{"fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2212", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1642", "CVE-2014-1666", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894", "CVE-2014-1895", "CVE-2014-1896", "CVE-2014-1950"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2014-03-02T03:45:00", "published": "2014-03-02T03:45:00", "id": "FEDORA:5FB0B22E66", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.2-1.fc20", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2212", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1642", "CVE-2014-1666", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894", "CVE-2014-1895", "CVE-2014-1896", "CVE-2014-1950", "CVE-2014-2599", "CVE-2014-3124"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2014-05-12T05:19:03", "published": "2014-05-12T05:19:03", "id": "FEDORA:02F3921D5A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.2-3.fc20", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1642", "CVE-2014-1666", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1895", "CVE-2014-1896"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2014-02-16T23:21:24", "published": "2014-02-16T23:21:24", "id": "FEDORA:CDABB21E75", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.1-9.fc20", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2212", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1642", "CVE-2014-1666", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894", "CVE-2014-1895", "CVE-2014-1896", "CVE-2014-1950", "CVE-2014-2599", "CVE-2014-3124", "CVE-2014-3967", "CVE-2014-3968"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2014-06-26T01:51:31", "published": "2014-06-26T01:51:31", "id": "FEDORA:E592F20CAC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.2-5.fc20", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2212", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1642", "CVE-2014-1666", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894", "CVE-2014-1895", "CVE-2014-1896", "CVE-2014-1950", "CVE-2014-2599", "CVE-2014-3124", "CVE-2014-3967", "CVE-2014-3968", "CVE-2014-4021"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2014-07-04T12:30:35", "published": "2014-07-04T12:30:35", "id": "FEDORA:C08BD21DF1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.2-6.fc20", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1642", "CVE-2014-1666"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2014-02-03T02:43:51", "published": "2014-02-03T02:43:51", "id": "FEDORA:475FE2102F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.1-8.fc20", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2212", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1642", "CVE-2014-1666", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894", "CVE-2014-1895", "CVE-2014-1896", "CVE-2014-1950", "CVE-2014-2599", "CVE-2014-3124", "CVE-2014-3967", "CVE-2014-3968", "CVE-2014-4021", "CVE-2014-5146", "CVE-2014-5149"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2014-08-24T02:54:54", "published": "2014-08-24T02:54:54", "id": "FEDORA:8F0BC22D1D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.2-7.fc20", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2212", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-1642", "CVE-2014-1666", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894", "CVE-2014-1895", "CVE-2014-1896", "CVE-2014-1950", "CVE-2014-2599", "CVE-2014-3124", "CVE-2014-3967", "CVE-2014-3968", "CVE-2014-4021", "CVE-2014-5146", "CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2014-10-11T06:54:26", "published": "2014-10-11T06:54:26", "id": "FEDORA:A04AF60D68C0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.3-3.fc20", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2013-12-21T02:27:56", "published": "2013-12-21T02:27:56", "id": "FEDORA:5DCE922578", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.1-6.fc20", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2212", "CVE-2013-4553", "CVE-2013-4554", "CVE-2013-6375", "CVE-2013-6400", "CVE-2013-6885", "CVE-2014-0150", "CVE-2014-1642", "CVE-2014-1666", "CVE-2014-1891", "CVE-2014-1892", "CVE-2014-1893", "CVE-2014-1894", "CVE-2014-1895", "CVE-2014-1896", "CVE-2014-1950", "CVE-2014-2599", "CVE-2014-3124", "CVE-2014-3967", "CVE-2014-3968", "CVE-2014-4021", "CVE-2014-5146", "CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188", "CVE-2014-8594", "CVE-2014-8595", "CVE-2014-9030"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2014-12-01T19:01:23", "published": "2014-12-01T19:01:23", "id": "FEDORA:3867160CA762", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xen-4.3.3-5.fc20", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-03-04T00:00:00", "id": "OPENVAS:1361412562310867554", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867554", "type": "openvas", "title": "Fedora Update for xen FEDORA-2014-2802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2014-2802\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867554\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-04 10:45:11 +0530 (Tue, 04 Mar 2014)\");\n script_cve_id(\"CVE-2014-1950\", \"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\",\n \"CVE-2014-1894\", \"CVE-2014-1895\", \"CVE-2014-1896\", \"CVE-2014-1666\",\n \"CVE-2014-1642\", \"CVE-2013-6400\", \"CVE-2013-6885\", \"CVE-2013-4553\",\n \"CVE-2013-4554\", \"CVE-2013-6375\", \"CVE-2013-2212\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2014-2802\");\n script_tag(name:\"affected\", value:\"xen on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2802\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129310.