58.94.h9\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.55.58.94.h9\",\n \"kernel-devel-3.10.0-327.55.58.94.h9\",\n \"kernel-headers-3.10.0-327.55.58.94.h9\",\n \"kernel-tools-3.10.0-327.55.58.94.h9\",\n \"kernel-tools-libs-3.10.0-327.55.58.94.h9\",\n \"perf-3.10.0-327.55.58.94.h9\",\n \"python-perf-3.10.0-327.55.58.94.h9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:16:02", "description": "An update of the linux package has been released.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2017-0029", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000112", "CVE-2017-10911", "CVE-2017-7533", "CVE-2017-7542"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0029_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121724", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0029. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121724);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2017-7533\",\n \"CVE-2017-7542\",\n \"CVE-2017-10911\",\n \"CVE-2017-1000112\"\n );\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0029\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-62.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7533\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.82-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.82-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-03T17:07:03", "description": "USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3468-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000252", "CVE-2017-10663", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-14340"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3468-2.NASL", "href": "https://www.tenable.com/plugins/nessus/104318", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3468-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104318);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_xref(name:\"USN\", value:\"3468-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3468-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not\nproperly bound guest IRQs. A local attacker in a guest VM could use\nthis to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs)\nimplementation in the Linux kernel did not properly validate\nsuperblock metadata. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the\nPOSIX message queue implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3468-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3468-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-38-generic\", pkgver:\"4.10.0-38.42~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-38-generic-lpae\", pkgver:\"4.10.0-38.42~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-38-lowlatency\", pkgver:\"4.10.0-38.42~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.10.0.38.40\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.10.0.38.40\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.10.0.38.40\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-03T17:08:31", "description": "It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-gcp vulnerabilities (USN-3468-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000252", "CVE-2017-10663", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-14340"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3468-3.NASL", "href": "https://www.tenable.com/plugins/nessus/104319", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3468-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104319);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_xref(name:\"USN\", value:\"3468-3\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-gcp vulnerabilities (USN-3468-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the KVM subsystem in the Linux kernel did not\nproperly bound guest IRQs. A local attacker in a guest VM could use\nthis to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs)\nimplementation in the Linux kernel did not properly validate\nsuperblock metadata. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the\nPOSIX message queue implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3468-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.10-gcp and / or linux-image-gcp\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3468-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-1008-gcp\", pkgver:\"4.10.0-1008.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.10.0.1008.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-gcp / linux-image-gcp\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-03T17:07:03", "description": "It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3468-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000252", "CVE-2017-10663", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-14340"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3468-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104317", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3468-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104317);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_xref(name:\"USN\", value:\"3468-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3468-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the KVM subsystem in the Linux kernel did not\nproperly bound guest IRQs. A local attacker in a guest VM could use\nthis to cause a denial of service (host system crash).\n(CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs)\nimplementation in the Linux kernel did not properly validate\nsuperblock metadata. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the\nPOSIX message queue implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3468-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000252\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3468-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1020-raspi2\", pkgver:\"4.10.0-1020.23\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-38-generic\", pkgver:\"4.10.0-38.42\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-38-generic-lpae\", pkgver:\"4.10.0-38.42\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-38-lowlatency\", pkgver:\"4.10.0-38.42\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.38.38\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.38.38\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.38.38\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1020.21\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:44", "description": "Multiple vulnerabilities were found in qemu, a fast processor emulator :\n\n - CVE-2017-9310 Denial of service via infinite loop in e1000e NIC emulation.\n\n - CVE-2017-9330 Denial of service via infinite loop in USB OHCI emulation.\n\n - CVE-2017-9373 Denial of service via memory leak in IDE AHCI emulation.\n\n - CVE-2017-9374 Denial of service via memory leak in USB EHCI emulation.\n\n - CVE-2017-10664 Denial of service in qemu-nbd server.\n\n - CVE-2017-10911 Information leak in Xen blkif response handling.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Debian DSA-3920-1 : qemu - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-10911", "CVE-2017-9310", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3920.NASL", "href": "https://www.tenable.com/plugins/nessus/101985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3920. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101985);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10911\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\");\n script_xref(name:\"DSA\", value:\"3920\");\n\n script_name(english:\"Debian DSA-3920-1 : qemu - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in qemu, a fast processor emulator\n:\n\n - CVE-2017-9310\n Denial of service via infinite loop in e1000e NIC\n emulation.\n\n - CVE-2017-9330\n Denial of service via infinite loop in USB OHCI\n emulation.\n\n - CVE-2017-9373\n Denial of service via memory leak in IDE AHCI emulation.\n\n - CVE-2017-9374\n Denial of service via memory leak in USB EHCI emulation.\n\n - CVE-2017-10664\n Denial of service in qemu-nbd server.\n\n - CVE-2017-10911\n Information leak in Xen blkif response handling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3920\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu packages.\n\nFor the oldstable distribution (jessie), a separate DSA will be\nissued.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1:2.8+dfsg-6+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"qemu\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-block-extra\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-guest-agent\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-kvm\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-arm\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-common\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-mips\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-misc\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-ppc\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-sparc\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-system-x86\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-user\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-user-binfmt\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-user-static\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"qemu-utils\", reference:\"1:2.8+dfsg-6+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-03T17:08:03", "description": "Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10661)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10662, CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3470-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8632", "CVE-2017-10661", "CVE-2017-10662", "CVE-2017-10663", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-14340"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3470-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104322", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3470-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104322);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2016-8632\", \"CVE-2017-10661\", \"CVE-2017-10662\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n script_xref(name:\"USN\", value:\"3470-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3470-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qian Zhang discovered a heap-based buffer overflow in the\ntipc_msg_build() function in the Linux kernel. A local attacker could\nuse to cause a denial of service (system crash) or possibly execute\narbitrary code with administrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that a race condition existed in the timerfd\nsubsystem of the Linux kernel when handling might_cancel queuing. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-10661)\n\nIt was discovered that the Flash-Friendly File System (f2fs)\nimplementation in the Linux kernel did not properly validate\nsuperblock metadata. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2017-10662, CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the\nPOSIX message queue implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3470-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8632\", \"CVE-2017-10661\", \"CVE-2017-10662\", \"CVE-2017-10663\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-14340\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3470-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-135-generic\", pkgver:\"3.13.0-135.184\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-135-generic-lpae\", pkgver:\"3.13.0-135.184\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-135-lowlatency\", pkgver:\"3.13.0-135.184\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.135.144\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.135.144\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.135.144\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:43", "description": "This update for qemu to version 2.9.1 fixes several issues. It also announces that the qed storage format will be no longer supported in SLE 15 (fate#324200). These security issues were fixed :\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942)\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585)\n\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334)\n\n - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets (bsc#1056291).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2924-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-12809", "CVE-2017-13672", "CVE-2017-13711", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15268", "CVE-2017-15289"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi", "p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2924-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104376", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2924-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104376);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12809\", \"CVE-2017-13672\", \"CVE-2017-13711\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15268\", \"CVE-2017-15289\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2924-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu to version 2.9.1 fixes several issues. It also\nannounces that the qed storage format will be no longer supported in\nSLE 15 (fate#324200). These security issues were fixed :\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a\n memory leak by triggering slow data-channel read\n operations, related to io/channel-websock.c\n (bsc#1062942)\n\n - CVE-2017-15289: The mode4and5 write functions allowed\n local OS guest privileged users to cause a denial of\n service (out-of-bounds write access and Qemu process\n crash) via vectors related to dst calculation\n (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk\n function local guest OS users to obtain sensitive\n information from host heap memory via vectors related to\n reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux\n kernel allowed guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator\n support allowed local guest OS privileged users to cause\n a denial of service (NULL pointer dereference and QEMU\n process crash) by flushing an empty CDROM device drive\n (bsc#1054724)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot\n function allowed local guest OS users to execute\n arbitrary code on the host via crafted multiboot header\n address values, which trigger an out-of-bounds write\n (bsc#1057585)\n\n - CVE-2017-13672: The VGA display emulator support allowed\n local guest OS privileged users to cause a denial of\n service (out-of-bounds read and QEMU process crash) via\n vectors involving display update (bsc#1056334)\n\n - CVE-2017-13711: Use-after-free vulnerability allowed\n attackers to cause a denial of service (QEMU instance\n crash) by leveraging failure to properly clear ifq_so\n from pending packets (bsc#1056291).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12809/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13711/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15268/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15289/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172924-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?518a0b3f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1810=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1810=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"qemu-s390-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-curl-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-curl-debuginfo-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-iscsi-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-iscsi-debuginfo-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-ssh-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-block-ssh-debuginfo-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-debugsource-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-guest-agent-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-guest-agent-debuginfo-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-lang-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-tools-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-tools-debuginfo-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"qemu-kvm-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-kvm-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-tools-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.9.1-6.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-6.6.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:55", "description": "This update for qemu to version 2.9.1 fixes several issues.\n\nIt also announces that the qed storage format will be no longer supported in Leap 15.0.\n\nThese security issues were fixed :\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942)\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585)\n\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334)\n\n - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets (bsc#1056291).\n\nThese non-security issues were fixed :\n\n - Fixed not being able to build from rpm sources due to undefined macro (bsc#1057966)\n\n - Fiedx package build failure against new glibc (bsc#1055587)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : qemu (openSUSE-2017-1248)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-12809", "CVE-2017-13672", "CVE-2017-13711", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15268", "CVE-2017-15289"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-ksm", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1248.NASL", "href": "https://www.tenable.com/plugins/nessus/104423", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1248.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104423);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12809\", \"CVE-2017-13672\", \"CVE-2017-13711\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15268\", \"CVE-2017-15289\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2017-1248)\");\n script_summary(english:\"Check for the openSUSE-2017-1248 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu to version 2.9.1 fixes several issues.\n\nIt also announces that the qed storage format will be no longer\nsupported in Leap 15.0.\n\nThese security issues were fixed :\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a\n memory leak by triggering slow data-channel read\n operations, related to io/channel-websock.c\n (bsc#1062942)\n\n - CVE-2017-15289: The mode4and5 write functions allowed\n local OS guest privileged users to cause a denial of\n service (out-of-bounds write access and Qemu process\n crash) via vectors related to dst calculation\n (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk\n function local guest OS users to obtain sensitive\n information from host heap memory via vectors related to\n reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux\n kernel allowed guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator\n support allowed local guest OS privileged users to cause\n a denial of service (NULL pointer dereference and QEMU\n process crash) by flushing an empty CDROM device drive\n (bsc#1054724)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot\n function allowed local guest OS users to execute\n arbitrary code on the host via crafted multiboot header\n address values, which trigger an out-of-bounds write\n (bsc#1057585)\n\n - CVE-2017-13672: The VGA display emulator support allowed\n local guest OS privileged users to cause a denial of\n service (out-of-bounds read and QEMU process crash) via\n vectors involving display update (bsc#1056334)\n\n - CVE-2017-13711: Use-after-free vulnerability allowed\n attackers to cause a denial of service (QEMU instance\n crash) by leveraging failure to properly clear ifq_so\n from pending packets (bsc#1056291).\n\nThese non-security issues were fixed :\n\n - Fixed not being able to build from rpm sources due to\n undefined macro (bsc#1057966)\n\n - Fiedx package build failure against new glibc\n (bsc#1055587)\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063122\"\n );\n # https://features.opensuse.org/324200\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ksm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-ipxe-1.0.0-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-linux-user-debugsource-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-seabios-1.10.2-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-sgabios-8-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-vgabios-1.10.2-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-arm-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-arm-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-dmg-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-dmg-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-iscsi-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-iscsi-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-ssh-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-block-ssh-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-extra-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-extra-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-guest-agent-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-guest-agent-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ksm-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-kvm-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-lang-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ppc-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ppc-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-s390-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-s390-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-testsuite-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-tools-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-x86-2.9.1-35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-x86-debuginfo-2.9.1-35.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:28:07", "description": "An update of [ruby,cassandra,linux,libxml2] packages for PhotonOS has been released.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Cassandra / Libxml2 / Linux / Ruby PHSA-2017-0029 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000112", "CVE-2017-10911", "CVE-2017-3161", "CVE-2017-3162", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-8872", "CVE-2017-9228"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:cassandra", "p-cpe:/a:vmware:photonos:libxml2", "p-cpe:/a:vmware:photonos:linux", "p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0029.NASL", "href": "https://www.tenable.com/plugins/nessus/111878", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0029. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111878);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\n \"CVE-2017-3161\",\n \"CVE-2017-3162\",\n \"CVE-2017-7533\",\n \"CVE-2017-7542\",\n \"CVE-2017-8872\",\n \"CVE-2017-9228\",\n \"CVE-2017-10911\",\n \"CVE-2017-1000112\"\n );\n\n script_name(english:\"Photon OS 1.0: Cassandra / Libxml2 / Linux / Ruby PHSA-2017-0029 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [ruby,cassandra,linux,libxml2] packages for PhotonOS has\nbeen released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-62\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f50b0a30\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3162\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:cassandra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"cassandra-3.10-5.ph1\",\n \"libxml2-2.9.4-7.ph1\",\n \"libxml2-debuginfo-2.9.4-7.ph1\",\n \"libxml2-devel-2.9.4-7.ph1\",\n \"libxml2-python-2.9.4-7.ph1\",\n \"linux-4.4.82-1.ph1\",\n \"linux-api-headers-4.4.82-1.ph1\",\n \"linux-debuginfo-4.4.82-1.ph1\",\n \"linux-dev-4.4.82-1.ph1\",\n \"linux-docs-4.4.82-1.ph1\",\n \"linux-drivers-gpu-4.4.82-1.ph1\",\n \"linux-esx-4.4.82-1.ph1\",\n \"linux-esx-debuginfo-4.4.82-1.ph1\",\n \"linux-esx-devel-4.4.82-1.ph1\",\n \"linux-esx-docs-4.4.82-1.ph1\",\n \"linux-oprofile-4.4.82-1.ph1\",\n \"linux-sound-4.4.82-1.ph1\",\n \"linux-tools-4.4.82-1.ph1\",\n \"ruby-2.4.0-5.ph1\",\n \"ruby-debuginfo-2.4.0-5.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cassandra / libxml2 / linux / ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-28T13:56:35", "description": "xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] NULL pointer deref in event channel poll [XSA-221] (#1463231) stale P2M mappings due to insufficient error checking [XSA-222] ARM guest disabling interrupt may crash Xen [XSA-223] grant table operations mishandle reference counts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs [XSA-225]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : xen (2017-5c6a9b07a3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10915", "CVE-2017-10916", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10919", "CVE-2017-10920", "CVE-2017-10923"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-5C6A9B07A3.NASL", "href": "https://www.tenable.com/plugins/nessus/101638", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-5c6a9b07a3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101638);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10923\");\n script_xref(name:\"FEDORA\", value:\"2017-5c6a9b07a3\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074-S\");\n\n script_name(english:\"Fedora 26 : xen (2017-5c6a9b07a3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] NULL pointer deref in\nevent channel poll [XSA-221] (#1463231) stale P2M mappings due to\ninsufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-5c6a9b07a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.1-4.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-28T13:59:12", "description": "xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due to insufficient error checking [XSA-222] ARM guest disabling interrupt may crash Xen [XSA-223] grant table operations mishandle reference counts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs [XSA-225] NULL pointer deref in event channel poll [XSA-221] (#1463231)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-06-23T00:00:00", "type": "nessus", "title": "Fedora 25 : xen (2017-c3149b5fcb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10915", "CVE-2017-10916", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10919", "CVE-2017-10920", "CVE-2017-10923"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-C3149B5FCB.NASL", "href": "https://www.tenable.com/plugins/nessus/101028", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-c3149b5fcb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101028);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10923\");\n script_xref(name:\"FEDORA\", value:\"2017-c3149b5fcb\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074-S\");\n\n script_name(english:\"Fedora 25 : xen (2017-c3149b5fcb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due\nto insufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225] NULL pointer deref in event channel poll [XSA-221]\n(#1463231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3149b5fcb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"xen-4.7.2-7.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-28T13:56:34", "description": "xen: various flaws (#1463247) blkif responses leak backend stack data [XSA-216] page transfer may allow PV guest to elevate privilege [XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due to insufficient error checking [XSA-222] ARM guest disabling interrupt may crash Xen [XSA-223] grant table operations mishandle reference counts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs [XSA-225] NULL pointer deref in event channel poll [XSA-221] (#1463231)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-03T00:00:00", "type": "nessus", "title": "Fedora 24 : xen (2017-b3bdaf58bc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10915", "CVE-2017-10916", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10919", "CVE-2017-10920", "CVE-2017-10923"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-B3BDAF58BC.NASL", "href": "https://www.tenable.com/plugins/nessus/101183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b3bdaf58bc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101183);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10919\", \"CVE-2017-10920\", \"CVE-2017-10923\");\n script_xref(name:\"FEDORA\", value:\"2017-b3bdaf58bc\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074-S\");\n\n script_name(english:\"Fedora 24 : xen (2017-b3bdaf58bc)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xen: various flaws (#1463247) blkif responses leak backend stack data\n[XSA-216] page transfer may allow PV guest to elevate privilege\n[XSA-217] Races in the grant table unmap code [XSA-218] x86:\ninsufficient reference counts during shadow emulation [XSA-219] x86:\nPKRU and BND* leakage between vCPU-s [XSA-220] stale P2M mappings due\nto insufficient error checking [XSA-222] ARM guest disabling interrupt\nmay crash Xen [XSA-223] grant table operations mishandle reference\ncounts [XSA-224] arm: vgic: Out-of-bound access when sending SGIs\n[XSA-225] NULL pointer deref in event channel poll [XSA-221]\n(#1463231)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b3bdaf58bc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"xen-4.6.5-7.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-28T13:57:03", "description": "The version of Citrix XenServer installed on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists that causes grant table operations to fail due to improper handling of reference counts. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - An information disclosure vulnerability exists due to blkif responses leaking stack data. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information.\n\n - A NULL pointer dereference flaw exists in the event channel poll that allows an unauthenticated, remote attacker to cause a denial of service condition.\n\n - A flaw exists in shadow emulation due to insufficient reference counts. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n\n - A race condition exists in the grant table unmap code that allows an unauthenticated, remote attacker to have an unspecified impact.\n\n - An unspecified flaw exists in page transfers that allows a local attacker on the PV guest to gain elevated privileges.\n\n - A flaw exists that is triggered by stale P2M mappings due to insufficient error checking. An unauthenticated, remote attacker can exploit this to have an unspecified impact.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-03T00:00:00", "type": "nessus", "title": "Citrix XenServer Multiple Vulnerabilities (CTX224740)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922"], "modified": "2020-04-24T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX224740.NASL", "href": "https://www.tenable.com/plugins/nessus/101205", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101205);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/24\");\n\n script_cve_id(\n \"CVE-2017-10911\",\n \"CVE-2017-10912\",\n \"CVE-2017-10913\",\n \"CVE-2017-10914\",\n \"CVE-2017-10915\",\n \"CVE-2017-10917\",\n \"CVE-2017-10918\",\n \"CVE-2017-10920\",\n \"CVE-2017-10921\",\n \"CVE-2017-10922\"\n );\n script_bugtraq_id(\n 99157,\n 99158,\n 99161,\n 99162,\n 99174,\n 99411,\n 99435\n );\n\n script_name(english:\"Citrix XenServer Multiple Vulnerabilities (CTX224740)\");\n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer installed on the remote host is\nmissing a security hotfix. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A flaw exists that causes grant table operations to fail\n due to improper handling of reference counts. An\n unauthenticated, remote attacker can exploit this to\n have an unspecified impact.\n\n - An information disclosure vulnerability exists due to\n blkif responses leaking stack data. An unauthenticated,\n remote attacker can exploit this to disclose potentially\n sensitive information.\n\n - A NULL pointer dereference flaw exists in the event\n channel poll that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n\n - A flaw exists in shadow emulation due to insufficient\n reference counts. An unauthenticated, remote attacker\n can exploit this to have an unspecified impact.\n\n - A race condition exists in the grant table unmap code\n that allows an unauthenticated, remote attacker to have\n an unspecified impact.\n\n - An unspecified flaw exists in page transfers that allows\n a local attacker on the PV guest to gain elevated\n privileges.\n\n - A flaw exists that is triggered by stale P2M mappings\n due to insufficient error checking. An unauthenticated,\n remote attacker can exploit this to have an unspecified\n impact.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX224740\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10921\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Citrix XenServer\";\nversion = get_kb_item_or_exit(\"Host/XenServer/version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\npatches = get_kb_item(\"Host/XenServer/patches\");\nvuln = FALSE;\nfix = '';\n\n# two hotfixes for each series\nif (version == \"6.0.2\")\n{\n fix = \"XS602ECC045\"; # CTX224687\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS602ECC046\"; # CTX224693\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^6\\.2\\.0\")\n{\n fix = \"XS62ESP1061\"; # CTX224688\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS62ESP1062\"; # CTX224694\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^6\\.5($|[^0-9])\")\n{\n fix = \"XS65ESP1057\"; # CTX224689\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS65ESP1058\"; # CTX224695\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^7\\.0($|[^0-9])\")\n{\n fix = \"XS70E035\"; # CTX224690\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS70E036\"; # CTX224696\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^7\\.1($|[^0-9])\")\n{\n fix = \"XS71E011\"; # CTX224691\n if (fix >!< patches && \"XS71ECU\" >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS71E012\"; # CTX224697\n if (fix >!< patches && \"XS71ECU\" >!< patches) vuln = TRUE;\n }\n}\nelse if (version =~ \"^7\\.2($|[^0-9])\")\n{\n fix = \"XS72E001\"; # CTX224692\n if (fix >!< patches) vuln = TRUE;\n\n if (!vuln)\n {\n fix = \"XS72E002\"; # CTX224698\n if (fix >!< patches) vuln = TRUE;\n }\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nif (vuln)\n{\n port = 0;\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Missing hotfix\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Missing hotfix\")\n );\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-03T17:04:31", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioctl() functions for upper limits. A local user can take advantage of this flaw to cause a denial of service.\n\n - CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code.\n\n - CVE-2017-7533 Fan Wu and Shixiong Zhao discovered a race condition between inotify events and VFS rename operations allowing an unprivileged local attacker to cause a denial of service or escalate privileges.\n\n - CVE-2017-7541 A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN driver could allow a local user to cause kernel memory corruption, leading to a denial of service or potentially privilege escalation.\n\n - CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service.\n\n - CVE-2017-9605 Murray McAllister discovered that the DRM driver for VMware virtual GPUs does not properly initialize memory, potentially allowing a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.\n\n - CVE-2017-10810 Li Qiang discovered a memory leak flaw within the VirtIO GPU driver resulting in denial of service (memory consumption).\n\n - CVE-2017-10911 / XSA-216 Anthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests.\n\n - CVE-2017-11176 It was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a user-space close of a Netlink socket to cause a denial of service or potentially cause other impact.\n\n - CVE-2017-1000365 It was discovered that argument and environment pointers are not taken properly into account to the imposed size restrictions on arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of this flaw in conjunction with other flaws to execute arbitrary code.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-07T00:00:00", "type": "nessus", "title": "Debian DSA-3927-1 : linux - security update (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000365", "CVE-2017-10810", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-7346", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-9605"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3927.NASL", "href": "https://www.tenable.com/plugins/nessus/102211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3927. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102211);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000365\", \"CVE-2017-10810\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-7346\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-9605\");\n script_xref(name:\"DSA\", value:\"3927\");\n\n script_name(english:\"Debian DSA-3927-1 : linux - security update (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2017-7346\n Li Qiang discovered that the DRM driver for VMware\n virtual GPUs does not properly check user-controlled\n values in the vmw_surface_define_ioctl() functions for\n upper limits. A local user can take advantage of this\n flaw to cause a denial of service.\n\n - CVE-2017-7482\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling\n code does not properly verify metadata, leading to\n information disclosure, denial of service or potentially\n execution of arbitrary code.\n\n - CVE-2017-7533\n Fan Wu and Shixiong Zhao discovered a race condition\n between inotify events and VFS rename operations\n allowing an unprivileged local attacker to cause a\n denial of service or escalate privileges.\n\n - CVE-2017-7541\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe\n SoftMAC WLAN driver could allow a local user to cause\n kernel memory corruption, leading to a denial of service\n or potentially privilege escalation.\n\n - CVE-2017-7542\n An integer overflow vulnerability in the\n ip6_find_1stfragopt() function was found allowing a\n local attacker with privileges to open raw sockets to\n cause a denial of service.\n\n - CVE-2017-9605\n Murray McAllister discovered that the DRM driver for\n VMware virtual GPUs does not properly initialize memory,\n potentially allowing a local attacker to obtain\n sensitive information from uninitialized kernel memory\n via a crafted ioctl call.\n\n - CVE-2017-10810\n Li Qiang discovered a memory leak flaw within the VirtIO\n GPU driver resulting in denial of service (memory\n consumption).\n\n - CVE-2017-10911 / XSA-216\n Anthony Perard of Citrix discovered an information leak\n flaw in Xen blkif response handling, allowing a\n malicious unprivileged guest to obtain sensitive\n information from the host or other guests.\n\n - CVE-2017-11176\n It was discovered that the mq_notify() function does not\n set the sock pointer to NULL upon entry into the retry\n logic. An attacker can take advantage of this flaw\n during a user-space close of a Netlink socket to cause a\n denial of service or potentially cause other impact.\n\n - CVE-2017-1000365\n It was discovered that argument and environment pointers\n are not taken properly into account to the imposed size\n restrictions on arguments and environmental strings\n passed through RLIMIT_STACK/RLIMIT_INFINITY. A local\n attacker can take advantage of this flaw in conjunction\n with other flaws to execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://xenbits.xen.org/xsa/advisory-216.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3927\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), these problems will be fixed\nin a subsequent DSA.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.9.30-2+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.30-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.30-2+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:34:46", "description": "This update for qemu fixes several issues. These security issues were fixed :\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942).\n\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block Device (NBD) Server support allowed remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs talking to a client in the nbd_negotiate function (bsc#1043808).\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585)\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381)\n\n - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902)\n\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-07T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2936-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-10806", "CVE-2017-10911", "CVE-2017-11334", "CVE-2017-11434", "CVE-2017-12809", "CVE-2017-13672", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15268", "CVE-2017-15289", "CVE-2017-9524"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-ssh", "p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2936-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104429", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2936-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104429);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11334\", \"CVE-2017-11434\", \"CVE-2017-12809\", \"CVE-2017-13672\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15268\", \"CVE-2017-15289\", \"CVE-2017-9524\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2936-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a\n memory leak by triggering slow data-channel read\n operations, related to io/channel-websock.c\n (bsc#1062942).\n\n - CVE-2017-9524: The qemu-nbd server when built with the\n Network Block Device (NBD) Server support allowed remote\n attackers to cause a denial of service (segmentation\n fault and server crash) by leveraging failure to ensure\n that all initialization occurs talking to a client in\n the nbd_negotiate function (bsc#1043808).\n\n - CVE-2017-15289: The mode4and5 write functions allowed\n local OS guest privileged users to cause a denial of\n service (out-of-bounds write access and Qemu process\n crash) via vectors related to dst calculation\n (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk\n function local guest OS users to obtain sensitive\n information from host heap memory via vectors related to\n reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux\n kernel allowed guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator\n support allowed local guest OS privileged users to cause\n a denial of service (NULL pointer dereference and QEMU\n process crash) by flushing an empty CDROM device drive\n (bsc#1054724)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed\n local guest OS users to cause a denial of service (QEMU\n process crash) via vectors related to logging debug\n messages (bsc#1047674)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot\n function allowed local guest OS users to execute\n arbitrary code on the host via crafted multiboot header\n address values, which trigger an out-of-bounds write\n (bsc#1057585)\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049381)\n\n - CVE-2017-11334: The address_space_write_continue\n function allowed local guest OS privileged users to\n cause a denial of service (out-of-bounds access and\n guest instance crash) by leveraging use of\n qemu_map_ram_ptr to access guest ram block area\n (bsc#1048902)\n\n - CVE-2017-13672: The VGA display emulator support allowed\n local guest OS privileged users to cause a denial of\n service (out-of-bounds read and QEMU process crash) via\n vectors involving display update (bsc#1056334)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11334/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12809/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15268/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15289/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9524/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172936-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6562e001\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1821=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1821=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1821=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-block-ssh-debuginfo-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-debugsource-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-guest-agent-debuginfo-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-lang-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-tools-debuginfo-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"qemu-kvm-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-block-curl-debuginfo-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-debugsource-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-kvm-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-tools-debuginfo-2.6.2-41.22.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"qemu-x86-2.6.2-41.22.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:52", "description": "This update for qemu fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942).\n\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block Device (NBD) Server support allowed remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs talking to a client in the nbd_negotiate function (bsc#1043808).\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585)\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381)\n\n - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902)\n\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334)\n\nThese non-security issues were fixed :\n\n - Fixed not being able to build from rpm sources due to undefined macro (bsc#1057966)\n\n - Fixed wrong permissions for kvm_stat.1 file\n\n - Fixed KVM lun resize not working as expected on SLES12 SP2 HV (bsc#1043176)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : qemu (openSUSE-2017-1249)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-10806", "CVE-2017-10911", "CVE-2017-11334", "CVE-2017-11434", "CVE-2017-12809", "CVE-2017-13672", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15268", "CVE-2017-15289", "CVE-2017-9524"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu", "p-cpe:/a:novell:opensuse:qemu-arm", "p-cpe:/a:novell:opensuse:qemu-arm-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-curl", "p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-dmg", "p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-iscsi", "p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-rbd", "p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:opensuse:qemu-block-ssh", "p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo", "p-cpe:/a:novell:opensuse:qemu-debugsource", "p-cpe:/a:novell:opensuse:qemu-extra", "p-cpe:/a:novell:opensuse:qemu-extra-debuginfo", "p-cpe:/a:novell:opensuse:qemu-guest-agent", "p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:opensuse:qemu-ipxe", "p-cpe:/a:novell:opensuse:qemu-kvm", "p-cpe:/a:novell:opensuse:qemu-lang", "p-cpe:/a:novell:opensuse:qemu-linux-user", "p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo", "p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource", "p-cpe:/a:novell:opensuse:qemu-ppc", "p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo", "p-cpe:/a:novell:opensuse:qemu-s390", "p-cpe:/a:novell:opensuse:qemu-s390-debuginfo", "p-cpe:/a:novell:opensuse:qemu-seabios", "p-cpe:/a:novell:opensuse:qemu-sgabios", "p-cpe:/a:novell:opensuse:qemu-testsuite", "p-cpe:/a:novell:opensuse:qemu-tools", "p-cpe:/a:novell:opensuse:qemu-tools-debuginfo", "p-cpe:/a:novell:opensuse:qemu-vgabios", "p-cpe:/a:novell:opensuse:qemu-x86", "p-cpe:/a:novell:opensuse:qemu-x86-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-1249.NASL", "href": "https://www.tenable.com/plugins/nessus/104424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1249.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104424);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11334\", \"CVE-2017-11434\", \"CVE-2017-12809\", \"CVE-2017-13672\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15268\", \"CVE-2017-15289\", \"CVE-2017-9524\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2017-1249)\");\n script_summary(english:\"Check for the openSUSE-2017-1249 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a\n memory leak by triggering slow data-channel read\n operations, related to io/channel-websock.c\n (bsc#1062942).\n\n - CVE-2017-9524: The qemu-nbd server when built with the\n Network Block Device (NBD) Server support allowed remote\n attackers to cause a denial of service (segmentation\n fault and server crash) by leveraging failure to ensure\n that all initialization occurs talking to a client in\n the nbd_negotiate function (bsc#1043808).\n\n - CVE-2017-15289: The mode4and5 write functions allowed\n local OS guest privileged users to cause a denial of\n service (out-of-bounds write access and Qemu process\n crash) via vectors related to dst calculation\n (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk\n function local guest OS users to obtain sensitive\n information from host heap memory via vectors related to\n reading extended attributes (bsc#1062069)\n\n - CVE-2017-10911: The make_response function in the Linux\n kernel allowed guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures (bsc#1057378)\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator\n support allowed local guest OS privileged users to cause\n a denial of service (NULL pointer dereference and QEMU\n process crash) by flushing an empty CDROM device drive\n (bsc#1054724)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed\n local guest OS users to cause a denial of service (QEMU\n process crash) via vectors related to logging debug\n messages (bsc#1047674)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot\n function allowed local guest OS users to execute\n arbitrary code on the host via crafted multiboot header\n address values, which trigger an out-of-bounds write\n (bsc#1057585)\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049381)\n\n - CVE-2017-11334: The address_space_write_continue\n function allowed local guest OS privileged users to\n cause a denial of service (out-of-bounds access and\n guest instance crash) by leveraging use of\n qemu_map_ram_ptr to access guest ram block area\n (bsc#1048902)\n\n - CVE-2017-13672: The VGA display emulator support allowed\n local guest OS privileged users to cause a denial of\n service (out-of-bounds read and QEMU process crash) via\n vectors involving display update (bsc#1056334)\n\nThese non-security issues were fixed :\n\n - Fixed not being able to build from rpm sources due to\n undefined macro (bsc#1057966)\n\n - Fixed wrong permissions for kvm_stat.1 file\n\n - Fixed KVM lun resize not working as expected on SLES12\n SP2 HV (bsc#1043176)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1059369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997358\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-arm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-x86-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-arm-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-arm-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-curl-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-curl-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-dmg-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-dmg-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-iscsi-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-iscsi-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-ssh-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-block-ssh-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-debugsource-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-extra-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-extra-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-guest-agent-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-guest-agent-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-ipxe-1.0.0-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-kvm-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-lang-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-linux-user-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-linux-user-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-linux-user-debugsource-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-ppc-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-ppc-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-s390-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-s390-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-seabios-1.9.1-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-sgabios-8-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-testsuite-2.6.2-31.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-tools-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-tools-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-vgabios-1.9.1-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-x86-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"qemu-x86-debuginfo-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.6.2-31.