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.2~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:48:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "Check for the Version of xen", "modified": "2017-07-10T00:00:00", "published": "2014-03-04T00:00:00", "id": "OPENVAS:867554", "href": "http://plugins.openvas.org/nasl.php?oid=867554", "type": "openvas", "title": "Fedora Update for xen FEDORA-2014-2802", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2014-2802\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867554);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-04 10:45:11 +0530 (Tue, 04 Mar 2014)\");\n script_cve_id(\"CVE-2014-1950\", \"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\",\n \"CVE-2014-1894\", \"CVE-2014-1895\", \"CVE-2014-1896\", \"CVE-2014-1666\",\n \"CVE-2014-1642\", \"CVE-2013-6400\", \"CVE-2013-6885\", \"CVE-2013-4553\",\n \"CVE-2013-4554\", \"CVE-2013-6375\", \"CVE-2013-2212\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2014-2802\");\n\n tag_insight = \"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\n\";\n\n tag_affected = \"xen on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2802\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129310.html\");\n script_summary(\"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.2~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:49:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-2599", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "Check for the Version of xen", "modified": "2017-07-10T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:867662", "href": "http://plugins.openvas.org/nasl.php?oid=867662", "type": "openvas", "title": "Fedora Update for xen FEDORA-2014-4458", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2014-4458\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867662);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 09:50:51 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-2599\", \"CVE-2013-2212\", \"CVE-2014-1950\", \"CVE-2014-1891\",\n \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\",\n \"CVE-2014-1896\", \"CVE-2014-1666\", \"CVE-2014-1642\", \"CVE-2013-6400\",\n \"CVE-2013-6885\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2014-4458\");\n\n tag_insight = \"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\n\";\n\n tag_affected = \"xen on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4458\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131177.html\");\n script_summary(\"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.2~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-2599", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310867662", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867662", "type": "openvas", "title": "Fedora Update for xen FEDORA-2014-4458", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2014-4458\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867662\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 09:50:51 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2014-2599\", \"CVE-2013-2212\", \"CVE-2014-1950\", \"CVE-2014-1891\",\n \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\",\n \"CVE-2014-1896\", \"CVE-2014-1666\", \"CVE-2014-1642\", \"CVE-2013-6400\",\n \"CVE-2013-6885\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2014-4458\");\n script_tag(name:\"affected\", value:\"xen on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4458\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131177.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.2~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2014-3124", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-2599", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-05-19T00:00:00", "id": "OPENVAS:1361412562310867808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867808", "type": "openvas", "title": "Fedora Update for xen FEDORA-2014-5915", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2014-5915\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867808\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-19 11:16:43 +0530 (Mon, 19 May 2014)\");\n script_cve_id(\"CVE-2014-3124\", \"CVE-2014-2599\", \"CVE-2013-2212\", \"CVE-2014-1950\",\n \"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\",\n \"CVE-2014-1895\", \"CVE-2014-1896\", \"CVE-2014-1666\", \"CVE-2014-1642\",\n \"CVE-2013-6400\", \"CVE-2013-6885\", \"CVE-2013-4553\",\n \"CVE-2013-4554\", \"CVE-2013-6375\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2014-5915\");\n script_tag(name:\"affected\", value:\"xen on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5915\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.2~3.