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.6.2-31.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-03T17:03:35", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2014-9940 A use-after-free flaw in the voltage and current regulator driver could allow a local user to cause a denial of service or potentially escalate privileges.\n\n - CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioctl() functions for upper limits. A local user can take advantage of this flaw to cause a denial of service.\n\n - CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code.\n\n - CVE-2017-7533 Fan Wu and Shixiong Zhao discovered a race condition between inotify events and VFS rename operations allowing an unprivileged local attacker to cause a denial of service or escalate privileges.\n\n - CVE-2017-7541 A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN driver could allow a local user to cause kernel memory corruption, leading to a denial of service or potentially privilege escalation.\n\n - CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service.\n\n - CVE-2017-7889 Tommi Rantala and Brad Spengler reported that the mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, allowing a local attacker with access to /dev/mem to obtain sensitive information or potentially execute arbitrary code.\n\n - CVE-2017-9605 Murray McAllister discovered that the DRM driver for VMware virtual GPUs does not properly initialize memory, potentially allowing a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.\n\n - CVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests.\n\n - CVE-2017-11176 It was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a userspace close of a Netlink socket to cause a denial of service or potentially cause other impact.\n\n - CVE-2017-1000363 Roee Hay reported that the lp driver does not properly bounds-check passed arguments, allowing a local attacker with write access to the kernel command line arguments to execute arbitrary code.\n\n - CVE-2017-1000365 It was discovered that argument and environment pointers are not taken properly into account to the imposed size restrictions on arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of this flaw in conjunction with other flaws to execute arbitrary code.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-18T00:00:00", "type": "nessus", "title": "Debian DSA-3945-1 : linux - security update (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-7346", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7889", "CVE-2017-9605"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3945.NASL", "href": "https://www.tenable.com/plugins/nessus/102550", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3945. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102550);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-7346\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-7889\", \"CVE-2017-9605\");\n script_xref(name:\"DSA\", value:\"3945\");\n\n script_name(english:\"Debian DSA-3945-1 : linux - security update (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2014-9940\n A use-after-free flaw in the voltage and current\n regulator driver could allow a local user to cause a\n denial of service or potentially escalate privileges.\n\n - CVE-2017-7346\n Li Qiang discovered that the DRM driver for VMware\n virtual GPUs does not properly check user-controlled\n values in the vmw_surface_define_ioctl() functions for\n upper limits. A local user can take advantage of this\n flaw to cause a denial of service.\n\n - CVE-2017-7482\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling\n code does not properly verify metadata, leading to\n information disclosure, denial of service or potentially\n execution of arbitrary code.\n\n - CVE-2017-7533\n Fan Wu and Shixiong Zhao discovered a race condition\n between inotify events and VFS rename operations\n allowing an unprivileged local attacker to cause a\n denial of service or escalate privileges.\n\n - CVE-2017-7541\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe\n SoftMAC WLAN driver could allow a local user to cause\n kernel memory corruption, leading to a denial of service\n or potentially privilege escalation.\n\n - CVE-2017-7542\n An integer overflow vulnerability in the\n ip6_find_1stfragopt() function was found allowing a\n local attacker with privileges to open raw sockets to\n cause a denial of service.\n\n - CVE-2017-7889\n Tommi Rantala and Brad Spengler reported that the mm\n subsystem does not properly enforce the\n CONFIG_STRICT_DEVMEM protection mechanism, allowing a\n local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary\n code.\n\n - CVE-2017-9605\n Murray McAllister discovered that the DRM driver for\n VMware virtual GPUs does not properly initialize memory,\n potentially allowing a local attacker to obtain\n sensitive information from uninitialized kernel memory\n via a crafted ioctl call.\n\n - CVE-2017-10911\n / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\n - CVE-2017-11176\n It was discovered that the mq_notify() function does not\n set the sock pointer to NULL upon entry into the retry\n logic. An attacker can take advantage of this flaw\n during a userspace close of a Netlink socket to cause a\n denial of service or potentially cause other impact.\n\n - CVE-2017-1000363\n Roee Hay reported that the lp driver does not properly\n bounds-check passed arguments, allowing a local attacker\n with write access to the kernel command line arguments\n to execute arbitrary code.\n\n - CVE-2017-1000365\n It was discovered that argument and environment pointers\n are not taken properly into account to the imposed size\n restrictions on arguments and environmental strings\n passed through RLIMIT_STACK/RLIMIT_INFINITY. A local\n attacker can take advantage of this flaw in conjunction\n with other flaws to execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-9605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-10911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-11176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-1000365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3945\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 3.16.43-2+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.43-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.43-2+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:54", "description": "USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\nA local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task's extended state (xstate) area. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3469-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3469-2.NASL", "href": "https://www.tenable.com/plugins/nessus/104321", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3469-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104321);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12192\", \"CVE-2017-14051\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\", \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\");\n script_xref(name:\"USN\", value:\"3469-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3469-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface\nin the Linux kernel did not properly validate attributes when handling\ncertain requests. A local attacker with the CAP_NET_ADMIN could use\nthis to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux\nkernel in some situations did not properly prevent second level guests\nfrom reading and writing the hardware CR8 register. A local attacker\nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux\nkernel did not properly restrict key reads on negatively instantiated\nkeys. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs\ninterface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\nA local privileged attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux\nkernel did not properly initialize a data structure returned to user\nspace. A local attacker could use this to expose sensitive information\n(kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the\nLinux kernel did not properly validate data structures. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did\nnot properly initialize data returned to user space in some\nsituations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem\nin the Linux kernel did not properly handle attempts to set reserved\nbits in a task's extended state (xstate) area. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device\ndriver in the Linux kernel contained race conditions when fetching\nfrom the ring-buffer. A local attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3469-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12192\", \"CVE-2017-14051\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\", \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3469-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-98-generic\", pkgver:\"4.4.0-98.121~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-98-generic-lpae\", pkgver:\"4.4.0-98.121~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-98-lowlatency\", pkgver:\"4.4.0-98.121~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.98.82\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.98.82\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.98.82\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:54", "description": "Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\nA local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task's extended state (xstate) area. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3469-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3469-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104320", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3469-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104320);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12192\", \"CVE-2017-14051\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\", \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\");\n script_xref(name:\"USN\", value:\"3469-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3469-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Anthony Perard discovered that the Xen virtual block driver did not\nproperly initialize some data structures before passing them to user\nspace. A local attacker in a guest VM could use this to expose\nsensitive information from the host OS or other guest VMs.\n(CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface\nin the Linux kernel did not properly validate attributes when handling\ncertain requests. A local attacker with the CAP_NET_ADMIN could use\nthis to cause a denial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux\nkernel in some situations did not properly prevent second level guests\nfrom reading and writing the hardware CR8 register. A local attacker\nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux\nkernel did not properly restrict key reads on negatively instantiated\nkeys. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs\ninterface for the QLogic 24xx+ series SCSI driver in the Linux kernel.\nA local privileged attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux\nkernel did not properly initialize a data structure returned to user\nspace. A local attacker could use this to expose sensitive information\n(kernel memory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that\nthe realtime inode flag was settable only on filesystems on a realtime\ndevice. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the\nLinux kernel did not properly validate data structures. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did\nnot properly initialize data returned to user space in some\nsituations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem\nin the Linux kernel did not properly handle attempts to set reserved\nbits in a task's extended state (xstate) area. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device\ndriver in the Linux kernel contained race conditions when fetching\nfrom the ring-buffer. A local attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3469-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-10911\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12192\", \"CVE-2017-14051\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-14991\", \"CVE-2017-15537\", \"CVE-2017-9984\", \"CVE-2017-9985\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3469-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1009-kvm\", pkgver:\"4.4.0-1009.14\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1033-gke\", pkgver:\"4.4.0-1033.33\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1039-aws\", pkgver:\"4.4.0-1039.48\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1076-raspi2\", pkgver:\"4.4.0-1076.84\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1078-snapdragon\", pkgver:\"4.4.0-1078.83\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-98-generic\", pkgver:\"4.4.0-98.121\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-98-generic-lpae\", pkgver:\"4.4.0-98.121\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-98-lowlatency\", pkgver:\"4.4.0-98.121\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1039.41\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.98.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.98.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.4.0.1033.34\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1009.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.98.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1076.76\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1078.70\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:19", "description": "USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nLeo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493)\n\nLi Qiang discovered that QEMU incorrectly handled VMware PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112)\n\nIt was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9060)\n\nLi Qiang discovered that QEMU incorrectly handled the e1000e device. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 17.04.\n(CVE-2017-9310)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330)\n\nLi Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9373)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9374)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)\n\nZhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9503)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled initialization. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-9524)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled signals. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service.\n(CVE-2017-10664)\n\nLi Qiang discovered that the QEMU USB redirector incorrectly handled logging debug messages. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)\n\nAnthony Perard discovered that QEMU incorrectly handled Xen block-interface responses. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2017-10911)\n\nReno Robert discovered that QEMU incorrectly handled certain DHCP options strings. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-11434)\n\nRyan Salsamendi discovered that QEMU incorrectly handled empty CDROM device drives. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : qemu regression (USN-3414-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-10806", "CVE-2017-10911", "CVE-2017-11434", "CVE-2017-12809", "CVE-2017-7493", "CVE-2017-8112", "CVE-2017-8380", "CVE-2017-9060", "CVE-2017-9310", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9375", "CVE-2017-9503", "CVE-2017-9524"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:qemu-system", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-s390x", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3414-2.NASL", "href": "https://www.tenable.com/plugins/nessus/103372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3414-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103372);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11434\", \"CVE-2017-12809\", \"CVE-2017-7493\", \"CVE-2017-8112\", \"CVE-2017-8380\", \"CVE-2017-9060\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9503\", \"CVE-2017-9524\");\n script_xref(name:\"USN\", value:\"3414-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : qemu regression (USN-3414-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for\nCVE-2017-9375 was incomplete and caused a regression in the USB xHCI\ncontroller emulation support. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nLeo Gaspard discovered that QEMU incorrectly handled VirtFS access\ncontrol. A guest attacker could use this issue to elevate privileges\ninside the guest. (CVE-2017-7493)\n\nLi Qiang discovered that QEMU incorrectly handled VMware\nPVSCSI emulation. A privileged attacker inside the guest\ncould use this issue to cause QEMU to consume resources or\ncrash, resulting in a denial of service. (CVE-2017-8112)\n\nIt was discovered that QEMU incorrectly handled MegaRAID SAS\n8708EM2 Host Bus Adapter emulation support. A privileged\nattacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service, or possibly to\nobtain sensitive host memory. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio\nGPU device. An attacker inside the guest could use this\nissue to cause QEMU to consume resources and crash,\nresulting in a denial of service. This issue only affected\nUbuntu 17.04. (CVE-2017-9060)\n\nLi Qiang discovered that QEMU incorrectly handled the e1000e\ndevice. A privileged attacker inside the guest could use\nthis issue to cause QEMU to hang, resulting in a denial of\nservice. This issue only affected Ubuntu 17.04.\n(CVE-2017-9310)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI\nemulation support. An attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of\nservice. (CVE-2017-9330)\n\nLi Qiang discovered that QEMU incorrectly handled IDE AHCI\nemulation support. A privileged attacker inside the guest\ncould use this issue to cause QEMU to consume resources and\ncrash, resulting in a denial of service. (CVE-2017-9373)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI\nemulation support. A privileged attacker inside the guest\ncould use this issue to cause QEMU to consume resources and\ncrash, resulting in a denial of service. (CVE-2017-9374)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI\nemulation support. A privileged attacker inside the guest\ncould use this issue to cause QEMU to hang, resulting in a\ndenial of service. (CVE-2017-9375)\n\nZhangyanyu discovered that QEMU incorrectly handled MegaRAID\nSAS 8708EM2 Host Bus Adapter emulation support. A privileged\nattacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2017-9503)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly\nhandled initialization. A remote attacker could use this\nissue to cause the server to crash, resulting in a denial of\nservice. (CVE-2017-9524)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly\nhandled signals. A remote attacker could use this issue to\ncause the server to crash, resulting in a denial of service.\n(CVE-2017-10664)\n\nLi Qiang discovered that the QEMU USB redirector incorrectly\nhandled logging debug messages. An attacker inside the guest\ncould use this issue to cause QEMU to crash, resulting in a\ndenial of service. (CVE-2017-10806)\n\nAnthony Perard discovered that QEMU incorrectly handled Xen\nblock-interface responses. An attacker inside the guest\ncould use this issue to cause QEMU to leak contents of host\nmemory. (CVE-2017-10911)\n\nReno Robert discovered that QEMU incorrectly handled certain\nDHCP options strings. An attacker inside the guest could use\nthis issue to cause QEMU to crash, resulting in a denial of\nservice. (CVE-2017-11434)\n\nRyan Salsamendi discovered that QEMU incorrectly handled\nempty CDROM device drives. A privileged attacker inside the\nguest could use this issue to cause QEMU to crash, resulting\nin a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 17.04. (CVE-2017-12809).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3414-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system\", pkgver:\"2.0.0+dfsg-2ubuntu1.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"2.0.0+dfsg-2ubuntu1.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-arm\", pkgver:\"2.0.0+dfsg-2ubuntu1.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-mips\", pkgver:\"2.0.0+dfsg-2ubuntu1.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-misc\", pkgver:\"2.0.0+dfsg-2ubuntu1.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-ppc\", pkgver:\"2.0.0+dfsg-2ubuntu1.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-sparc\", pkgver:\"2.0.0+dfsg-2ubuntu1.36\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-x86\", pkgver:\"2.0.0+dfsg-2ubuntu1.36\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system\", pkgver:\"1:2.5+dfsg-5ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"1:2.5+dfsg-5ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-arm\", pkgver:\"1:2.5+dfsg-5ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-mips\", pkgver:\"1:2.5+dfsg-5ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-misc\", pkgver:\"1:2.5+dfsg-5ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-ppc\", pkgver:\"1:2.5+dfsg-5ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-s390x\", pkgver:\"1:2.5+dfsg-5ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-sparc\", pkgver:\"1:2.5+dfsg-5ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.5+dfsg-5ubuntu10.16\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system\", pkgver:\"1:2.8+dfsg-3ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"1:2.8+dfsg-3ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-arm\", pkgver:\"1:2.8+dfsg-3ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-mips\", pkgver:\"1:2.8+dfsg-3ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-misc\", pkgver:\"1:2.8+dfsg-3ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-ppc\", pkgver:\"1:2.8+dfsg-3ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-s390x\", pkgver:\"1:2.8+dfsg-3ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-sparc\", pkgver:\"1:2.8+dfsg-3ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.8+dfsg-3ubuntu2.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-system / qemu-system-aarch64 / qemu-system-arm / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-28T13:57:26", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a NULL pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043074)\n\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-07T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:1795-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8905", "CVE-2017-9330", "CVE-2017-9374", "CVE-2017-9503"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1795-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1795-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101293);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8905\", \"CVE-2017-9330\", \"CVE-2017-9374\", \"CVE-2017-9503\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:1795-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043074)\n\n - CVE-2017-10911: blkif responses leaked backend stack\n data, which allowed unprivileged guest to obtain\n sensitive information from the host or other guests\n (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10912/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10918/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10920/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8905/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171795-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?022392d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-1118=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1118=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-debugsource-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_21_k3.12.61_52.77-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.4_21_k3.12.61_52.77-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.4.4_21-22.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.4.4_21-22.42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:19", "description": "Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. (CVE-2017-7493)\n\nLi Qiang discovered that QEMU incorrectly handled VMware PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. (CVE-2017-8112)\n\nIt was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly to obtain sensitive host memory. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service.\nThis issue only affected Ubuntu 17.04. (CVE-2017-9060)\n\nLi Qiang discovered that QEMU incorrectly handled the e1000e device. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 17.04. (CVE-2017-9310)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI emulation support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9330)\n\nLi Qiang discovered that QEMU incorrectly handled IDE AHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9373)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources and crash, resulting in a denial of service. (CVE-2017-9374)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to hang, resulting in a denial of service.\n(CVE-2017-9375)\n\nZhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host Bus Adapter emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-9503)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled initialization. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-9524)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled signals. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2017-10664)\n\nLi Qiang discovered that the QEMU USB redirector incorrectly handled logging debug messages. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-10806)\n\nAnthony Perard discovered that QEMU incorrectly handled Xen block-interface responses. An attacker inside the guest could use this issue to cause QEMU to leak contents of host memory. (CVE-2017-10911)\n\nReno Robert discovered that QEMU incorrectly handled certain DHCP options strings. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-11434)\n\nRyan Salsamendi discovered that QEMU incorrectly handled empty CDROM device drives. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.04.\n(CVE-2017-12809).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-14T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : qemu vulnerabilities (USN-3414-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10664", "CVE-2017-10806", "CVE-2017-10911", "CVE-2017-11434", "CVE-2017-12809", "CVE-2017-7493", "CVE-2017-8112", "CVE-2017-8380", "CVE-2017-9060", "CVE-2017-9310", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9375", "CVE-2017-9503", "CVE-2017-9524"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:qemu-system", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-s390x", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc", "p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3414-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103217", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3414-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103217);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11434\", \"CVE-2017-12809\", \"CVE-2017-7493\", \"CVE-2017-8112\", \"CVE-2017-8380\", \"CVE-2017-9060\", \"CVE-2017-9310\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9503\", \"CVE-2017-9524\");\n script_xref(name:\"USN\", value:\"3414-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : qemu vulnerabilities (USN-3414-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Leo Gaspard discovered that QEMU incorrectly handled VirtFS access\ncontrol. A guest attacker could use this issue to elevate privileges\ninside the guest. (CVE-2017-7493)\n\nLi Qiang discovered that QEMU incorrectly handled VMware PVSCSI\nemulation. A privileged attacker inside the guest could use this issue\nto cause QEMU to consume resources or crash, resulting in a denial of\nservice. (CVE-2017-8112)\n\nIt was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2\nHost Bus Adapter emulation support. A privileged attacker inside the\nguest could use this issue to cause QEMU to crash, resulting in a\ndenial of service, or possibly to obtain sensitive host memory. This\nissue only affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU\ndevice. An attacker inside the guest could use this issue to cause\nQEMU to consume resources and crash, resulting in a denial of service.\nThis issue only affected Ubuntu 17.04. (CVE-2017-9060)\n\nLi Qiang discovered that QEMU incorrectly handled the e1000e device. A\nprivileged attacker inside the guest could use this issue to cause\nQEMU to hang, resulting in a denial of service. This issue only\naffected Ubuntu 17.04. (CVE-2017-9310)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI emulation\nsupport. An attacker inside the guest could use this issue to cause\nQEMU to crash, resulting in a denial of service. (CVE-2017-9330)\n\nLi Qiang discovered that QEMU incorrectly handled IDE AHCI emulation\nsupport. A privileged attacker inside the guest could use this issue\nto cause QEMU to consume resources and crash, resulting in a denial of\nservice. (CVE-2017-9373)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation\nsupport. A privileged attacker inside the guest could use this issue\nto cause QEMU to consume resources and crash, resulting in a denial of\nservice. (CVE-2017-9374)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI emulation\nsupport. A privileged attacker inside the guest could use this issue\nto cause QEMU to hang, resulting in a denial of service.\n(CVE-2017-9375)\n\nZhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS\n8708EM2 Host Bus Adapter emulation support. A privileged attacker\ninside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. (CVE-2017-9503)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled\ninitialization. A remote attacker could use this issue to cause the\nserver to crash, resulting in a denial of service. (CVE-2017-9524)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled\nsignals. A remote attacker could use this issue to cause the server to\ncrash, resulting in a denial of service. (CVE-2017-10664)\n\nLi Qiang discovered that the QEMU USB redirector incorrectly handled\nlogging debug messages. An attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service.\n(CVE-2017-10806)\n\nAnthony Perard discovered that QEMU incorrectly handled Xen\nblock-interface responses. An attacker inside the guest could use this\nissue to cause QEMU to leak contents of host memory. (CVE-2017-10911)\n\nReno Robert discovered that QEMU incorrectly handled certain DHCP\noptions strings. An attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service.\n(CVE-2017-11434)\n\nRyan Salsamendi discovered that QEMU incorrectly handled empty CDROM\ndevice drives. A privileged attacker inside the guest could use this\nissue to cause QEMU to crash, resulting in a denial of service. This\nissue only affected Ubuntu 16.04 LTS and Ubuntu 17.04.\n(CVE-2017-12809).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3414-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system\", pkgver:\"2.0.0+dfsg-2ubuntu1.35\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"2.0.0+dfsg-2ubuntu1.35\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-arm\", pkgver:\"2.0.0+dfsg-2ubuntu1.35\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-mips\", pkgver:\"2.0.0+dfsg-2ubuntu1.35\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-misc\", pkgver:\"2.0.0+dfsg-2ubuntu1.35\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-ppc\", pkgver:\"2.0.0+dfsg-2ubuntu1.35\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-sparc\", pkgver:\"2.0.0+dfsg-2ubuntu1.35\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"qemu-system-x86\", pkgver:\"2.0.0+dfsg-2ubuntu1.35\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system\", pkgver:\"1:2.5+dfsg-5ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"1:2.5+dfsg-5ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-arm\", pkgver:\"1:2.5+dfsg-5ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-mips\", pkgver:\"1:2.5+dfsg-5ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-misc\", pkgver:\"1:2.5+dfsg-5ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-ppc\", pkgver:\"1:2.5+dfsg-5ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-s390x\", pkgver:\"1:2.5+dfsg-5ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-sparc\", pkgver:\"1:2.5+dfsg-5ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.5+dfsg-5ubuntu10.15\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system\", pkgver:\"1:2.8+dfsg-3ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-aarch64\", pkgver:\"1:2.8+dfsg-3ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-arm\", pkgver:\"1:2.8+dfsg-3ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-mips\", pkgver:\"1:2.8+dfsg-3ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-misc\", pkgver:\"1:2.8+dfsg-3ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-ppc\", pkgver:\"1:2.8+dfsg-3ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-s390x\", pkgver:\"1:2.8+dfsg-3ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-sparc\", pkgver:\"1:2.8+dfsg-3ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"qemu-system-x86\", pkgver:\"1:2.8+dfsg-3ubuntu2.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-system / qemu-system-aarch64 / qemu-system-arm / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-28T13:56:33", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed unprivileged guest to obtain sensitive information from the host or other guests (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10922, CVE-2017-10921, CVE-2017-10920: Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-10916: PKRU and BND* leakage between vCPU-s might have leaked information to other guests (XSA-220, bsc#1042923)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV guest OS users to execute arbitrary code on the host OS (XSA-215, bsc#1034845).\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a NULL pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043074)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-07-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2017:1812-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10916", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8905", "CVE-2017-9330", "CVE-2017-9374", "CVE-2017-9503"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1812-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101350", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1812-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101350);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2017-10911\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10916\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8905\", \"CVE-2017-9330\", \"CVE-2017-9374\", \"CVE-2017-9503\");\n script_xref(name:\"IAVB\", value:\"2017-B-0074-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2017:1812-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-10911: blkif responses leaked backend stack\n data, which allowed unprivileged guest to obtain\n sensitive information from the host or other guests\n (XSA-216, bsc#1042863)\n\n - CVE-2017-10912: Page transfer might have allowed PV\n guest to elevate privilege (XSA-217, bsc#1042882)\n\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table\n unmap code allowed for informations leaks and\n potentially privilege escalation (XSA-218, bsc#1042893)\n\n - CVE-2017-10915: Insufficient reference counts during\n shadow emulation allowed a malicious pair of guest to\n elevate their privileges to the privileges that XEN runs\n under (XSA-219, bsc#1042915)\n\n - CVE-2017-10917: Missing NULL pointer check in event\n channel poll allows guests to DoS the host (XSA-221,\n bsc#1042924)\n\n - CVE-2017-10918: Stale P2M mappings due to insufficient\n error checking allowed malicious guest to leak\n information or elevate privileges (XSA-222, bsc#1042931)\n\n - CVE-2017-10922, CVE-2017-10921, CVE-2017-10920: Grant\n table operations mishandled reference counts allowing\n malicious guests to escape (XSA-224, bsc#1042938)\n\n - CVE-2017-10916: PKRU and BND* leakage between vCPU-s\n might have leaked information to other guests (XSA-220,\n bsc#1042923)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042160)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037243)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036470)\n\n - CVE-2017-8905: Xen a failsafe callback, which might have\n allowed PV guest OS users to execute arbitrary code on\n the host OS (XSA-215, bsc#1034845).\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043297)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043074)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10912/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10916/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10918/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10920/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8905/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171812-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4f0ffc1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1121=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1121=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1121=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-debugsource-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.5.5_12_k3.12.74_60.64.45-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.5.5_12_k3.12.74_60.64.45-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.5.5_12-22.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.5.5_12-22.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T13:49:27", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file.\n This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.(CVE-2018-12233i1/4%0\n\n - The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.(CVE-2018-15572i1/4%0\n\n - Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.(CVE-2016-2544i1/4%0\n\n - A flaw was found in the Linux kernel's implementation of BPF in which systems can application can overflow a 32 bit refcount in both program and map refcount. This refcount can wrap and end up a user after free.(CVE-2016-4558i1/4%0\n\n - Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.(CVE-2013-4299i1/4%0\n\n - The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537i1/4%0\n\n - A vulnerability in the handling of Transactional Memory on powerpc systems was found. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec() class system calls.(CVE-2016-5828i1/4%0\n\n - A cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read private information from user space that would not otherwise have been accessible.(CVE-2015-5697i1/4%0\n\n - The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643i1/4%0\n\n - Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability.(CVE-2016-6130i1/4%0\n\n - drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16647i1/4%0\n\n - A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state and crash.(CVE-2015-8845i1/4%0\n\n - fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a 'mount -o remount' command within a user namespace.(CVE-2014-5207i1/4%0\n\n - The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service.(CVE-2017-7645i1/4%0\n\n - The time subsystem in the Linux kernel, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in kernel/time/timer.c.(CVE-2017-5967i1/4%0\n\n - A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS.(CVE-2017-7472i1/4%0\n\n - A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type-i1/4zmatch is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.(CVE-2017-2647i1/4%0\n\n - The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911i1/4%0\n\n - Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element.(CVE-2015-0570i1/4%0\n\n - The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.(CVE-2013-4270i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1478)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4270", "CVE-2013-4299", "CVE-2014-5207", "CVE-2015-0570", "CVE-2015-5697", "CVE-2015-8845", "CVE-2016-2544", "CVE-2016-4558", "CVE-2016-5828", "CVE-2016-6130", "CVE-2017-10911", "CVE-2017-16537", "CVE-2017-16643", "CVE-2017-16647", "CVE-2017-2647", "CVE-2017-5967", "CVE-2017-7472", "CVE-2017-7645", "CVE-2018-12233", "CVE-2018-15572"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1478.NASL", "href": "https://www.tenable.com/plugins/nessus/124802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124802);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4270\",\n \"CVE-2013-4299\",\n \"CVE-2014-5207\",\n \"CVE-2015-0570\",\n \"CVE-2015-5697\",\n \"CVE-2015-8845\",\n \"CVE-2016-2544\",\n \"CVE-2016-4558\",\n \"CVE-2016-5828\",\n \"CVE-2016-6130\",\n \"CVE-2017-10911\",\n \"CVE-2017-16537\",\n \"CVE-2017-16643\",\n \"CVE-2017-16647\",\n \"CVE-2017-2647\",\n \"CVE-2017-5967\",\n \"CVE-2017-7472\",\n \"CVE-2017-7645\",\n \"CVE-2018-12233\",\n \"CVE-2018-15572\"\n );\n script_bugtraq_id(\n 63183,\n 64471,\n 69216\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1478)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In the ea_get function in fs/jfs/xattr.c in the Linux\n kernel through 4.17.1, a memory corruption bug in JFS\n can be triggered by calling setxattr twice with two\n different extended attribute names on the same file.\n This vulnerability can be triggered by an unprivileged\n user with the ability to create files and execute\n programs. A kmalloc call is incorrect, leading to\n slab-out-of-bounds in jfs_xattr.(CVE-2018-12233i1/4%0\n\n - The spectre_v2_select_mitigation function in\n arch/x86/kernel/cpu/bugs.c in the Linux kernel before\n 4.18.1 does not always fill RSB upon a context switch,\n which makes it easier for attackers to conduct\n userspace-userspace spectreRSB\n attacks.(CVE-2018-15572i1/4%0\n\n - Race condition in the queue_delete function in\n sound/core/seq/seq_queue.c in the Linux kernel before\n 4.4.1 allows local users to cause a denial of service\n (use-after-free and system crash) by making an ioctl\n call at a certain time.(CVE-2016-2544i1/4%0\n\n - A flaw was found in the Linux kernel's implementation\n of BPF in which systems can application can overflow a\n 32 bit refcount in both program and map refcount. This\n refcount can wrap and end up a user after\n free.(CVE-2016-4558i1/4%0\n\n - Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel\n through 3.11.6 allows remote authenticated users to\n obtain sensitive information or modify data via a\n crafted mapping to a snapshot block\n device.(CVE-2013-4299i1/4%0\n\n - The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel through 4.13.11 allows local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16537i1/4%0\n\n - A vulnerability in the handling of Transactional Memory\n on powerpc systems was found. An unprivileged local\n user can crash the kernel by starting a transaction,\n suspending it, and then calling any of the exec() class\n system calls.(CVE-2016-5828i1/4%0\n\n - A cross-boundary flaw was discovered in the Linux\n kernel software raid driver. The driver accessed a\n disabled bitmap where only the first byte of the buffer\n was initialized to zero. This meant that the rest of\n the request (up to 4095 bytes) was left and copied into\n user space. An attacker could use this flaw to read\n private information from user space that would not\n otherwise have been accessible.(CVE-2015-5697i1/4%0\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643i1/4%0\n\n - Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch' vulnerability.(CVE-2016-6130i1/4%0\n\n - drivers/net/usb/asix_devices.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16647i1/4%0\n\n - A flaw was found in the Linux kernel which could cause\n a kernel panic when restoring machine specific\n registers on the PowerPC platform. Incorrect\n transactional memory state registers could\n inadvertently change the call path on return from\n userspace and cause the kernel to enter an unknown\n state and crash.(CVE-2015-8845i1/4%0\n\n - fs/namespace.c in the Linux kernel through 3.16.1 does\n not properly restrict clearing MNT_NODEV, MNT_NOSUID,\n and MNT_NOEXEC and changing MNT_ATIME_MASK during a\n remount of a bind mount, which allows local users to\n gain privileges, interfere with backups and auditing on\n systems that had atime enabled, or cause a denial of\n service (excessive filesystem updating) on systems that\n had atime disabled via a 'mount -o remount' command\n within a user namespace.(CVE-2014-5207i1/4%0\n\n - The NFS2/3 RPC client could send long arguments to the\n NFS server. These encoded arguments are stored in an\n array of memory pages, and accessed using pointer\n variables. Arbitrarily long arguments could make these\n pointers point outside the array and cause an\n out-of-bounds memory access. A remote user or program\n could use this flaw to crash the kernel, resulting in\n denial of service.(CVE-2017-7645i1/4%0\n\n - The time subsystem in the Linux kernel, when\n CONFIG_TIMER_STATS is enabled, allows local users to\n discover real PID values (as distinguished from PID\n values inside a PID namespace) by reading the\n /proc/timer_list file, related to the print_timer\n function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in\n kernel/time/timer.c.(CVE-2017-5967i1/4%0\n\n - A vulnerability was found in the Linux kernel where the\n keyctl_set_reqkey_keyring() function leaks the thread\n keyring. This allows an unprivileged local user to\n exhaust kernel memory and thus cause a\n DoS.(CVE-2017-7472i1/4%0\n\n - A flaw was found that can be triggered in\n keyring_search_iterator in keyring.c if type-i1/4zmatch\n is NULL. A local user could use this flaw to crash the\n system or, potentially, escalate their\n privileges.(CVE-2017-2647i1/4%0\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911i1/4%0\n\n - Stack-based buffer overflow in the SET_WPS_IE IOCTL\n implementation in wlan_hdd_hostapd.c in the WLAN (aka\n Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used\n in Qualcomm Innovation Center (QuIC) Android\n contributions for MSM devices and other products,\n allows attackers to gain privileges via a crafted\n application that uses a long WPS IE\n element.(CVE-2015-0570i1/4%0\n\n - The net_ctl_permissions function in net/sysctl_net.c in\n the Linux kernel before 3.11.5 does not properly\n determine uid and gid values, which allows local users\n to bypass intended /proc/sys/net restrictions via a\n crafted application.(CVE-2013-4270i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1478\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9f1ad85b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-07T01:03:33", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754)\n\n - A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption.(CVE-2016-9793)\n\n - A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9794)\n\n - A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806)\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) can use this issue to crash the system.(CVE-2017-1000111)\n\n - An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.(CVE-2017-1000112)\n\n - A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64le), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64le the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.(CVE-2017-1000251)\n\n - A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (i1/4z1024) index value.(CVE-2017-1000252)\n\n - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.(CVE-2017-1000364)\n\n - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation.(CVE-2017-1000365)\n\n - The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.(CVE-2017-1000370)\n\n - A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space.(CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-10661)\n\n - Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.(CVE-2017-10810)\n\n - The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911)\n\n - A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system.(CVE-2017-11176)\n\n - Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.(CVE-2017-11473)\n\n - The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3.(CVE-2017-11600)\n\n - A security flaw was discovered in nl80211_set_rekey_data() function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink request. This request can be issued by a user with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash.(CVE-2017-12153)\n\n - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS.(CVE-2017-12154)\n\n - The Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled (nested=1), was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual address(gva). An L1 guest could use this flaw to crash the host kernel resulting in denial of service (DoS) or potentially execute arbitrary code on the host to gain privileges on the system.(CVE-2017-12188)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9754", "CVE-2016-9793", "CVE-2016-9794", "CVE-2016-9806", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000252", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000370", "CVE-2017-1000410", "CVE-2017-10661", "CVE-2017-10810", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-11600", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12188"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1498.NASL", "href": "https://www.tenable.com/plugins/nessus/124821", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124821);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9754\",\n \"CVE-2016-9793\",\n \"CVE-2016-9794\",\n \"CVE-2016-9806\",\n \"CVE-2017-1000111\",\n \"CVE-2017-1000112\",\n \"CVE-2017-1000251\",\n \"CVE-2017-1000252\",\n \"CVE-2017-1000364\",\n \"CVE-2017-1000365\",\n \"CVE-2017-1000370\",\n \"CVE-2017-1000410\",\n \"CVE-2017-10661\",\n \"CVE-2017-10810\",\n \"CVE-2017-10911\",\n \"CVE-2017-11176\",\n \"CVE-2017-11473\",\n \"CVE-2017-11600\",\n \"CVE-2017-12153\",\n \"CVE-2017-12154\",\n \"CVE-2017-12188\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An integer overflow vulnerability was found in the\n ring_buffer_resize() calculations in which a privileged\n user can adjust the size of the ringbuffer message\n size. These calculations can create an issue where the\n kernel memory allocator will not allocate the correct\n count of pages yet expect them to be usable. This can\n lead to the ftrace() output to appear to corrupt kernel\n memory and possibly be used for privileged escalation\n or more likely kernel panic.(CVE-2016-9754)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption.(CVE-2016-9793)\n\n - A use-after-free vulnerability was found in ALSA pcm\n layer, which allows local users to cause a denial of\n service, memory corruption, or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9794)\n\n - A double free vulnerability was found in netlink_dump,\n which could cause a denial of service or possibly other\n unspecified impact. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-9806)\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets are\n implemented in the Linux kernel networking subsystem\n handling synchronization. A local user able to open a\n raw packet socket (requires the CAP_NET_RAW capability)\n can use this issue to crash the\n system.(CVE-2017-1000111)\n\n - An exploitable memory corruption flaw was found in the\n Linux kernel. The append path can be erroneously\n switched from UFO to non-UFO in ip_ufo_append_data()\n when building an UFO packet with MSG_MORE option. If\n unprivileged user namespaces are available, this flaw\n can be exploited to gain root\n privileges.(CVE-2017-1000112)\n\n - A stack buffer overflow flaw was found in the way the\n Bluetooth subsystem of the Linux kernel processed\n pending L2CAP configuration responses from a client. On\n systems with the stack protection feature enabled in\n the kernel (CONFIG_CC_STACKPROTECTOR=y, which is\n enabled on all architectures other than s390x and\n ppc64le), an unauthenticated attacker able to initiate\n a connection to a system via Bluetooth could use this\n flaw to crash the system. Due to the nature of the\n stack protection feature, code execution cannot be\n fully ruled out, although we believe it is unlikely. On\n systems without the stack protection feature (ppc64le\n the Bluetooth modules are not built on s390x), an\n unauthenticated attacker able to initiate a connection\n to a system via Bluetooth could use this flaw to\n remotely execute arbitrary code on the system with ring\n 0 (kernel) privileges.(CVE-2017-1000251)\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (i1/4z1024) index value.(CVE-2017-1000252)\n\n - A flaw was found in the way memory was being allocated\n on the stack for user space binaries. If heap (or\n different memory region) and stack memory regions were\n adjacent to each other, an attacker could use this flaw\n to jump over the stack guard gap, cause controlled\n memory corruption on process stack or the adjacent\n memory region, and thus increase their privileges on\n the system. This is a kernel-side mitigation which\n increases the stack guard gap size from one page to 1\n MiB to make successful exploitation of this issue more\n difficult.