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-17T00:00:00", "id": "OPENVAS:1361412562310867511", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867511", "type": "openvas", "title": "Fedora Update for xen FEDORA-2014-2170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2014-2170\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867511\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-17 11:38:04 +0530 (Mon, 17 Feb 2014)\");\n script_cve_id(\"CVE-2014-1666\", \"CVE-2014-1642\", \"CVE-2013-6400\", \"CVE-2013-6885\",\n \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\", \"CVE-2014-1891\",\n \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\",\n \"CVE-2014-1896\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2014-2170\");\n script_tag(name:\"affected\", value:\"xen on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2170\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128476.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.1~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:49:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666"], "description": "Check for the Version of xen", "modified": "2017-07-10T00:00:00", "published": "2014-02-17T00:00:00", "id": "OPENVAS:867511", "href": "http://plugins.openvas.org/nasl.php?oid=867511", "type": "openvas", "title": "Fedora Update for xen FEDORA-2014-2170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2014-2170\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867511);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-17 11:38:04 +0530 (Mon, 17 Feb 2014)\");\n script_cve_id(\"CVE-2014-1666\", \"CVE-2014-1642\", \"CVE-2013-6400\", \"CVE-2013-6885\",\n \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\", \"CVE-2014-1891\",\n \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\",\n \"CVE-2014-1896\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2014-2170\");\n\n tag_insight = \"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\n\";\n\n tag_affected = \"xen on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2170\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128476.html\");\n script_summary(\"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.1~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:37:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850773", "type": "openvas", "title": "SUSE: Security Advisory for Xen (SUSE-SU-2014:0373-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850773\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2013-2212\", \"CVE-2013-6400\", \"CVE-2013-6885\", \"CVE-2014-1642\",\n \"CVE-2014-1666\", \"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\",\n \"CVE-2014-1894\", \"CVE-2014-1895\", \"CVE-2014-1896\", \"CVE-2014-1950\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for Xen (SUSE-SU-2014:0373-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise Server 11 Service Pack 3 Xen\n hypervisor and toolset has been updated to 4.2.4 to fix\n various bugs and security issues:\n\n The following security issues have been addressed:\n\n *\n\n XSA-60: CVE-2013-2212: The vmx_set_uc_mode function\n in Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O regions\n to cause a denial of service (CPU consumption and possibly\n hypervisor or guest kernel panic) via a crafted GFN range.\n (bnc#831120)\n\n *\n\n XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when\n using Intel VT-d and a PCI device has been assigned, does\n not clear the flag that suppresses IOMMU TLB flushes when\n unspecified errors occur, which causes the TLB entries to\n not be flushed and allows local guest administrators to\n cause a denial of service (host crash) or gain privileges\n via unspecified vectors. (bnc#853048)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n *\n\n XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and\n 4.3.x, when using device passthrough and configured to\n support a large number of CPUs, frees certain memory that\n may still be intended for use, which allows local guest\n administrators to cause a denial of service (memory\n corruption and hypervisor crash) and possibly execute\n arbitrary code via vectors related to an out-of-memory\n error that triggers a (1) use-after-free or (2) double\n free. (bnc#860092)\n\n *\n\n XSA-84: CVE-2014-1891: The FLASK_{GET, SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a buffer\n which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to allocate\n then access a zero byte buffer. (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET, SET}BOOL and expose\n unreasonably large memory allocation to aribitrary guests.