(CVE-2017-1000364)\n\n - The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY, but does not take the\n argument and environment pointers into account, which\n allows attackers to bypass this\n limitation.(CVE-2017-1000365)\n\n - The offset2lib patch as used in the Linux Kernel\n contains a vulnerability that allows a PIE binary to be\n execve()'ed with 1GB of arguments or environmental\n strings then the stack occupies the address 0x80000000\n and the PIE binary is mapped above 0x40000000\n nullifying the protection of the offset2lib patch. This\n affects Linux Kernel version 4.11.5 and earlier. This\n is a different issue than CVE-2017-1000371. This issue\n appears to be limited to i386 based\n systems.(CVE-2017-1000370)\n\n - A flaw was found in the processing of incoming L2CAP\n bluetooth commands. Uninitialized stack variables can\n be sent to an attacker leaking data in kernel address\n space.(CVE-2017-1000410)\n\n - A race condition was found in the Linux kernel before\n version 4.11-rc1 in 'fs/timerfd.c' file which allows a\n local user to cause a kernel list corruption or\n use-after-free via simultaneous operations with a file\n descriptor which leverage improper 'might_cancel'\n queuing. An unprivileged local user could use this flaw\n to cause a denial of service of the system. Due to the\n nature of the flaw, privilege escalation cannot be\n fully ruled out, although we believe it is\n unlikely.(CVE-2017-10661)\n\n - Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux\n kernel through 4.11.8 allows attackers to cause a\n denial of service (memory consumption) by triggering\n object-initialization failures.(CVE-2017-10810)\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911)\n\n - A use-after-free flaw was found in the Netlink\n functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify\n function, a local attacker could potentially use this\n flaw to escalate their privileges on the\n system.(CVE-2017-11176)\n\n - Buffer overflow in the mp_override_legacy_irq()\n function in arch/x86/kernel/acpi/boot.c in the Linux\n kernel through 4.12.2 allows local users to gain\n privileges via a crafted ACPI table.(CVE-2017-11473)\n\n - The xfrm_migrate() function in the\n net/xfrm/xfrm_policy.c file in the Linux kernel built\n with CONFIG_XFRM_MIGRATE does not verify if the dir\n parameter is less than XFRM_POLICY_MAX. This allows a\n local attacker to cause a denial of service\n (out-of-bounds access) or possibly have unspecified\n other impact by sending a XFRM_MSG_MIGRATE netlink\n message. This flaw is present in the Linux kernel since\n an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up\n to 4.13-rc3.(CVE-2017-11600)\n\n - A security flaw was discovered in\n nl80211_set_rekey_data() function in the Linux kernel\n since v3.1-rc1 through v4.13. This function does not\n check whether the required attributes are present in a\n netlink request. This request can be issued by a user\n with CAP_NET_ADMIN privilege and may result in NULL\n dereference and a system crash.(CVE-2017-12153)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization (nVMX) feature\n enabled (nested=1), is vulnerable to a crash due to\n disabled external interrupts. As L2 guest could access\n (r/w) hardware CR8 register of the host(L0). In a\n nested visualization setup, L2 guest user could use\n this flaw to potentially crash the host(L0) resulting\n in DoS.(CVE-2017-12154)\n\n - The Linux kernel built with the KVM visualization\n support (CONFIG_KVM), with nested visualization(nVMX)\n feature enabled (nested=1), was vulnerable to a stack\n buffer overflow issue. The vulnerability could occur\n while traversing guest page table entries to resolve\n guest virtual address(gva). An L1 guest could use this\n flaw to crash the host kernel resulting in denial of\n service (DoS) or potentially execute arbitrary code on\n the host to gain privileges on the\n system.(CVE-2017-12188)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1498\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e495b75\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000251\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-03T17:05:45", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2017-7482\n\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\nAn integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\nTommi Rantala and Brad Spengler reported that the mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, allowing a local attacker with access to /dev/mem to obtain sensitive information or potentially execute arbitrary code.\n\nCVE-2017-10661\n\nDmitry Vyukov of Google reported that the timerfd facility does not properly handle certain concurrent operations on a single file descriptor. This allows a local attacker to cause a denial of service or potentially to execute arbitrary code.\n\nCVE-2017-10911 / XSA-216\n\nAnthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\nIt was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a userspace close of a Netlink socket to cause a denial of service or potentially cause other impact.\n\nCVE-2017-11600\n\nbo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial of service or potentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\nJan H. Schönherr of Amazon discovered that when Linux is running in a Xen PV domain on an x86 system, it may incorrectly merge block I/O requests. A buggy or malicious guest may trigger this bug in dom0 or a PV driver domain, causing a denial of service or potentially execution of arbitrary code.\n\nThis issue can be mitigated by disabling merges on the underlying back-end block devices, e.g.: echo 2 > /sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12153\n\nbo Zhang reported that the cfg80211 (wifi) subsystem does not properly validate the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability on a system with a wifi device can use this to cause a denial of service.\n\nCVE-2017-12154\n\nJim Mattson of Google reported that the KVM implementation for Intel x86 processors did not correctly handle certain nested hypervisor configurations. A malicious guest (or nested guest in a suitable L1 hypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\nAndrey Konovalov of Google reported that a specific sequence of operations on a TCP socket could lead to division by zero. A local user could use this for denial of service.\n\nCVE-2017-14140\n\nOtto Ebeling reported that the move_pages() system call permitted users to discover the memory layout of a set-UID process running under their real user-ID. This made it easier for local users to exploit vulnerabilities in programs installed with the set-UID permission bit set.\n\nCVE-2017-14156\n\n'sohu0106' reported an information leak in the atyfb video driver. A local user with access to a framebuffer device handled by this driver could use this to obtain sensitive information.\n\nCVE-2017-14340\n\nRichard Wareing discovered that the XFS implementation allows the creation of files with the 'realtime' flag on a filesystem with no realtime device, which can result in a crash (oops). A local user with access to an XFS filesystem that does not have a realtime device can use this for denial of service.\n\nCVE-2017-14489\n\nChunYu of Red Hat discovered that the iSCSI subsystem does not properly validate the length of a netlink message, leading to memory corruption. A local user with permission to manage iSCSI devices can use this for denial of service or possibly to execute arbitrary code.\n\nCVE-2017-1000111\n\nAndrey Konovalov of Google reported that a race condition in the raw packet (af_packet) feature. Local users with the CAP_NET_RAW capability can use this to cause a denial of service or possibly to execute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\nArmis Labs discovered that the Bluetooth subsystem does not properly validate L2CAP configuration responses, leading to a stack buffer overflow. This is one of several vulnerabilities dubbed 'Blueborne'. A nearby attacker can use this to cause a denial of service or possibly to execute arbitrary code on a system with Bluetooth enabled.\n\nCVE-2017-1000363\n\nRoee Hay reported that the lp driver does not properly bounds-check passed arguments. This has no security impact in Debian.\n\nCVE-2017-1000365\n\nIt was discovered that argument and environment pointers are not properly taken into account by the size restrictions on arguments and environmental strings passed through execve(). A local attacker can take advantage of this flaw in conjunction with other flaws to execute arbitrary code.\n\nCVE-2017-1000380\n\nAlexander Potapenko of Google reported a race condition in the ALSA (sound) timer driver, leading to an information leak. A local user with permission to access sound devices could use this to obtain sensitive information.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.2.93-1. This version also includes bug fixes from upstream versions up to and including 3.2.93.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 'Stretch', these problems have been fixed in version 4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-11600", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-7482", "CVE-2017-7542", "CVE-2017-7889"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1099.NASL", "href": "https://www.tenable.com/plugins/nessus/103363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1099-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103363);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000251\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-1000380\", \"CVE-2017-10661\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-11600\", \"CVE-2017-12134\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-14106\", \"CVE-2017-14140\", \"CVE-2017-14156\", \"CVE-2017-14340\", \"CVE-2017-14489\", \"CVE-2017-7482\", \"CVE-2017-7542\", \"CVE-2017-7889\");\n\n script_name(english:\"Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does not\nproperly verify metadata, leading to information disclosure, denial of\nservice or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\n\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain sensitive\ninformation or potentially execute arbitrary code.\n\nCVE-2017-10661\n\nDmitry Vyukov of Google reported that the timerfd facility does not\nproperly handle certain concurrent operations on a single file\ndescriptor. This allows a local attacker to cause a denial of service\nor potentially to execute arbitrary code.\n\nCVE-2017-10911 / XSA-216\n\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\nIt was discovered that the mq_notify() function does not set the sock\npointer to NULL upon entry into the retry logic. An attacker can take\nadvantage of this flaw during a userspace close of a Netlink socket to\ncause a denial of service or potentially cause other impact.\n\nCVE-2017-11600\n\nbo Zhang reported that the xfrm subsystem does not properly validate\none of the parameters to a netlink message. Local users with the\nCAP_NET_ADMIN capability can use this to cause a denial of service or\npotentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\nJan H. Schönherr of Amazon discovered that when Linux is running\nin a Xen PV domain on an x86 system, it may incorrectly merge block\nI/O requests. A buggy or malicious guest may trigger this bug in dom0\nor a PV driver domain, causing a denial of service or potentially\nexecution of arbitrary code.\n\nThis issue can be mitigated by disabling merges on the\nunderlying back-end block devices, e.g.: echo 2 >\n/sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12153\n\nbo Zhang reported that the cfg80211 (wifi) subsystem does not properly\nvalidate the parameters to a netlink message. Local users with the\nCAP_NET_ADMIN capability on a system with a wifi device can use this\nto cause a denial of service.\n\nCVE-2017-12154\n\nJim Mattson of Google reported that the KVM implementation for Intel\nx86 processors did not correctly handle certain nested hypervisor\nconfigurations. A malicious guest (or nested guest in a suitable L1\nhypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\nAndrey Konovalov of Google reported that a specific sequence of\noperations on a TCP socket could lead to division by zero. A local\nuser could use this for denial of service.\n\nCVE-2017-14140\n\nOtto Ebeling reported that the move_pages() system call permitted\nusers to discover the memory layout of a set-UID process running under\ntheir real user-ID. This made it easier for local users to exploit\nvulnerabilities in programs installed with the set-UID permission bit\nset.\n\nCVE-2017-14156\n\n'sohu0106' reported an information leak in the atyfb video driver. A\nlocal user with access to a framebuffer device handled by this driver\ncould use this to obtain sensitive information.\n\nCVE-2017-14340\n\nRichard Wareing discovered that the XFS implementation allows the\ncreation of files with the 'realtime' flag on a filesystem with no\nrealtime device, which can result in a crash (oops). A local user with\naccess to an XFS filesystem that does not have a realtime device can\nuse this for denial of service.\n\nCVE-2017-14489\n\nChunYu of Red Hat discovered that the iSCSI subsystem does not\nproperly validate the length of a netlink message, leading to memory\ncorruption. A local user with permission to manage iSCSI devices can\nuse this for denial of service or possibly to execute arbitrary code.\n\nCVE-2017-1000111\n\nAndrey Konovalov of Google reported that a race condition in the raw\npacket (af_packet) feature. Local users with the CAP_NET_RAW\ncapability can use this to cause a denial of service or possibly to\nexecute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\nArmis Labs discovered that the Bluetooth subsystem does not properly\nvalidate L2CAP configuration responses, leading to a stack buffer\noverflow. This is one of several vulnerabilities dubbed 'Blueborne'. A\nnearby attacker can use this to cause a denial of service or possibly\nto execute arbitrary code on a system with Bluetooth enabled.\n\nCVE-2017-1000363\n\nRoee Hay reported that the lp driver does not properly bounds-check\npassed arguments. This has no security impact in Debian.\n\nCVE-2017-1000365\n\nIt was discovered that argument and environment pointers are not\nproperly taken into account by the size restrictions on arguments and\nenvironmental strings passed through execve(). A local attacker can\ntake advantage of this flaw in conjunction with other flaws to execute\narbitrary code.\n\nCVE-2017-1000380\n\nAlexander Potapenko of Google reported a race condition in the ALSA\n(sound) timer driver, leading to an information leak. A local user\nwith permission to access sound devices could use this to obtain\nsensitive information.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 'Stretch', these problems have been fixed in version\n4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected linux package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.93-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:34:55", "description": "This update for qemu fixes several issues. These security issues were fixed :\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378).\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724).\n\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585)\n\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381)\n\n - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902)\n\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334)\n\n - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109)\n\n - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer (bsc#1025311)\n\n - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184)\n\n - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908)\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036211)\n\n - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043073)\n\n - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159)\n\n - CVE-2017-8379: Memory leak in the keyboard input event handlers support allowed local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events (bsc#1037334)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242)\n\n - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to an out-of-bounds read access issue which allowed a privileged user inside guest to read host memory resulting in DoS (bsc#1037336)\n\n - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495)\n\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427)\n\n - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741)\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a NULL pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674)\n\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427)\n\n - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid (bsc#1032075)\n\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950)\n\n - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866)\n\n - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support, causing an OOB read access (bsc#994605)\n\n - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE VMXNET3 NIC device support allowed privileged user inside guest to crash the Qemu instance resulting in DoS (bsc#994418)\n\n - Fix privilege escalation in TCG mode (bsc#1030624)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6834", "CVE-2016-6835", "CVE-2016-9602", "CVE-2016-9603", "CVE-2017-10664", "CVE-2017-10806", "CVE-2017-10911", "CVE-2017-11334", "CVE-2017-11434", "CVE-2017-12809", "CVE-2017-13672", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15289", "CVE-2017-5579", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-6505", "CVE-2017-7377", "CVE-2017-7471", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-8380", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9375", "CVE-2017-9503"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:qemu", "p-cpe:/a:novell:suse_linux:qemu-block-curl", "p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-block-rbd", "p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-debugsource", "p-cpe:/a:novell:suse_linux:qemu-guest-agent", "p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-kvm", "p-cpe:/a:novell:suse_linux:qemu-lang", "p-cpe:/a:novell:suse_linux:qemu-s390", "p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-tools", "p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo", "p-cpe:/a:novell:suse_linux:qemu-x86", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2946-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2946-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104471);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-6834\", \"CVE-2016-6835\", \"CVE-2016-9602\", \"CVE-2016-9603\", \"CVE-2017-10664\", \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11334\", \"CVE-2017-11434\", \"CVE-2017-12809\", \"CVE-2017-13672\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15289\", \"CVE-2017-5579\", \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2017-6505\", \"CVE-2017-7377\", \"CVE-2017-7471\", \"CVE-2017-7493\", \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-8380\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9375\", \"CVE-2017-9503\");\n\n script_name(english:\"SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for qemu fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-10911: The make_response function in the Linux\n kernel allowed guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures (bsc#1057378).\n\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator\n support allowed local guest OS privileged users to cause\n a denial of service (NULL pointer dereference and QEMU\n process crash) by flushing an empty CDROM device drive\n (bsc#1054724).\n\n - CVE-2017-15289: The mode4and5 write functions allowed\n local OS guest privileged users to cause a denial of\n service (out-of-bounds write access and Qemu process\n crash) via vectors related to dst calculation\n (bsc#1063122)\n\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk\n function local guest OS users to obtain sensitive\n information from host heap memory via vectors related to\n reading extended attributes (bsc#1062069)\n\n - CVE-2017-14167: Integer overflow in the load_multiboot\n function allowed local guest OS users to execute\n arbitrary code on the host via crafted multiboot header\n address values, which trigger an out-of-bounds write\n (bsc#1057585)\n\n - CVE-2017-11434: The dhcp_decode function in\n slirp/bootp.c allowed local guest OS users to cause a\n denial of service (out-of-bounds read) via a crafted\n DHCP options string (bsc#1049381)\n\n - CVE-2017-11334: The address_space_write_continue\n function allowed local guest OS privileged users to\n cause a denial of service (out-of-bounds access and\n guest instance crash) by leveraging use of\n qemu_map_ram_ptr to access guest ram block area\n (bsc#1048902)\n\n - CVE-2017-13672: The VGA display emulator support allowed\n local guest OS privileged users to cause a denial of\n service (out-of-bounds read and QEMU process crash) via\n vectors involving display update (bsc#1056334)\n\n - CVE-2017-5973: A infinite loop while doing control\n transfer in xhci_kick_epctx allowed privileged user\n inside the guest to crash the host process resulting in\n DoS (bsc#1025109)\n\n - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks\n function in hw/sd/sdhci.c allowed local OS guest\n privileged users to cause a denial of service (infinite\n loop and QEMU process crash) via vectors involving the\n transfer mode register during multi block transfer\n (bsc#1025311)\n\n - CVE-2017-6505: The ohci_service_ed_list function allowed\n local guest OS users to cause a denial of service\n (infinite loop) via vectors involving the number of link\n endpoint list descriptors (bsc#1028184)\n\n - CVE-2016-9603: A privileged user within the guest VM\n could have caused a heap overflow in the device model\n process, potentially escalating their privileges to that\n of the device model process (bsc#1028656)\n\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local\n guest OS privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) via vectors\n related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_\n functions (bsc#1034908)\n\n - CVE-2017-7980: An out-of-bounds r/w access issues in the\n Cirrus CLGD 54xx VGA Emulator support allowed privileged\n user inside guest to use this flaw to crash the Qemu\n process resulting in DoS or potentially execute\n arbitrary code on a host with privileges of Qemu process\n on the host (bsc#1035406)\n\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest\n OS privileged users to cause a denial of service\n (infinite loop and CPU consumption) via the message ring\n page count (bsc#1036211)\n\n - CVE-2017-9375: The USB xHCI controller emulator support\n was vulnerable to an infinite recursive call loop issue,\n which allowed a privileged user inside guest to crash\n the Qemu process resulting in DoS (bsc#1042800)\n\n - CVE-2017-9374: Missing free of 's->ipacket', causes a\n host memory leak, allowing for DoS (bsc#1043073)\n\n - CVE-2017-9373: The IDE AHCI Emulation support was\n vulnerable to a host memory leakage issue, which allowed\n a privileged user inside guest to leak host memory\n resulting in DoS (bsc#1042801)\n\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local\n guest OS users to cause a denial of service (infinite\n loop) by leveraging an incorrect return value\n (bsc#1042159)\n\n - CVE-2017-8379: Memory leak in the keyboard input event\n handlers support allowed local guest OS privileged users\n to cause a denial of service (host memory consumption)\n by rapidly generating large keyboard events\n (bsc#1037334)\n\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed\n remote attackers to cause a denial of service (memory\n consumption) by repeatedly starting and stopping audio\n capture (bsc#1037242)\n\n - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to an out-of-bounds\n read access issue which allowed a privileged user inside\n guest to read host memory resulting in DoS (bsc#1037336)\n\n - CVE-2017-7493: The VirtFS, host directory sharing via\n Plan 9 File System(9pfs) support, was vulnerable to an\n improper access control issue. It could occur while\n accessing virtfs metadata files in mapped-file security\n mode. A guest user could have used this flaw to escalate\n their privileges inside guest (bsc#1039495)\n\n - CVE-2016-9602: The VirtFS host directory sharing via\n Plan 9 File System(9pfs) support was vulnerable to an\n improper link following issue which allowed a privileged\n user inside guest to access host file system beyond the\n shared folder and potentially escalating their\n privileges on a host (bsc#1020427)\n\n - CVE-2017-5579: The 16550A UART serial device emulation\n support was vulnerable to a memory leakage issue\n allowing a privileged user to cause a DoS and/or\n potentially crash the Qemu process on the host\n (bsc#1021741)\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter\n emulation support was vulnerable to a NULL pointer\n dereference issue which allowed a privileged user inside\n guest to crash the Qemu process on the host resulting in\n DoS (bsc#1043296)\n\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which\n allowed remote attackers to cause a denial of service\n (daemon crash) by disconnecting during a\n server-to-client reply attempt (bsc#1046636)\n\n - CVE-2017-10806: Stack-based buffer overflow allowed\n local guest OS users to cause a denial of service (QEMU\n process crash) via vectors related to logging debug\n messages (bsc#1047674)\n\n - CVE-2016-9602: The VirtFS host directory sharing via\n Plan 9 File System(9pfs) support was vulnerable to an\n improper link following issue which allowed a privileged\n user inside guest to access host file system beyond the\n shared folder and potentially escalating their\n privileges on a host (bsc#1020427)\n\n - CVE-2017-7377: The v9fs_create and v9fs_lcreate\n functions in hw/9pfs/9p.c allowed local guest OS\n privileged users to cause a denial of service (file\n descriptor or memory consumption) via vectors related to\n an already in-use fid (bsc#1032075)\n\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr\n function in hw/9pfs/9p-xattr.c allowed local guest OS\n privileged users to cause a denial of service (memory\n consumption) via vectors involving the orig_value\n variable (bsc#1035950)\n\n - CVE-2017-7471: The VirtFS host directory sharing via\n Plan 9 File System(9pfs) support was vulnerable to an\n improper access control issue which allowed a privileged\n user inside guest to access host file system beyond the\n shared folder and potentially escalating their\n privileges on a host (bsc#1034866)\n\n - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC\n device support, causing an OOB read access (bsc#994605)\n\n - CVE-2016-6834: A infinite loop during packet\n fragmentation in the VMWARE VMXNET3 NIC device support\n allowed privileged user inside guest to crash the Qemu\n instance resulting in DoS (bsc#994418)\n\n - Fix privilege escalation in TCG mode (bsc#1030624)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028656\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6834/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6835/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10664/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11334/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11434/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12809/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15289/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5973/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5987/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6505/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7377/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7471/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7493/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7718/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7980/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8086/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8379/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8380/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9375/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9503/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172946-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4becc028\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1827=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1827=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1827=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:qemu-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-block-rbd-debuginfo-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"qemu-x86-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"qemu-s390-debuginfo-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-block-curl-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-block-curl-debuginfo-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-debugsource-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-guest-agent-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-guest-agent-debuginfo-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-lang-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-tools-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-tools-debuginfo-2.3.1-33.3.