\n (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1894: Xen 3.2 (and presumably\n earlier) exhibit both problems with the overflow issue\n being present for more than just the suboperations listed\n above. (bnc#860163)\n\n *\n\n XSA-85: CVE-2014-1895: The FLASK_AVC_CACHE ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Xen on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0373-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.2.4_02_3.0.101_0.15~0.7.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.2.4_02~0.7.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.2.4_02~0.7.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.2.4_02~0.7.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.2.4_02~0.7.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~4.2.4_02~0.7.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.2.4_02~0.7.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.2.4_02~0.7.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.2.4_02_3.0.101_0.15~0.7.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-4553", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850976", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850976", "type": "openvas", "title": "SUSE: Security Advisory for Xen (SUSE-SU-2014:0372-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850976\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 15:25:33 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2013-2212\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6885\", \"CVE-2014-1666\", \"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1950\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for Xen (SUSE-SU-2014:0372-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen\n hypervisor and toolset has been updated to fix various\n security issues and several bugs.\n\n The following security issues have been addressed:\n\n *\n\n XSA-88: CVE-2014-1950: Use-after-free vulnerability\n in the xc_cpupool_getinfo function in Xen 4.1.x through\n 4.3.x, when using a multithreaded toolstack, does not\n properly handle a failure by the xc_cpumap_alloc function,\n which allows local users with access to management\n functions to cause a denial of service (heap corruption)\n and possibly gain privileges via unspecified vectors.\n (bnc#861256)\n\n *\n\n XSA-87: CVE-2014-1666: The do_physdev_op function in\n Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not\n properly restrict access to the (1) PHYSDEVOP_prepare_msix\n and (2) PHYSDEVOP_release_msix operations, which allows\n local PV guests to cause a denial of service (host or guest\n malfunction) or possibly gain privileges via unspecified\n vectors. (bnc#860302)\n\n *\n\n XSA-84: CVE-2014-1894: Xen 3.2 (and presumably\n earlier) exhibit both problems with the overflow issue\n being present for more than just the suboperations listed\n above. (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET, SET}BOOL and expose\n unreasonably large memory allocation to aribitrary guests.\n (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1891: The FLASK_{GET, SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a buffer\n which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to allocate\n then access a zero byte buffer. (bnc#860163)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n *\n\n XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n\n *\n\n XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist\n hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does\n not always ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Xen on SUSE Linux Enterprise Server 11 SP2 LTSS\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0372-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP2\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.1.6_06~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.1.6_06_3.0.101_0.7.17~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-trace\", rpm:\"xen-kmp-trace~4.1.6_06_3.0.101_0.7.17~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.1.6_06~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.1.6_06~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.6_06~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.1.6_06~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-pdf\", rpm:\"xen-doc-pdf~4.1.6_06~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.1.6_06~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.1.6_06~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.1.6_06_3.0.101_0.7.17~0.5.1\", rls:\"SLES11.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-3967", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-3968", "CVE-2014-1892", "CVE-2014-3124", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-2599", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-07-01T00:00:00", "id": "OPENVAS:1361412562310867940", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867940", "type": "openvas", "title": "Fedora Update for xen FEDORA-2014-7423", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2014-7423\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867940\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 19:07:02 +0530 (Tue, 01 Jul 2014)\");\n script_cve_id(\"CVE-2014-3967\", \"CVE-2014-3968\", \"CVE-2014-3124\", \"CVE-2014-2599\",\n \"CVE-2013-2212\", \"CVE-2014-1950\", \"CVE-2014-1891\", \"CVE-2014-1892\",\n \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\", \"CVE-2014-1896\",\n \"CVE-2014-1666\", \"CVE-2014-1642\", \"CVE-2013-6400\", \"CVE-2013-6885\",\n \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2014-7423\");\n script_tag(name:\"affected\", value:\"xen on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7423\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.2~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:35:13", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "The SUSE Linux Enterprise Server 11 Service Pack 3 Xen\n hypervisor and toolset has been updated to 4.2.4 to fix\n various bugs and security issues:\n\n The following security issues have been addressed:\n\n *\n\n XSA-60: CVE-2013-2212: The vmx_set_uc_mode function\n in Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O regions\n to cause a denial of service (CPU consumption and possibly\n hypervisor or guest kernel panic) via a crafted GFN range.\n (bnc#831120)\n\n *\n\n XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when\n using Intel VT-d and a PCI device has been assigned, does\n not clear the flag that suppresses IOMMU TLB flushes when\n unspecified errors occur, which causes the TLB entries to\n not be flushed and allows local guest administrators to\n cause a denial of service (host crash) or gain privileges\n via unspecified vectors. (bnc#853048)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n *\n\n XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and\n 4.3.x, when using device passthrough and configured to\n support a large number of CPUs, frees certain memory that\n may still be intended for use, which allows local guest\n administrators to cause a denial of service (memory\n corruption and hypervisor crash) and possibly execute\n arbitrary code via vectors related to an out-of-memory\n error that triggers a (1) use-after-free or (2) double\n free. (bnc#860092)\n\n *\n\n XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a buffer\n which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to allocate\n then access a zero byte buffer. (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET,SET}BOOL and expose\n unreasonably large memory allocation to aribitrary guests.\n (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1894: Xen 3.2 (and presumably\n earlier) exhibit both problems with the overflow issue\n being present for more than just the suboperations listed\n above. (bnc#860163)\n\n *\n\n XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT\n hypercall, which provides access to per-cpu statistics on\n the Flask security policy, incorrectly validates the CPU\n for which statistics are being requested. (bnc#860165)\n\n *\n\n XSA-86: CVE-2014-1896: libvchan (a library for\n inter-domain communication) does not correctly handle\n unusual or malicious contents in the xenstore ring. A\n malicious guest can exploit this to cause a libvchan-using\n facility to read or write past the end of the ring.\n (bnc#860300)\n\n *\n\n XSA-87: CVE-2014-1666: The do_physdev_op function in\n Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not\n properly restrict access to the (1) PHYSDEVOP_prepare_msix\n and (2) PHYSDEVOP_release_msix operations, which allows\n local PV guests to cause a denial of service (host or guest\n malfunction) or possibly gain privileges via unspecified\n vectors. (bnc#860302)\n\n *\n\n XSA-88: CVE-2014-1950: Use-after-free vulnerability\n in the xc_cpupool_getinfo function in Xen 4.1.x through\n 4.3.x, when using a multithreaded toolstack, does not\n properly handle a failure by the xc_cpumap_alloc function,\n which allows local users with access to management\n functions to cause a denial of service (heap corruption)\n and possibly gain privileges via unspecified vectors.\n (bnc#861256)\n\n Also the following non-security bugs have been fixed:\n\n * Fixed boot problems with Xen kernel. "(XEN) setup\n 0000:00:18.0 for d0 failed (-19)" (bnc#858311)\n * Fixed Xen hypervisor panic on 8-blades nPar with\n 46-bit memory addressing. (bnc#848014)\n * Fixed Xen hypervisor panic in HP's UEFI x86_64\n platform and with xen environment, in booting stage.\n (bnc#833251)\n * xend/pvscsi: recognize also SCSI CDROM devices\n (bnc#863297)\n * pygrub: Support (/dev/xvda) style disk specifications\n", "edition": 1, "modified": "2014-03-14T00:06:40", "published": "2014-03-14T00:06:40", "id": "SUSE-SU-2014:0373-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:49:45", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1891", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-4553", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "description": "The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen\n hypervisor and toolset has been updated to fix various\n security issues and several bugs.