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"qemu-kvm-2.3.1-33.3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:29:52", "description": "Several vulnerabilities were found in qemu, a fast processor emulator :\n\nCVE-2015-8666\n\nHeap-based buffer overflow in QEMU when built with the Q35-chipset-based PC system emulator\n\nCVE-2016-2198\n\nNULL pointer dereference in ehci_caps_write in the USB EHCI support that may result in denial of service\n\nCVE-2016-6833\n\nUse after free while writing in the vmxnet3 device that could be used to cause a denial of service\n\nCVE-2016-6835\n\nBuffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device that could result in denial of service\n\nCVE-2016-8576\n\nInfinite loop vulnerability in xhci_ring_fetch in the USB xHCI support\n\nCVE-2016-8667 / CVE-2016-8669\n\nDivide by zero errors in set_next_tick in the JAZZ RC4030 chipset emulator, and in serial_update_parameters of some serial devices, that could result in denial of service\n\nCVE-2016-9602\n\nImproper link following with VirtFS\n\nCVE-2016-9603\n\nHeap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA emulator support\n\nCVE-2016-9776\n\nInfinite loop while receiving data in the ColdFire Fast Ethernet Controller emulator\n\nCVE-2016-9907\n\nMemory leakage in the USB redirector usb-guest support \n\nCVE-2016-9911\n\nMemory leakage in ehci_init_transfer in the USB EHCI support\n\nCVE-2016-9914 / CVE-2016-9915 / CVE-2016-9916\n\nPlan 9 File System (9pfs): add missing cleanup operation in FileOperations, in the handle backend and in the proxy backend driver\n\nCVE-2016-9921 / CVE-2016-9922\n\nDivide by zero in cirrus_do_copy in the Cirrus CLGD 54xx VGA Emulator support \n\nCVE-2016-10155\n\nMemory leak in hw/watchdog/wdt_i6300esb.c allowing local guest OS privileged users to cause a denial of service via a large number of device unplug operations.\n\nCVE-2017-2615 / CVE-2017-2620 / CVE-2017-18030 / CVE-2018-5683 / CVE-2017-7718\n\nOut-of-bounds access issues in the Cirrus CLGD 54xx VGA emulator support, that could result in denial of service\n\nCVE-2017-5525 / CVE-2017-5526\n\nMemory leakage issues in the ac97 and es1370 device emulation\n\nCVE-2017-5579\n\nMost memory leakage in the 16550A UART emulation\n\nCVE-2017-5667\n\nOut-of-bounds access during multi block SDMA transfer in the SDHCI emulation support.\n\nCVE-2017-5715\n\nMitigations against the Spectre v2 vulnerability. For more information please refer to https://www.qemu.org/2018/01/04/spectre/\n\nCVE-2017-5856\n\nMemory leak in the MegaRAID SAS 8708EM2 Host Bus Adapter emulation support\n\nCVE-2017-5973 / CVE-2017-5987 / CVE-2017-6505\n\nInfinite loop issues in the USB xHCI, in the transfer mode register of the SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\nImproper access control issues in the host directory sharing via 9pfs support.\n\nCVE-2017-7980\n\nHeap-based buffer overflow in the Cirrus VGA device that could allow local guest OS users to execute arbitrary code or cause a denial of service\n\nCVE-2017-8086\n\n9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\nInfinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\nHost memory leakage issues via the audio capture buffer and the keyboard input event handlers \n\nCVE-2017-9330\n\nInfinite loop due to incorrect return value in USB OHCI that may result in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\nHost memory leakage during hot unplug in IDE AHCI and USB emulated devices that could result in denial of service\n\nCVE-2017-9503\n\nNULL pointer dereference while processing megasas command\n\nCVE-2017-10806\n\nStack buffer overflow in USB redirector\n\nCVE-2017-10911\n\nXen disk may leak stack data via response ring\n\nCVE-2017-11434\n\nOut-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\nOut-of-bounds access while processing multiboot headers that could result in the execution of arbitrary code\n\nCVE-2017-15038\n\n9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\nOut-of-bounds write access issue in the Cirrus graphic adaptor that could result in denial of service\n\nCVE-2017-16845\n\nInformation leak in the PS/2 mouse and keyboard emulation support that could be exploited during instance migration \n\nCVE-2017-18043\n\nInteger overflow in the macro ROUND_UP (n, d) that could result in denial of service\n\nCVE-2018-7550\n\nIncorrect handling of memory during multiboot that could may result in execution of arbitrary code\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:2.1+dfsg-12+deb8u7.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H"}, "published": "2018-09-07T00:00:00", "type": "nessus", "title": "Debian DLA-1497-1 : qemu security update (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8666", "CVE-2016-10155", "CVE-2016-2198", "CVE-2016-6833", "CVE-2016-6835", "CVE-2016-8576", "CVE-2016-8667", "CVE-2016-8669", "CVE-2016-9602", "CVE-2016-9603", "CVE-2016-9776", "CVE-2016-9907", "CVE-2016-9911", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9921", "CVE-2016-9922", "CVE-2017-10806", "CVE-2017-10911", "CVE-2017-11434", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15289", "CVE-2017-16845", "CVE-2017-18030", "CVE-2017-18043", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5579", "CVE-2017-5667", "CVE-2017-5715", "CVE-2017-5856", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-6505", "CVE-2017-7377", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9503", "CVE-2018-5683", "CVE-2018-7550"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:qemu", "p-cpe:/a:debian:debian_linux:qemu-guest-agent", "p-cpe:/a:debian:debian_linux:qemu-kvm", "p-cpe:/a:debian:debian_linux:qemu-system", "p-cpe:/a:debian:debian_linux:qemu-system-arm", "p-cpe:/a:debian:debian_linux:qemu-system-common", "p-cpe:/a:debian:debian_linux:qemu-system-mips", "p-cpe:/a:debian:debian_linux:qemu-system-misc", "p-cpe:/a:debian:debian_linux:qemu-system-ppc", "p-cpe:/a:debian:debian_linux:qemu-system-sparc", "p-cpe:/a:debian:debian_linux:qemu-system-x86", "p-cpe:/a:debian:debian_linux:qemu-user", "p-cpe:/a:debian:debian_linux:qemu-user-binfmt", "p-cpe:/a:debian:debian_linux:qemu-user-static", "p-cpe:/a:debian:debian_linux:qemu-utils", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1497.NASL", "href": "https://www.tenable.com/plugins/nessus/117351", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1497-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117351);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8666\", \"CVE-2016-10155\", \"CVE-2016-2198\", \"CVE-2016-6833\", \"CVE-2016-6835\", \"CVE-2016-8576\", \"CVE-2016-8667\", \"CVE-2016-8669\", \"CVE-2016-9602\", \"CVE-2016-9603\", \"CVE-2016-9776\", \"CVE-2016-9907\", \"CVE-2016-9911\", \"CVE-2016-9914\", \"CVE-2016-9915\", \"CVE-2016-9916\", \"CVE-2016-9921\", \"CVE-2016-9922\", \"CVE-2017-10806\", \"CVE-2017-10911\", \"CVE-2017-11434\", \"CVE-2017-14167\", \"CVE-2017-15038\", \"CVE-2017-15289\", \"CVE-2017-16845\", \"CVE-2017-18030\", \"CVE-2017-18043\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5525\", \"CVE-2017-5526\", \"CVE-2017-5579\", \"CVE-2017-5667\", \"CVE-2017-5715\", \"CVE-2017-5856\", \"CVE-2017-5973\", \"CVE-2017-5987\", \"CVE-2017-6505\", \"CVE-2017-7377\", \"CVE-2017-7493\", \"CVE-2017-7718\", \"CVE-2017-7980\", \"CVE-2017-8086\", \"CVE-2017-8112\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-9330\", \"CVE-2017-9373\", \"CVE-2017-9374\", \"CVE-2017-9503\", \"CVE-2018-5683\", \"CVE-2018-7550\");\n\n script_name(english:\"Debian DLA-1497-1 : qemu security update (Spectre)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities were found in qemu, a fast processor \nemulator :\n\nCVE-2015-8666\n\nHeap-based buffer overflow in QEMU when built with the\nQ35-chipset-based PC system emulator\n\nCVE-2016-2198\n\nNULL pointer dereference in ehci_caps_write in the USB EHCI support\nthat may result in denial of service\n\nCVE-2016-6833\n\nUse after free while writing in the vmxnet3 device that could be used\nto cause a denial of service\n\nCVE-2016-6835\n\nBuffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device\nthat could result in denial of service\n\nCVE-2016-8576\n\nInfinite loop vulnerability in xhci_ring_fetch in the USB xHCI support\n\nCVE-2016-8667 / CVE-2016-8669\n\nDivide by zero errors in set_next_tick in the JAZZ RC4030 chipset\nemulator, and in serial_update_parameters of some serial devices, that\ncould result in denial of service\n\nCVE-2016-9602\n\nImproper link following with VirtFS\n\nCVE-2016-9603\n\nHeap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA\nemulator support\n\nCVE-2016-9776\n\nInfinite loop while receiving data in the ColdFire Fast Ethernet\nController emulator\n\nCVE-2016-9907\n\nMemory leakage in the USB redirector usb-guest support \n\nCVE-2016-9911\n\nMemory leakage in ehci_init_transfer in the USB EHCI support\n\nCVE-2016-9914 / CVE-2016-9915 / CVE-2016-9916\n\nPlan 9 File System (9pfs): add missing cleanup operation in\nFileOperations, in the handle backend and in the proxy backend driver\n\nCVE-2016-9921 / CVE-2016-9922\n\nDivide by zero in cirrus_do_copy in the Cirrus CLGD 54xx VGA Emulator\nsupport \n\nCVE-2016-10155\n\nMemory leak in hw/watchdog/wdt_i6300esb.c allowing local guest OS\nprivileged users to cause a denial of service via a large number of\ndevice unplug operations.\n\nCVE-2017-2615 / CVE-2017-2620 / CVE-2017-18030 / CVE-2018-5683 /\nCVE-2017-7718\n\nOut-of-bounds access issues in the Cirrus CLGD 54xx VGA emulator\nsupport, that could result in denial of service\n\nCVE-2017-5525 / CVE-2017-5526\n\nMemory leakage issues in the ac97 and es1370 device emulation\n\nCVE-2017-5579\n\nMost memory leakage in the 16550A UART emulation\n\nCVE-2017-5667\n\nOut-of-bounds access during multi block SDMA transfer in the SDHCI\nemulation support.\n\nCVE-2017-5715\n\nMitigations against the Spectre v2 vulnerability. For more information\nplease refer to https://www.qemu.org/2018/01/04/spectre/\n\nCVE-2017-5856\n\nMemory leak in the MegaRAID SAS 8708EM2 Host Bus Adapter emulation\nsupport\n\nCVE-2017-5973 / CVE-2017-5987 / CVE-2017-6505\n\nInfinite loop issues in the USB xHCI, in the transfer mode register of\nthe SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\nImproper access control issues in the host directory sharing via 9pfs\nsupport.\n\nCVE-2017-7980\n\nHeap-based buffer overflow in the Cirrus VGA device that could allow\nlocal guest OS users to execute arbitrary code or cause a denial of\nservice\n\nCVE-2017-8086\n\n9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\nInfinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\nHost memory leakage issues via the audio capture buffer and the\nkeyboard input event handlers \n\nCVE-2017-9330\n\nInfinite loop due to incorrect return value in USB OHCI that may\nresult in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\nHost memory leakage during hot unplug in IDE AHCI and USB emulated\ndevices that could result in denial of service\n\nCVE-2017-9503\n\nNULL pointer dereference while processing megasas command\n\nCVE-2017-10806\n\nStack buffer overflow in USB redirector\n\nCVE-2017-10911\n\nXen disk may leak stack data via response ring\n\nCVE-2017-11434\n\nOut-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\nOut-of-bounds access while processing multiboot headers that could\nresult in the execution of arbitrary code\n\nCVE-2017-15038\n\n9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\nOut-of-bounds write access issue in the Cirrus graphic adaptor that\ncould result in denial of service\n\nCVE-2017-16845\n\nInformation leak in the PS/2 mouse and keyboard emulation support that\ncould be exploited during instance migration \n\nCVE-2017-18043\n\nInteger overflow in the macro ROUND_UP (n, d) that could result in\ndenial of service\n\nCVE-2018-7550\n\nIncorrect handling of memory during multiboot that could may result in\nexecution of arbitrary code\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:2.1+dfsg-12+deb8u7.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/qemu\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.qemu.org/2018/01/04/spectre/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-ppc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-sparc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-binfmt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/07\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"qemu\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-guest-agent\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-kvm\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-arm\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-common\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-mips\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-misc\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-ppc\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-sparc\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-system-x86\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-binfmt\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-user-static\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"qemu-utils\", reference:\"1:2.1+dfsg-12+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:04:58", "description": "It was discovered that the KVM subsystem in the Linux kernel did not \nproperly bound guest IRQs. A local attacker in a guest VM could use this to \ncause a denial of service (host system crash). (CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation \nin the Linux kernel did not properly validate superblock metadata. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX \nmessage queue implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "ubuntu", "title": "Linux kernel (GCP) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10663", "CVE-2017-14340", "CVE-2017-10911", "CVE-2017-1000252", "CVE-2017-11176"], "modified": "2017-10-31T00:00:00", "id": "USN-3468-3", "href": "https://ubuntu.com/security/notices/USN-3468-3", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:05:04", "description": "USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. \nThis update provides the corresponding updates for the Linux Hardware \nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not \nproperly bound guest IRQs. A local attacker in a guest VM could use this to \ncause a denial of service (host system crash). (CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation \nin the Linux kernel did not properly validate superblock metadata. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX \nmessage queue implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "ubuntu", "title": "Linux kernel (HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10663", "CVE-2017-14340", "CVE-2017-10911", "CVE-2017-1000252", "CVE-2017-11176"], "modified": "2017-10-31T00:00:00", "id": "USN-3468-2", "href": "https://ubuntu.com/security/notices/USN-3468-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:05:01", "description": "It was discovered that the KVM subsystem in the Linux kernel did not \nproperly bound guest IRQs. A local attacker in a guest VM could use this to \ncause a denial of service (host system crash). (CVE-2017-1000252)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation \nin the Linux kernel did not properly validate superblock metadata. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX \nmessage queue implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10663", "CVE-2017-14340", "CVE-2017-10911", "CVE-2017-1000252", "CVE-2017-11176"], "modified": "2017-10-31T00:00:00", "id": "USN-3468-1", "href": "https://ubuntu.com/security/notices/USN-3468-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:04:58", "description": "Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() \nfunction in the Linux kernel. A local attacker could use to cause a denial \nof service (system crash) or possibly execute arbitrary code with \nadministrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that a race condition existed in the timerfd \nsubsystem of the Linux kernel when handling might_cancel queuing. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10661)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation \nin the Linux kernel did not properly validate superblock metadata. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10662, CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX \nmessage queue implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10661", "CVE-2017-10663", "CVE-2017-10662", "CVE-2017-14340", "CVE-2017-10911", "CVE-2017-11176", "CVE-2016-8632"], "modified": "2017-10-31T00:00:00", "id": "USN-3470-1", "href": "https://ubuntu.com/security/notices/USN-3470-1", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:04:55", "description": "USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() \nfunction in the Linux kernel. A local attacker could use to cause a denial \nof service (system crash) or possibly execute arbitrary code with \nadministrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that a race condition existed in the timerfd \nsubsystem of the Linux kernel when handling might_cancel queuing. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10661)\n\nIt was discovered that the Flash-Friendly File System (f2fs) implementation \nin the Linux kernel did not properly validate superblock metadata. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-10662, CVE-2017-10663)\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nIt was discovered that a use-after-free vulnerability existed in the POSIX \nmessage queue implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-11176)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10661", "CVE-2017-10663", "CVE-2017-10662", "CVE-2017-14340", "CVE-2017-10911", "CVE-2017-11176", "CVE-2016-8632"], "modified": "2017-10-31T00:00:00", "id": "USN-3470-2", "href": "https://ubuntu.com/security/notices/USN-3470-2", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:04:55", "description": "Anthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux \nkernel in some situations did not properly prevent second level guests \nfrom reading and writing the hardware CR8 register. A local attacker \nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel \ndid not properly restrict key reads on negatively instantiated keys. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not \nproperly initialize data returned to user space in some situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in \nthe Linux kernel did not properly handle attempts to set reserved bits in a \ntask's extended state (xstate) area. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device \ndriver in the Linux kernel contained race conditions when fetching \nfrom the ring-buffer. A local attacker could use this to cause a \ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14156", "CVE-2017-14991", "CVE-2017-14489", "CVE-2017-9985", "CVE-2017-9984", "CVE-2017-14340", "CVE-2017-12154", "CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-15537"], "modified": "2017-10-31T00:00:00", "id": "USN-3469-1", "href": "https://ubuntu.com/security/notices/USN-3469-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:04:57", "description": "USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not \nproperly initialize some data structures before passing them to user space. \nA local attacker in a guest VM could use this to expose sensitive \ninformation from the host OS or other guest VMs. (CVE-2017-10911)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux \nkernel in some situations did not properly prevent second level guests \nfrom reading and writing the hardware CR8 register. A local attacker \nin a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel \ndid not properly restrict key reads on negatively instantiated keys. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nDave Chinner discovered that the XFS filesystem did not enforce that the \nrealtime inode flag was settable only on filesystems on a realtime device. \nA local attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14340)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not \nproperly initialize data returned to user space in some situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2017-14991)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in \nthe Linux kernel did not properly handle attempts to set reserved bits in a \ntask's extended state (xstate) area. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2017-15537)\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device \ndriver in the Linux kernel contained race conditions when fetching \nfrom the ring-buffer. A local attacker could use this to cause a \ndenial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14156", "CVE-2017-14991", "CVE-2017-14489", "CVE-2017-9985", "CVE-2017-9984", "CVE-2017-14340", "CVE-2017-12154", "CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-15537"], "modified": "2017-10-31T00:00:00", "id": "USN-3469-2", "href": "https://ubuntu.com/security/notices/USN-3469-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:06:31", "description": "USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for \nCVE-2017-9375 was incomplete and caused a regression in the USB xHCI \ncontroller emulation support. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nLeo Gaspard discovered that QEMU incorrectly handled VirtFS access control. \nA guest attacker could use this issue to elevate privileges inside the \nguest. (CVE-2017-7493)\n\nLi Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto consume resources or crash, resulting in a denial of service. \n(CVE-2017-8112)\n\nIt was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host \nBus Adapter emulation support. A privileged attacker inside the guest could \nuse this issue to cause QEMU to crash, resulting in a denial of service, or \npossibly to obtain sensitive host memory. This issue only affected Ubuntu \n16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to consume \nresources and crash, resulting in a denial of service. This issue only \naffected Ubuntu 17.04. (CVE-2017-9060)\n\nLi Qiang discovered that QEMU incorrectly handled the e1000e device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \nhang, resulting in a denial of service. This issue only affected Ubuntu \n17.04. (CVE-2017-9310)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI emulation \nsupport. An attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-9330)\n\nLi Qiang discovered that QEMU incorrectly handled IDE AHCI emulation \nsupport. A privileged attacker inside the guest could use this issue to \ncause QEMU to consume resources and crash, resulting in a denial of \nservice. (CVE-2017-9373)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation \nsupport. A privileged attacker inside the guest could use this issue to \ncause QEMU to consume resources and crash, resulting in a denial of \nservice. (CVE-2017-9374)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI emulation \nsupport. A privileged attacker inside the guest could use this issue to \ncause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)\n\nZhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 \nHost Bus Adapter emulation support. A privileged attacker inside the guest \ncould use this issue to cause QEMU to crash, resulting in a denial of \nservice. (CVE-2017-9503)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled \ninitialization. A remote attacker could use this issue to cause the server \nto crash, resulting in a denial of service. (CVE-2017-9524)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled \nsignals. A remote attacker could use this issue to cause the server to \ncrash, resulting in a denial of service. (CVE-2017-10664)\n\nLi Qiang discovered that the QEMU USB redirector incorrectly handled \nlogging debug messages. An attacker inside the guest could use this issue \nto cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)\n\nAnthony Perard discovered that QEMU incorrectly handled Xen block-interface \nresponses. An attacker inside the guest could use this issue to cause QEMU \nto leak contents of host memory. (CVE-2017-10911)\n\nReno Robert discovered that QEMU incorrectly handled certain DHCP options \nstrings. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-11434)\n\nRyan Salsamendi discovered that QEMU incorrectly handled empty CDROM device \ndrives. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. This issue only \naffected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-20T00:00:00", "type": "ubuntu", "title": "QEMU regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12809", "CVE-2017-10664", "CVE-2017-9503", "CVE-2017-9524", "CVE-2017-9330", "CVE-2017-8380", "CVE-2017-10911", "CVE-2017-9060", "CVE-2017-9374", "CVE-2017-11434", "CVE-2017-10806", "CVE-2017-8112", "CVE-2017-9375", "CVE-2017-9310", "CVE-2017-7493", "CVE-2017-9373"], "modified": "2017-09-20T00:00:00", "id": "USN-3414-2", "href": "https://ubuntu.com/security/notices/USN-3414-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:07:01", "description": "Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. \nA guest attacker could use this issue to elevate privileges inside the \nguest. (CVE-2017-7493)\n\nLi Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. \nA privileged attacker inside the guest could use this issue to cause QEMU \nto consume resources or crash, resulting in a denial of service. \n(CVE-2017-8112)\n\nIt was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host \nBus Adapter emulation support. A privileged attacker inside the guest could \nuse this issue to cause QEMU to crash, resulting in a denial of service, or \npossibly to obtain sensitive host memory. This issue only affected Ubuntu \n16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An \nattacker inside the guest could use this issue to cause QEMU to consume \nresources and crash, resulting in a denial of service. This issue only \naffected Ubuntu 17.04. (CVE-2017-9060)\n\nLi Qiang discovered that QEMU incorrectly handled the e1000e device. A \nprivileged attacker inside the guest could use this issue to cause QEMU to \nhang, resulting in a denial of service. This issue only affected Ubuntu \n17.04. (CVE-2017-9310)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI emulation \nsupport. An attacker inside the guest could use this issue to cause QEMU to \ncrash, resulting in a denial of service. (CVE-2017-9330)\n\nLi Qiang discovered that QEMU incorrectly handled IDE AHCI emulation \nsupport. A privileged attacker inside the guest could use this issue to \ncause QEMU to consume resources and crash, resulting in a denial of \nservice. (CVE-2017-9373)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation \nsupport. A privileged attacker inside the guest could use this issue to \ncause QEMU to consume resources and crash, resulting in a denial of \nservice. (CVE-2017-9374)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI emulation \nsupport. A privileged attacker inside the guest could use this issue to \ncause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)\n\nZhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 \nHost Bus Adapter emulation support. A privileged attacker inside the guest \ncould use this issue to cause QEMU to crash, resulting in a denial of \nservice. (CVE-2017-9503)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled \ninitialization. A remote attacker could use this issue to cause the server \nto crash, resulting in a denial of service. (CVE-2017-9524)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled \nsignals. A remote attacker could use this issue to cause the server to \ncrash, resulting in a denial of service. (CVE-2017-10664)\n\nLi Qiang discovered that the QEMU USB redirector incorrectly handled \nlogging debug messages. An attacker inside the guest could use this issue \nto cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)\n\nAnthony Perard discovered that QEMU incorrectly handled Xen block-interface \nresponses. An attacker inside the guest could use this issue to cause QEMU \nto leak contents of host memory. (CVE-2017-10911)\n\nReno Robert discovered that QEMU incorrectly handled certain DHCP options \nstrings. An attacker inside the guest could use this issue to cause QEMU \nto crash, resulting in a denial of service. (CVE-2017-11434)\n\nRyan Salsamendi discovered that QEMU incorrectly handled empty CDROM device \ndrives. A privileged attacker inside the guest could use this issue to \ncause QEMU to crash, resulting in a denial of service. This issue only \naffected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-13T00:00:00", "type": "ubuntu", "title": "QEMU vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12809", "CVE-2017-10664", "CVE-2017-9503", "CVE-2017-9524", "CVE-2017-9330", "CVE-2017-8380", "CVE-2017-10911", "CVE-2017-9060", "CVE-2017-9374", "CVE-2017-11434", "CVE-2017-10806", "CVE-2017-8112", "CVE-2017-9375", "CVE-2017-9310", "CVE-2017-7493", "CVE-2017-9373"], "modified": "2017-09-13T00:00:00", "id": "USN-3414-1", "href": "https://ubuntu.com/security/notices/USN-3414-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "photon": [{"lastseen": "2022-05-12T18:09:22", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-16T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2017-0062", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10741", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-10663", "CVE-2017-10911", "CVE-2017-7533", "CVE-2017-7542"], "modified": "2017-08-16T00:00:00", "id": "PHSA-2017-0062", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-62", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-03T11:53:43", "description": "An update of [ruby,cassandra,linux,libxml2] packages for PhotonOS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-16T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2017-0029", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000112", "CVE-2017-10911", "CVE-2017-3161", "CVE-2017-3162", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-8872", "CVE-2017-9228"], "modified": "2017-08-16T00:00:00", "id": "PHSA-2017-0029", "href": "https://github.com/vmware/photon/wiki/Security-Updates-62", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-11-03T02:32:22", "description": "This update for qemu to version 2.9.1 fixes several issues.\n\n It also announces that the qed storage format will be no longer supported\n in SLE 15 (fate#324200).\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942)\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause\n a denial of service (QEMU instance crash) by leveraging failure to\n properly clear ifq_so from pending packets (bsc#1056291).\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fiedx package build failure against new glibc (bsc#1055587)\n\n", "cvss3": {}, "published": "2017-11-03T00:08:15", "type": "suse", "title": "Security update for qemu (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-15268", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-10911", "CVE-2017-13672"], "modified": "2017-11-03T00:08:15", "id": "SUSE-SU-2017:2924-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00003.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-07T08:32:56", "description": "This update for qemu to version 2.9.1 fixes several issues.\n\n It also announces that the qed storage format will be no longer supported\n in Leap 15.0.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942)\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause\n a denial of service (QEMU instance crash) by leveraging failure to\n properly clear ifq_so from pending packets (bsc#1056291).\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fiedx package build failure against new glibc (bsc#1055587)\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "cvss3": {}, "published": "2017-11-07T06:09:17", "type": "suse", "title": "Security update for qemu (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-15268", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-13711", "CVE-2017-10911", "CVE-2017-13672"], "modified": "2017-11-07T06:09:17", "id": "OPENSUSE-SU-2017:2938-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00007.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-07T00:32:53", "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942).\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block\n Device (NBD) Server support allowed remote attackers to cause a denial\n of service (segmentation fault and server crash) by leveraging failure\n to ensure that all initialization occurs talking to a client in the\n nbd_negotiate function (bsc#1043808).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block area (bsc#1048902)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fixed wrong permissions for kvm_stat.1 file\n - Fixed KVM lun resize not working as expected on SLES12 SP2 HV\n (bsc#1043176)\n\n", "cvss3": {}, "published": "2017-11-06T21:07:59", "type": "suse", "title": "Security update for qemu (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-15268", "CVE-2017-11334", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-10806", "CVE-2017-13672", "CVE-2017-11434", "CVE-2017-9524"], "modified": "2017-11-06T21:07:59", "id": "SUSE-SU-2017:2936-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00006.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-07T08:32:55", "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by\n triggering slow data-channel read operations, related to\n io/channel-websock.c (bsc#1062942).\n - CVE-2017-9524: The qemu-nbd server when built with the Network Block\n Device (NBD) Server support allowed remote attackers to cause a denial\n of service (segmentation fault and server crash) by leveraging failure\n to ensure that all initialization occurs talking to a client in the\n nbd_negotiate function (bsc#1043808).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378)\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724)\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block area (bsc#1048902)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n\n These non-security issues were fixed:\n\n - Fixed not being able to build from rpm sources due to undefined macro\n (bsc#1057966)\n - Fixed wrong permissions for kvm_stat.1 file\n - Fixed KVM lun resize not working as expected on SLES12 SP2 HV\n (bsc#1043176)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2017-11-07T06:12:01", "type": "suse", "title": "Security update for qemu (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-15268", "CVE-2017-11334", "CVE-2017-15038", "CVE-2017-14167", "CVE-2017-15289", "CVE-2017-12809", "CVE-2017-10911", "CVE-2017-10664", "CVE-2017-10806", "CVE-2017-13672", "CVE-2017-11434", "CVE-2017-9524"], "modified": "2017-11-07T06:12:01", "id": "OPENSUSE-SU-2017:2941-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00008.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:44:08", "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a null pointer dereference issue which allowed\n a privileged user inside guest to crash the Qemu process on the host\n resulting in DoS (bsc#1043297)\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak,\n allowing for DoS (bsc#1043074)\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed\n unprivileged guest to obtain sensitive information from the host or\n other guests (XSA-216, bsc#1042863)\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code\n allowed for informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n - CVE-2017-10920, CVE-2017-10921, CVE-2017-10922: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged\n users to cause a denial of service (infinite loop and CPU consumption)\n via the message ring page count (bsc#1036470)\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV\n guest OS users to execute arbitrary code on the host OS (XSA-215,\n bsc#1034845).\n\n These non-security issues were fixed:\n\n - bsc#1031460: Fixed DomU Live Migration\n - bsc#1014136: Fixed kdump SLES12-SP2\n - bsc#1026236: Equalized paravirtualized vs. fully virtualized migration\n speed\n - bsc#1032148: Ensure that time doesn't goes backwards during live\n migration of HVM domU\n - bsc#1027519: Included various upstream patches\n\n", "cvss3": {}, "published": "2017-07-06T15:15:02", "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-06T15:15:02", "id": "SUSE-SU-2017:1795-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00005.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:44:08", "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10911: blkif responses leaked backend stack data, which allowed\n unprivileged guest to obtain sensitive information from the host or\n other guests (XSA-216, bsc#1042863)\n - CVE-2017-10912: Page transfer might have allowed PV guest to elevate\n privilege (XSA-217, bsc#1042882)\n - CVE-2017-10913, CVE-2017-10914: Races in the grant table unmap code\n allowed for informations leaks and potentially privilege escalation\n (XSA-218, bsc#1042893)\n - CVE-2017-10915: Insufficient reference counts during shadow emulation\n allowed a malicious pair of guest to elevate their privileges to the\n privileges that XEN runs under (XSA-219, bsc#1042915)\n - CVE-2017-10917: Missing NULL pointer check in event channel poll allows\n guests to DoS the host (XSA-221, bsc#1042924)\n - CVE-2017-10918: Stale P2M mappings due to insufficient error checking\n allowed malicious guest to leak information or elevate privileges\n (XSA-222, bsc#1042931)\n - CVE-2017-10922, CVE-2017-10921, CVE-2017-10920: Grant table operations\n mishandled reference counts allowing malicious guests to escape\n (XSA-224, bsc#1042938)\n - CVE-2017-10916: PKRU and BND* leakage between vCPU-s might have leaked\n information to other guests (XSA-220, bsc#1042923)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042160)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037243)\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged\n users to cause a denial of service (infinite loop and CPU consumption)\n via the message ring page count (bsc#1036470)\n - CVE-2017-8905: Xen a failsafe callback, which might have allowed PV\n guest OS users to execute arbitrary code on the host OS (XSA-215,\n bsc#1034845).\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a null pointer dereference issue which allowed\n a privileged user inside guest to crash the Qemu process on the host\n resulting in DoS (bsc#1043297)\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak,\n allowing for DoS (bsc#1043074)\n\n These non-security issues were fixed:\n\n - bsc#1031460: Fixed DomU Live Migration\n - bsc#1014136: Fixed kdump SLES12-SP2\n - bsc#1026236: Equalized paravirtualized vs. fully virtualized migration\n speed\n\n", "cvss3": {}, "published": "2017-07-07T15:09:38", "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-10920", "CVE-2017-10921", "CVE-2017-9503", "CVE-2017-8112", "CVE-2017-9374", "CVE-2017-10922", "CVE-2017-10913", "CVE-2017-9330", "CVE-2017-8309", "CVE-2017-10918", "CVE-2017-10911", "CVE-2017-8905", "CVE-2017-10912", "CVE-2017-10916", "CVE-2017-10914", "CVE-2017-10917", "CVE-2017-10915"], "modified": "2017-07-07T15:09:38", "id": "SUSE-SU-2017:1812-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-07/msg00008.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-08T14:32:19", "description": "This update for qemu fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-10911: The make_response function in the Linux kernel allowed\n guest OS users to obtain sensitive information from host OS (or other\n guest OS) kernel memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response structures (bsc#1057378).\n - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed\n local guest OS privileged users to cause a denial of service (NULL\n pointer dereference and QEMU process crash) by flushing an empty CDROM\n device drive (bsc#1054724).\n - CVE-2017-15289: The mode4and5 write functions allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds write\n access and Qemu process crash) via vectors related to dst calculation\n (bsc#1063122)\n - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local\n guest OS users to obtain sensitive information from host heap memory via\n vectors related to reading extended attributes (bsc#1062069)\n - CVE-2017-14167: Integer overflow in the load_multiboot function allowed\n local guest OS users to execute arbitrary code on the host via crafted\n multiboot header address values, which trigger an out-of-bounds write\n (bsc#1057585)\n - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local\n guest OS users to cause a denial of service (out-of-bounds read) via a\n crafted DHCP options string (bsc#1049381)\n - CVE-2017-11334: The address_space_write_continue function allowed local\n guest OS privileged users to cause a denial of service (out-of-bounds\n access and guest instance crash) by leveraging use of qemu_map_ram_ptr\n to access guest ram block area (bsc#1048902)\n - CVE-2017-13672: The VGA display emulator support allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors involving display update (bsc#1056334)\n - CVE-2017-5973: A infinite loop while doing control transfer in\n xhci_kick_epctx allowed privileged user inside the guest to crash the\n host process resulting in DoS (bsc#1025109)\n - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in\n hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial\n of service (infinite loop and QEMU process crash) via vectors involving\n the transfer mode register during multi block transfer (bsc#1025311)\n - CVE-2017-6505: The ohci_service_ed_list function allowed local guest OS\n users to cause a denial of service (infinite loop) via vectors involving\n the number of link endpoint list descriptors (bsc#1028184)\n - CVE-2016-9603: A privileged user within the guest VM could have caused a\n heap overflow in the device model process, potentially escalating their\n privileges to that of the device model process (bsc#1028656)\n - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) via vectors related to copying VGA data via the\n cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions\n (bsc#1034908)\n - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD\n 54xx VGA Emulator support allowed privileged user inside guest to use\n this flaw to crash the Qemu process resulting in DoS or potentially\n execute arbitrary code on a host with privileges of Qemu process on the\n host (bsc#1035406)\n - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged\n users to cause a denial of service (infinite loop and CPU consumption)\n via the message ring page count (bsc#1036211)\n - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable\n to an infinite recursive call loop issue, which allowed a privileged\n user inside guest to crash the Qemu process resulting in DoS\n (bsc#1042800)\n - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak,\n allowing for DoS (bsc#1043073)\n - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host\n memory leakage issue, which allowed a privileged user inside guest to\n leak host memory resulting in DoS (bsc#1042801)\n - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users\n to cause a denial of service (infinite loop) by leveraging an incorrect\n return value (bsc#1042159)\n - CVE-2017-8379: Memory leak in the keyboard input event handlers support\n allowed local guest OS privileged users to cause a denial of service\n (host memory consumption) by rapidly generating large keyboard events\n (bsc#1037334)\n - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers\n to cause a denial of service (memory consumption) by repeatedly starting\n and stopping audio capture (bsc#1037242)\n - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to an out-of-bounds read access issue which\n allowed a privileged user inside guest to read host memory resulting in\n DoS (bsc#1037336)\n - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File\n System(9pfs) support, was vulnerable to an improper access control\n issue. It could occur while accessing virtfs metadata files in\n mapped-file security mode. A guest user could have used this flaw to\n escalate their privileges inside guest (bsc#1039495)\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File\n System(9pfs) support was vulnerable to an improper link following issue\n which allowed a privileged user inside guest to access host file system\n beyond the shared folder and potentially escalating their privileges on\n a host (bsc#1020427)\n - CVE-2017-5579: The 16550A UART serial device emulation support was\n vulnerable to a memory leakage issue allowing a privileged user to cause\n a DoS and/or potentially crash the Qemu process on the host (bsc#1021741)\n - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support was vulnerable to a null pointer dereference issue which allowed\n a privileged user inside guest to crash the Qemu process on the host\n resulting in DoS (bsc#1043296)\n - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote\n attackers to cause a denial of service (daemon crash) by disconnecting\n during a server-to-client reply attempt (bsc#1046636)\n - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users\n to cause a denial of service (QEMU process crash) via vectors related to\n logging debug messages (bsc#1047674)\n - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File\n System(9pfs) support was vulnerable to an improper link following issue\n which allowed a privileged user inside guest to access host file system\n beyond the shared folder and potentially escalating their privileges on\n a host (bsc#1020427)\n - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in\n hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial\n of service (file descriptor or memory consumption) via vectors related\n to an already in-use fid (bsc#1032075)\n - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in\n hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a\n denial of service (memory consumption) via vectors involving the\n orig_value variable (bsc#1035950)\n - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File\n System(9pfs) support was vulnerable to an improper access control issue\n which allowed a privileged user inside guest to access host file system\n beyond the shared folder and potentially escalating their privileges on\n a host (bsc#1034866)\n - CVE-2016-6835: Buffer overflow in the VMWARE VMXNET3 NIC device support,\n causing an OOB read access (bsc#994605)\n - CVE-2016-6834: A infinite loop during packet fragmentation in the VMWARE\n VMXNET3 NIC device support allowed privileged user inside guest to crash\n the Qemu instance resulting in DoS (bsc#994418)\n - Fix privilege escalation in TCG mode (bsc#1030624)\n\n This non-security issue was fixed:\n\n - Fix regression introduced by recent virtfs security fixes (bsc#1045035)\n\n", "cvss3": {}, "published": "2017-11-08T12:10:08", "type": "suse", "title": "Security update for qemu (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-9503", "CVE-2017-9375", "CVE-2017-8112", "CVE-2017-7493", "CVE-2017-11334", "CVE-2017-7718", "CVE-2017-9374", "CVE-2017-8379", "CVE-2017-7980", "CVE-2017-15038", "CVE-2017-8086", "CVE-2017-6505", "CVE-2017-14167", "CVE-2016-6834", "CVE-2017-9330", "CVE-2016-6835", "CVE-2017-7377", "CVE-2017-15289", "CVE-2017-5579", "CVE-2017-8380", "CVE-2017-5973", "CVE-2017-8309", "CVE-2017-12809", "CVE-2017-5987", "CVE-2017-10911", "CVE-2017-7471", "CVE-2017-10664", "CVE-2017-10806", "CVE-2016-9602", "CVE-2017-13672", "CVE-2017-11434", "CVE-2017-9373", "CVE-2016-9603"], "modified": "2017-11-08T12:10:08", "id": "SUSE-SU-2017:2946-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00010.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2022-02-19T00:15:28", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3920-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nCVE ID : CVE-2017-9310 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 \n CVE-2017-9375 CVE-2017-9524 CVE-2017-10664 CVE-2017-10911\n\nMultiple vulnerabilities were found in in qemu, a fast processor\nemulator:\n \nCVE-2017-9310\n\n Denial of service via infinite loop in e1000e NIC emulation.\n\nCVE-2017-9330\n\n Denial of service via infinite loop in USB OHCI emulation.\n\nCVE-2017-9373\n\n Denial of service via memory leak in IDE AHCI emulation.\n\nCVE-2017-9374\n\n Denial of service via memory leak in USB EHCI emulation.\n\nCVE-2017-9375\n\n Denial of service via memory leak in USB XHCI emulation.\n\nCVE-2017-9524\n\n Denial of service in qemu-nbd server.\n\nCVE-2017-10664\n\n Denial of service in qemu-nbd server.\n\nCVE-2017-10911\n\n Information leak in Xen blkif response handling.\n\nFor the oldstable distribution (jessie), a separate DSA will be issued.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-07-25T20:06:11", "type": "debian", "title": "[SECURITY] [DSA 3920-1] qemu security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10664", "CVE-2017-10911", "CVE-2017-9310", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9375", "CVE-2017-9524"], "modified": "2017-07-25T20:06:11", "id": "DEBIAN:DSA-3920-1:E2BE6", "href": "https://lists.debian.org/debian-security-announce/2017/msg00182.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T21:57:46", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3927-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 07, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541\n CVE-2017-7542 CVE-2017-9605 CVE-2017-10810 CVE-2017-10911\n CVE-2017-11176 CVE-2017-1000365\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7346\n\n Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\n\n Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\n\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-9605\n\n Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.\n\nCVE-2017-10810\n\n Li Qiang discovered a memory leak flaw within the VirtIO GPU driver\n resulting in denial of service (memory consumption).\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a user-space close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.