\n\n The following security issues have been addressed:\n\n *\n\n XSA-88: CVE-2014-1950: Use-after-free vulnerability\n in the xc_cpupool_getinfo function in Xen 4.1.x through\n 4.3.x, when using a multithreaded toolstack, does not\n properly handle a failure by the xc_cpumap_alloc function,\n which allows local users with access to management\n functions to cause a denial of service (heap corruption)\n and possibly gain privileges via unspecified vectors.\n (bnc#861256)\n\n *\n\n XSA-87: CVE-2014-1666: The do_physdev_op function in\n Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not\n properly restrict access to the (1) PHYSDEVOP_prepare_msix\n and (2) PHYSDEVOP_release_msix operations, which allows\n local PV guests to cause a denial of service (host or guest\n malfunction) or possibly gain privileges via unspecified\n vectors. (bnc#860302)\n\n *\n\n XSA-84: CVE-2014-1894: Xen 3.2 (and presumably\n earlier) exhibit both problems with the overflow issue\n being present for more than just the suboperations listed\n above. (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET,SET}BOOL and expose\n unreasonably large memory allocation to aribitrary guests.\n (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a buffer\n which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to allocate\n then access a zero byte buffer. (bnc#860163)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n *\n\n XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n\n *\n\n XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist\n hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does\n not always obtain the page_alloc_lock and mm_rwlock in the\n same order, which allows local guest administrators to\n cause a denial of service (host deadlock). (bnc#849667)\n\n *\n\n XSA-60: CVE-2013-2212: The vmx_set_uc_mode function\n in Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O regions\n to cause a denial of service (CPU consumption and possibly\n hypervisor or guest kernel panic) via a crafted GFN range.\n (bnc#831120)\n\n Also the following non-security bugs have been fixed:\n\n * Boot Failure with xen kernel in UEFI mode with error\n "No memory for trampoline" (bnc#833483)\n * Fixed Xen hypervisor panic on 8-blades nPar with\n 46-bit memory addressing. (bnc#848014)\n * In HP's UEFI x86_64 platform and sles11sp3 with xen\n environment, dom0 will soft lockup on multiple blades nPar.\n (bnc#842417)\n * Soft lockup with PCI passthrough and many VCPUs\n (bnc#846849)\n", "edition": 1, "modified": "2014-03-14T00:04:13", "published": "2014-03-14T00:04:13", "id": "SUSE-SU-2014:0372-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T14:42:01", "description": "The SUSE Linux Enterprise Server 11 Service Pack 3 Xen hypervisor and\ntoolset has been updated to 4.2.4 to fix various bugs and security\nissues :\n\nThe following security issues have been addressed :\n\n - XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in\n Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O\n regions to cause a denial of service (CPU consumption\n and possibly hypervisor or guest kernel panic) via a\n crafted GFN range. (bnc#831120)\n\n - XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when using\n Intel VT-d and a PCI device has been assigned, does not\n clear the flag that suppresses IOMMU TLB flushes when\n unspecified errors occur, which causes the TLB entries\n to not be flushed and allows local guest administrators\n to cause a denial of service (host crash) or gain\n privileges via unspecified vectors. (bnc#853048)\n\n - XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and\n write-combined memory types, which allows local users to\n cause a denial of service (system hang) via a crafted\n application, aka the errata 793 issue. (bnc#853049)\n\n - XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and\n 4.3.x, when using device passthrough and configured to\n support a large number of CPUs, frees certain memory\n that may still be intended for use, which allows local\n guest administrators to cause a denial of service\n (memory corruption and hypervisor crash) and possibly\n execute arbitrary code via vectors related to an\n out-of-memory error that triggers a (1) use-after-free\n or (2) double free. (bnc#860092)\n\n - XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a\n buffer which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to\n allocate then access a zero byte buffer. (bnc#860163)\n\n - XSA-84: CVE-2014-1892 / CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET,SET}BOOL and\n expose unreasonably large memory allocation to\n aribitrary guests. (bnc#860163)\n\n - XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier)\n exhibit both problems with the overflow issue being\n present for more than just the suboperations listed\n above. (bnc#860163)\n\n - XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT\n hypercall, which provides access to per-cpu statistics\n on the Flask security policy, incorrectly validates the\n CPU for which statistics are being requested.\n (bnc#860165)\n\n - XSA-86: CVE-2014-1896: libvchan (a library for\n inter-domain communication) does not correctly handle\n unusual or malicious contents in the xenstore ring. A\n malicious guest can exploit this to cause a\n libvchan-using facility to read or write past the end of\n the ring. (bnc#860300)\n\n - XSA-87: CVE-2014-1666: The do_physdev_op function in Xen\n 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not\n properly restrict access to the (1)\n PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix\n operations, which allows local PV guests to cause a\n denial of service (host or guest malfunction) or\n possibly gain privileges via unspecified vectors.\n (bnc#860302)\n\n - XSA-88: CVE-2014-1950: Use-after-free vulnerability in\n the xc_cpupool_getinfo function in Xen 4.1.x through\n 4.3.x, when using a multithreaded toolstack, does not\n properly handle a failure by the xc_cpumap_alloc\n function, which allows local users with access to\n management functions to cause a denial of service (heap\n corruption) and possibly gain privileges via unspecified\n vectors. (bnc#861256)\n\nAlso the following non-security bugs have been fixed :\n\n - Fixed boot problems with Xen kernel. '(XEN) setup\n 0000:00:18.0 for d0 failed (-19)'. (bnc#858311)\n\n - Fixed Xen hypervisor panic on 8-blades nPar with 46-bit\n memory addressing. (bnc#848014)\n\n - Fixed Xen hypervisor panic in HP's UEFI x86_64 platform\n and with xen environment, in booting stage. (bnc#833251)\n\n - xend/pvscsi: recognize also SCSI CDROM devices.\n (bnc#863297)\n\n - pygrub: Support (/dev/xvda) style disk specifications", "edition": 18, "published": "2014-03-14T00:00:00", "title": "SuSE 11.3 Security Update : Xen (SAT Patch Number 8973)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "modified": "2014-03-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:xen-tools", "p-cpe:/a:novell:suse_linux:11:xen-tools-domU", "p-cpe:/a:novell:suse_linux:11:xen-libs-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:xen", "p-cpe:/a:novell:suse_linux:11:xen-doc-pdf", "p-cpe:/a:novell:suse_linux:11:xen-doc-html", "p-cpe:/a:novell:suse_linux:11:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:11:xen-libs", "p-cpe:/a:novell:suse_linux:11:xen-kmp-default"], "id": "SUSE_11_XEN-201402-140227.NASL", "href": "https://www.tenable.com/plugins/nessus/73015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73015);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2212\", \"CVE-2013-6400\", \"CVE-2013-6885\", \"CVE-2014-1642\", \"CVE-2014-1666\", \"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\", \"CVE-2014-1896\", \"CVE-2014-1950\");\n\n script_name(english:\"SuSE 11.3 Security Update : Xen (SAT Patch Number 8973)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise Server 11 Service Pack 3 Xen hypervisor and\ntoolset has been updated to 4.2.4 to fix various bugs and security\nissues :\n\nThe following security issues have been addressed :\n\n - XSA-60: CVE-2013-2212: The vmx_set_uc_mode function in\n Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O\n regions to cause a denial of service (CPU consumption\n and possibly hypervisor or guest kernel panic) via a\n crafted GFN range. (bnc#831120)\n\n - XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when using\n Intel VT-d and a PCI device has been assigned, does not\n clear the flag that suppresses IOMMU TLB flushes when\n unspecified errors occur, which causes the TLB entries\n to not be flushed and allows local guest administrators\n to cause a denial of service (host crash) or gain\n privileges via unspecified vectors. (bnc#853048)\n\n - XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and\n write-combined memory types, which allows local users to\n cause a denial of service (system hang) via a crafted\n application, aka the errata 793 issue. (bnc#853049)\n\n - XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and\n 4.3.x, when using device passthrough and configured to\n support a large number of CPUs, frees certain memory\n that may still be intended for use, which allows local\n guest administrators to cause a denial of service\n (memory corruption and hypervisor crash) and possibly\n execute arbitrary code via vectors related to an\n out-of-memory error that triggers a (1) use-after-free\n or (2) double free. (bnc#860092)\n\n - XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a\n buffer which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to\n allocate then access a zero byte buffer. (bnc#860163)\n\n - XSA-84: CVE-2014-1892 / CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET,SET}BOOL and\n expose unreasonably large memory allocation to\n aribitrary guests. (bnc#860163)\n\n - XSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier)\n exhibit both problems with the overflow issue being\n present for more than just the suboperations listed\n above. (bnc#860163)\n\n - XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT\n hypercall, which provides access to per-cpu statistics\n on the Flask security policy, incorrectly validates the\n CPU for which statistics are being requested.