\n\nFor the oldstable distribution (jessie), these problems will be fixed in\na subsequent DSA.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u3.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-07T05:18:53", "type": "debian", "title": "[SECURITY] [DSA 3927-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000365", "CVE-2017-10810", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-7346", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-9605"], "modified": "2017-08-07T05:18:53", "id": "DEBIAN:DSA-3927-1:A5DA8", "href": "https://lists.debian.org/debian-security-announce/2017/msg00189.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-01T05:18:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3927-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 07, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541\n CVE-2017-7542 CVE-2017-9605 CVE-2017-10810 CVE-2017-10911\n CVE-2017-11176 CVE-2017-1000365\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7346\n\n Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\n\n Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\n\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-9605\n\n Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.\n\nCVE-2017-10810\n\n Li Qiang discovered a memory leak flaw within the VirtIO GPU driver\n resulting in denial of service (memory consumption).\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a user-space close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.\n\nFor the oldstable distribution (jessie), these problems will be fixed in\na subsequent DSA.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u3.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-07T05:18:53", "type": "debian", "title": "[SECURITY] [DSA 3927-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000365", "CVE-2017-10810", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-7346", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-9605"], "modified": "2017-08-07T05:18:53", "id": "DEBIAN:DSA-3927-1:A186E", "href": "https://lists.debian.org/debian-security-announce/2017/msg00189.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-19T00:14:44", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3945-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533\n CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605\n CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363\n CVE-2017-1000365\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2014-9940\n\n A use-after-free flaw in the voltage and current regulator driver\n could allow a local user to cause a denial of service or potentially\n escalate privileges.\n\nCVE-2017-7346\n\n Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\n\n Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\n\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\n Tommi Rantala and Brad Spengler reported that the mm subsystem does\n not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\n allowing a local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary code.\n\nCVE-2017-9605\n\n Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a userspace close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-1000363\n\n Roee Hay reported that the lp driver does not properly bounds-check\n passed arguments, allowing a local attacker with write access to the\n kernel command line arguments to execute arbitrary code.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u3.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-17T18:40:05", "type": "debian", "title": "[SECURITY] [DSA 3945-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-7346", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7889", "CVE-2017-9605"], "modified": "2017-08-17T18:40:05", "id": "DEBIAN:DSA-3945-1:532A6", "href": "https://lists.debian.org/debian-security-announce/2017/msg00207.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T21:56:51", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3945-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533\n CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605\n CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363\n CVE-2017-1000365\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2014-9940\n\n A use-after-free flaw in the voltage and current regulator driver\n could allow a local user to cause a denial of service or potentially\n escalate privileges.\n\nCVE-2017-7346\n\n Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\n\n Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\n\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\n Tommi Rantala and Brad Spengler reported that the mm subsystem does\n not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\n allowing a local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary code.\n\nCVE-2017-9605\n\n Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a userspace close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-1000363\n\n Roee Hay reported that the lp driver does not properly bounds-check\n passed arguments, allowing a local attacker with write access to the\n kernel command line arguments to execute arbitrary code.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u3.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-17T18:40:05", "type": "debian", "title": "[SECURITY] [DSA 3945-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9940", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-7346", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7889", "CVE-2017-9605"], "modified": "2017-08-17T18:40:05", "id": "DEBIAN:DSA-3945-1:A4CC7", "href": "https://lists.debian.org/debian-security-announce/2017/msg00207.html", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T13:34:17", "description": "Package : linux\nVersion : 3.2.93-1\nCVE ID : CVE-2017-7482 CVE-2017-7542 CVE-2017-7889 CVE-2017-10661 \n CVE-2017-10911 CVE-2017-11176 CVE-2017-11600 CVE-2017-12134 \n CVE-2017-12153 CVE-2017-12154 CVE-2017-14106 CVE-2017-14140 \n CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-1000111 \n CVE-2017-1000251 CVE-2017-1000363 CVE-2017-1000365\n\t\t CVE-2017-1000380\nDebian Bug : #866511 #875881\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\n Tommi Rantala and Brad Spengler reported that the mm subsystem does\n not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\n allowing a local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary code.\n\nCVE-2017-10661\n\n Dmitry Vyukov of Google reported that the timerfd facility does\n not properly handle certain concurrent operations on a single file\n descriptor. This allows a local attacker to cause a denial of\n service or potentially to execute arbitrary code.\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a userspace close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-11600\n\n bo Zhang reported that the xfrm subsystem does not properly\n validate one of the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability can use this to cause a denial\n of service or potentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\n Jan H. Sch\u00f6nherr of Amazon discovered that when Linux is running\n in a Xen PV domain on an x86 system, it may incorrectly merge\n block I/O requests. A buggy or malicious guest may trigger this\n bug in dom0 or a PV driver domain, causing a denial of service or\n potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:\n echo 2 > /sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12153\n\n bo Zhang reported that the cfg80211 (wifi) subsystem does not\n properly validate the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability on a system with a wifi device\n can use this to cause a denial of service.\n\nCVE-2017-12154\n\n Jim Mattson of Google reported that the KVM implementation for\n Intel x86 processors did not correctly handle certain nested\n hypervisor configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\n Andrey Konovalov of Google reported that a specific sequence of\n operations on a TCP socket could lead to division by zero. A\n local user could use this for denial of service.\n\nCVE-2017-14140\n\n Otto Ebeling reported that the move_pages() system call permitted\n users to discover the memory layout of a set-UID process running\n under their real user-ID. This made it easier for local users to\n exploit vulnerabilities in programs installed with the set-UID\n permission bit set.\n\nCVE-2017-14156\n\n "sohu0106" reported an information leak in the atyfb video driver.\n A local user with access to a framebuffer device handled by this\n driver could use this to obtain sensitive information.\n\nCVE-2017-14340\n\n Richard Wareing discovered that the XFS implementation allows the\n creation of files with the "realtime" flag on a filesystem with no\n realtime device, which can result in a crash (oops). A local user\n with access to an XFS filesystem that does not have a realtime\n device can use this for denial of service.\n\nCVE-2017-14489\n\n ChunYu of Red Hat discovered that the iSCSI subsystem does not\n properly validate the length of a netlink message, leading to\n memory corruption. A local user with permission to manage iSCSI\n devices can use this for denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000111\n\n Andrey Konovalov of Google reported that a race condition in the\n raw packet (af_packet) feature. Local users with the CAP_NET_RAW\n capability can use this to cause a denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\n Armis Labs discovered that the Bluetooth subsystem does not\n properly validate L2CAP configuration responses, leading to a\n stack buffer overflow. This is one of several vulnerabilities\n dubbed "Blueborne". A nearby attacker can use this to cause a\n denial of service or possibly to execute arbitrary code on a\n system with Bluetooth enabled.\n\nCVE-2017-1000363\n\n Roee Hay reported that the lp driver does not properly bounds-check\n passed arguments. This has no security impact in Debian.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n properly taken into account by the size restrictions on arguments\n and environmental strings passed through execve(). A local\n attacker can take advantage of this flaw in conjunction with other\n flaws to execute arbitrary code.\n\nCVE-2017-1000380\n\n Alexander Potapenko of Google reported a race condition in the ALSA\n (sound) timer driver, leading to an information leak. A local user\n with permission to access sound devices could use this to obtain\n sensitive information.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 "Stretch", these problems have been fixed in version\n4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teamsAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-09-20T17:47:37", "type": "debian", "title": "[SECURITY] [DLA 1099-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-10911", "CVE-2017-11176", "CVE-2017-11600", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-7482", "CVE-2017-7542", "CVE-2017-7889"], "modified": "2017-09-20T17:47:37", "id": "DEBIAN:DLA-1099-1:57108", "href": "https://lists.debian.org/debian-lts-announce/2017/09/msg00017.html", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-20T19:23:06", "description": "Package : qemu\nVersion : 1:2.1+dfsg-12+deb8u7\nCVE ID : CVE-2015-8666 CVE-2016-2198 CVE-2016-6833 CVE-2016-6835\n CVE-2016-8576 CVE-2016-8667 CVE-2016-8669 CVE-2016-9602\n CVE-2016-9603 CVE-2016-9776 CVE-2016-9907 CVE-2016-9911\n CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 CVE-2016-9921\n CVE-2016-9922 CVE-2016-10155 CVE-2017-2615 CVE-2017-2620\n CVE-2017-5525 CVE-2017-5526 CVE-2017-5579 CVE-2017-5667\n CVE-2017-5715 CVE-2017-5856 CVE-2017-5973 CVE-2017-5987\n CVE-2017-6505 CVE-2017-7377 CVE-2017-7493 CVE-2017-7718\n CVE-2017-7980 CVE-2017-8086 CVE-2017-8112 CVE-2017-8309\n CVE-2017-8379 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374\n CVE-2017-9503 CVE-2017-10806 CVE-2017-10911\n CVE-2017-11434 CVE-2017-14167 CVE-2017-15038\n CVE-2017-15289 CVE-2017-16845 CVE-2017-18030\n CVE-2017-18043 CVE-2018-5683 CVE-2018-7550\nDebian Bug : 813193 834904 835031 840945 840950 847496 847951 847953\n 847960 851910 852232 853002 853006 853996 854731 855159\n 855611 855791 856399 856969 857744 859854 860785 861348\n 861351 862280 862289 863943 864216 864568 865754 867751\n 869171 869706 874606 877890 880832 882136 886532 887392\n 892041\n\nSeveral vulnerabilities were found in qemu, a fast processor emulator:\n\nCVE-2015-8666\n\n Heap-based buffer overflow in QEMU when built with the\n Q35-chipset-based PC system emulator\n\nCVE-2016-2198\n\n Null pointer dereference in ehci_caps_write in the USB EHCI support\n that may result in denial of service\n\nCVE-2016-6833\n\n Use after free while writing in the vmxnet3 device that could be used\n to cause a denial of service\n\nCVE-2016-6835\n\n Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device\n that could result in denial of service\n\nCVE-2016-8576\n\n Infinite loop vulnerability in xhci_ring_fetch in the USB xHCI support\n\nCVE-2016-8667 / CVE-2016-8669\n\n Divide by zero errors in set_next_tick in the JAZZ RC4030 chipset\n emulator, and in serial_update_parameters of some serial devices, that\n could result in denial of service\n\nCVE-2016-9602\n\n Improper link following with VirtFS\n\nCVE-2016-9603\n\n Heap buffer overflow via vnc connection in the Cirrus CLGD 54xx VGA\n emulator support\n\nCVE-2016-9776\n\n Infinite loop while receiving data in the ColdFire Fast Ethernet\n Controller emulator\n\nCVE-2016-9907\n\n Memory leakage in the USB redirector usb-guest support \n\nCVE-2016-9911\n\n Memory leakage in ehci_init_transfer in the USB EHCI support\n\nCVE-2016-9914 / CVE-2016-9915 / CVE-2016-9916\n\n Plan 9 File System (9pfs): add missing cleanup operation in\n FileOperations, in the handle backend and in the proxy backend driver\n\nCVE-2016-9921 / CVE-2016-9922\n\n Divide by zero in cirrus_do_copy in the Cirrus CLGD 54xx VGA Emulator\n support \n\nCVE-2016-10155\n\n Memory leak in hw/watchdog/wdt_i6300esb.c allowing local guest OS\n privileged users to cause a denial of service via a large number of\n device unplug operations.\n\nCVE-2017-2615 / CVE-2017-2620 / CVE-2017-18030 / CVE-2018-5683 / CVE-2017-7718\n\n Out-of-bounds access issues in the Cirrus CLGD 54xx VGA emulator\n support, that could result in denial of service\n\nCVE-2017-5525 / CVE-2017-5526\n\n Memory leakage issues in the ac97 and es1370 device emulation\n\nCVE-2017-5579\n\n Most memory leakage in the 16550A UART emulation\n\nCVE-2017-5667\n\n Out-of-bounds access during multi block SDMA transfer in the SDHCI\n emulation support.\n\nCVE-2017-5715\n\n Mitigations against the Spectre v2 vulnerability. For more information\n please refer to https://www.qemu.org/2018/01/04/spectre/\n\nCVE-2017-5856\n\n Memory leak in the MegaRAID SAS 8708EM2 Host Bus Adapter emulation\n support\n\nCVE-2017-5973 / CVE-2017-5987 / CVE-2017-6505\n\n Infinite loop issues in the USB xHCI, in the transfer mode register\n of the SDHCI protocol, and the USB ohci_service_ed_list\n\nCVE-2017-7377\n\n 9pfs: host memory leakage via v9fs_create\n\nCVE-2017-7493\n\n Improper access control issues in the host directory sharing via\n 9pfs support.\n\nCVE-2017-7980\n\n Heap-based buffer overflow in the Cirrus VGA device that could allow\n local guest OS users to execute arbitrary code or cause a denial of\n service\n\nCVE-2017-8086\n\n 9pfs: host memory leakage via v9pfs_list_xattr\n\nCVE-2017-8112\n\n Infinite loop in the VMWare PVSCSI emulation\n\nCVE-2017-8309 / CVE-2017-8379\n\n Host memory leakage issues via the audio capture buffer and the\n keyboard input event handlers \n\nCVE-2017-9330\n\n Infinite loop due to incorrect return value in USB OHCI that may\n result in denial of service\n\nCVE-2017-9373 / CVE-2017-9374\n\n Host memory leakage during hot unplug in IDE AHCI and USB emulated\n devices that could result in denial of service\n\nCVE-2017-9503\n\n Null pointer dereference while processing megasas command\n\nCVE-2017-10806\n\n Stack buffer overflow in USB redirector\n\nCVE-2017-10911\n\n Xen disk may leak stack data via response ring\n\nCVE-2017-11434\n\n Out-of-bounds read while parsing Slirp/DHCP options\n\nCVE-2017-14167\n\n Out-of-bounds access while processing multiboot headers that could\n result in the execution of arbitrary code\n\nCVE-2017-15038\n\n 9pfs: information disclosure when reading extended attributes\n\nCVE-2017-15289\n\n Out-of-bounds write access issue in the Cirrus graphic adaptor that\n could result in denial of service\n\nCVE-2017-16845\n\n Information leak in the PS/2 mouse and keyboard emulation support that\n could be exploited during instance migration \n\nCVE-2017-18043\n\n Integer overflow in the macro ROUND_UP (n, d) that could result in\n denial of service\n\nCVE-2018-7550\n\n Incorrect handling of memory during multiboot that could may result in\n execution of arbitrary code\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:2.1+dfsg-12+deb8u7.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.8}, "published": "2018-09-06T18:49:12", "type": "debian", "title": "[SECURITY] [DLA 1497-1] qemu security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8666", "CVE-2016-10155", "CVE-2016-2198", "CVE-2016-6833", "CVE-2016-6835", "CVE-2016-8576", "CVE-2016-8667", "CVE-2016-8669", "CVE-2016-9602", "CVE-2016-9603", "CVE-2016-9776", "CVE-2016-9907", "CVE-2016-9911", "CVE-2016-9914", "CVE-2016-9915", "CVE-2016-9916", "CVE-2016-9921", "CVE-2016-9922", "CVE-2017-10806", "CVE-2017-10911", "CVE-2017-11434", "CVE-2017-14167", "CVE-2017-15038", "CVE-2017-15289", "CVE-2017-16845", "CVE-2017-18030", "CVE-2017-18043", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5525", "CVE-2017-5526", "CVE-2017-5579", "CVE-2017-5667", "CVE-2017-5715", "CVE-2017-5856", "CVE-2017-5973", "CVE-2017-5987", "CVE-2017-6505", "CVE-2017-7377", "CVE-2017-7493", "CVE-2017-7718", "CVE-2017-7980", "CVE-2017-8086", "CVE-2017-8112", "CVE-2017-8309", "CVE-2017-8379", "CVE-2017-9330", "CVE-2017-9373", "CVE-2017-9374", "CVE-2017-9503", "CVE-2018-5683", "CVE-2018-7550"], "modified": "2018-09-06T18:49:12", "id": "DEBIAN:DLA-1497-1:58644", "href": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "citrix": [{"lastseen": "2020-11-20T15:42:18", "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of security issues have been identified within Citrix XenServer. These issues could, if exploited, allow a malicious administrator of a guest VM to compromise the host. The issues have the identifiers:</p>\n<ul>\n<li>CVE-2017-10920, CVE-2017-10921 and CVE-2017-10922 (High): Grant table operations mishandle reference counts.</li>\n<li>CVE-2017-10918 (High): Stale P2M mappings due to insufficient error checking.</li>\n<li>CVE-2017-10912 (Medium): Page transfer may allow PV guest to elevate privilege.</li>\n<li>CVE-2017-10913 and CVE-2017-10914 (Medium): Races in the grant table unmap code.</li>\n<li>CVE-2017-10915 (Medium): x86: insufficient reference counts during shadow emulation.</li>\n<li>CVE-2017-10917 (Medium): NULL pointer deref in event channel poll.</li>\n<li>CVE-2017-10911 (Low): blkif responses leak backend stack data.</li>\n</ul>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix recommends that affected customers install these hotfixes, which can be downloaded from the following locations:</p>\n<p>Citrix XenServer 7.2: CTX224692 \u2013 <a href=\"https://support.citrix.com/article/CTX224692\">https://support.citrix.com/article/CTX224692</a> and CTX224698 \u2013 <a href=\"https://support.citrix.com/article/CTX224698\">https://support.citrix.com/article/CTX224698</a></p>\n<p>Citrix XenServer 7.1: CTX224691 \u2013 <a href=\"https://support.citrix.com/article/CTX224691\">https://support.citrix.com/article/CTX224691</a> and CTX224697 \u2013 <a href=\"https://support.citrix.com/article/CTX224697\">https://support.citrix.com/article/CTX224697</a></p>\n<p>Citrix XenServer 7.0: CTX224690 \u2013 <a href=\"https://support.citrix.com/article/CTX224690\">https://support.citrix.com/article/CTX224690</a> and CTX224696 \u2013 <a href=\"https://support.citrix.com/article/CTX224696\">https://support.citrix.com/article/CTX224696</a></p>\n<p>Citrix XenServer 6.5 SP1: CTX224689 \u2013 <a href=\"https://support.citrix.com/article/CTX224689\">https://support.citrix.com/article/CTX224689</a> and CTX224695 \u2013 <a href=\"https://support.citrix.com/article/CTX224695\">https://support.citrix.com/article/CTX224695</a></p>\n<p>Customers who have deployed Citrix XenServer 6.2 SP1 on older hardware that does not have Hardware Assisted Paging support (Intel: EPT, AMD: RVI) should upgrade to Citrix XenServer 6.5 SP1 or later to ensure that they are protected against these issues.</p>\n<p>Citrix XenServer 6.2 SP1: CTX224688 \u2013 <a href=\"https://support.citrix.com/article/CTX224688\">https://support.citrix.com/article/CTX224688</a> and CTX224694 \u2013 <a href=\"https://support.citrix.com/article/CTX224694\">https://support.citrix.com/article/CTX224694</a></p>\n<p>Citrix XenServer 6.0.2 Common Criteria: CTX224687 \u2013 <a href=\"https://support.citrix.com/article/CTX224687\">https://support.citrix.com/article/CTX224687</a> and CTX224693 \u2013 <a href=\"https://support.citrix.com/article/CTX224693\">https://support.citrix.com/article/CTX224693</a></p>\n<p>Customers who are using the Live Patching feature of Citrix XenServer 7.2 may apply the relevant hotfixes without requiring a reboot. Customers who are using the Live Patching feature of Citrix XenServer 7.1 who have previously deployed all earlier hotfixes may apply the relevant hotfixes without requiring a reboot.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>21st June, 2017</td>\n<td>Initial publishing</td>\n</tr>\n<tr>\n<td>7th July, 2017</td>\n<td>Added CVE identifiers</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-06-27T04:00:00", "type": "citrix", "title": "Citrix XenServer Multiple Security Updates", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922"], "modified": "2017-07-10T04:00:00", "id": "CTX224740", "href": "https://support.citrix.com/article/CTX224740", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:02", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. ([CVE-2017-10911](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10911>))\n\nBo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). ([CVE-2017-12153](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12153>))\n\nIt was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash).\n\nIt was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-12192](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12192>))\n\nIt was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). ([CVE-2017-14051](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14051>))\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2017-14156](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14156>))\n\nDave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-14340](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14340>))\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-14489](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14489>))\n\nIt was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2017-14991](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14991>))\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task\u2019s extended state (xstate) area. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-15537](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15537>))\n\nPengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). ([CVE-2017-9984](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9984>), [CVE-2017-9985](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9985>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3421.x versions prior to 3421.32\n * 3445.x versions prior to 3445.17\n * 3468.x versions prior to 3468.11\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3421.x versions prior to 3421.32\n * Upgrade 3445.x versions prior to 3445.17\n * Upgrade 3468.x versions prior to 3468.11\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3469-2](<http://www.ubuntu.com/usn/usn-3469-2/>)\n * [CVE-2017-10911](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10911>)\n * [CVE-2017-12153](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12153>)\n * [CVE-2017-12192](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12192>)\n * [CVE-2017-14051](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14051>)\n * [CVE-2017-14156](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14156>)\n * [CVE-2017-14340](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14340>)\n * [CVE-2017-14489](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14489>)\n * [CVE-2017-14991](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14991>)\n * [CVE-2017-15537](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15537>)\n * [CVE-2017-9984](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9984>)\n * [CVE-2017-9985](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9985>)\n * [CVE-2017-12154](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12154>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-27T00:00:00", "type": "cloudfoundry", "title": "USN-3469-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14051", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-9984", "CVE-2017-15537", "CVE-2017-12192", "CVE-2017-9985", "CVE-2017-10911", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12153", "CVE-2017-12154"], "modified": "2017-11-27T00:00:00", "id": "CFOUNDRY:14981E32944F89BB69AF2D0158A379F0", "href": "https://www.cloudfoundry.org/blog/usn-3469-2/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-07-07T23:15:23", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.1-4.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10916", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10919", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10923"], "modified": "2017-07-07T23:15:23", "id": "FEDORA:CB27F60C8AF5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TOPZYWRZJR2G6ZJ7PQAKOJ57OBIRQTTR/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-07-12T03:27:01", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: xen-4.7.2-7.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10911", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10916", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10919", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-10923"], "modified": "2017-07-12T03:27:01", "id": "FEDORA:7BEB56056026", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S2YX6P3ST264BWLGBSE2UODOT2T4KEXK/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2017-10911