\n (bnc#860165)\n\n - XSA-86: CVE-2014-1896: libvchan (a library for\n inter-domain communication) does not correctly handle\n unusual or malicious contents in the xenstore ring. A\n malicious guest can exploit this to cause a\n libvchan-using facility to read or write past the end of\n the ring. (bnc#860300)\n\n - XSA-87: CVE-2014-1666: The do_physdev_op function in Xen\n 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not\n properly restrict access to the (1)\n PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix\n operations, which allows local PV guests to cause a\n denial of service (host or guest malfunction) or\n possibly gain privileges via unspecified vectors.\n (bnc#860302)\n\n - XSA-88: CVE-2014-1950: Use-after-free vulnerability in\n the xc_cpupool_getinfo function in Xen 4.1.x through\n 4.3.x, when using a multithreaded toolstack, does not\n properly handle a failure by the xc_cpumap_alloc\n function, which allows local users with access to\n management functions to cause a denial of service (heap\n corruption) and possibly gain privileges via unspecified\n vectors. (bnc#861256)\n\nAlso the following non-security bugs have been fixed :\n\n - Fixed boot problems with Xen kernel. '(XEN) setup\n 0000:00:18.0 for d0 failed (-19)'. (bnc#858311)\n\n - Fixed Xen hypervisor panic on 8-blades nPar with 46-bit\n memory addressing. (bnc#848014)\n\n - Fixed Xen hypervisor panic in HP's UEFI x86_64 platform\n and with xen environment, in booting stage. (bnc#833251)\n\n - xend/pvscsi: recognize also SCSI CDROM devices.\n (bnc#863297)\n\n - pygrub: Support (/dev/xvda) style disk specifications\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=833251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=848014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=861256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2212.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6400.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6885.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1642.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1666.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1891.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1894.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1895.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1896.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1950.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8973.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.15-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-libs-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-tools-domU-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-doc-html-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-doc-pdf-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-libs-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-libs-32bit-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-tools-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-tools-domU-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.15-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-libs-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-tools-domU-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-doc-html-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-doc-pdf-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-libs-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-libs-32bit-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-tools-4.2.4_02-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-tools-domU-4.2.4_02-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:43:23", "description": "The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen hypervisor\nand toolset has been updated to fix various security issues and\nseveral bugs.\n\nThe following security issues have been addressed :\n\nXSA-88: CVE-2014-1950: Use-after-free vulnerability in the\nxc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a\nmultithreaded toolstack, does not properly handle a failure by the\nxc_cpumap_alloc function, which allows local users with access to\nmanagement functions to cause a denial of service (heap corruption)\nand possibly gain privileges via unspecified vectors. (bnc#861256)\n\nXSA-87: CVE-2014-1666: The do_physdev_op function in Xen\n4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not\nproperly restrict access to the (1) PHYSDEVOP_prepare_msix\nand (2) PHYSDEVOP_release_msix operations, which allows\nlocal PV guests to cause a denial of service (host or guest\nmalfunction) or possibly gain privileges via unspecified\nvectors. (bnc#860302)\n\nXSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier)\nexhibit both problems with the overflow issue being present\nfor more than just the suboperations listed above.\n(bnc#860163)\n\nXSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1,\nwhile not affected by the above overflow, have a different\noverflow issue on FLASK_{GET,SET}BOOL and expose\nunreasonably large memory allocation to arbitrary guests.\n(bnc#860163)\n\nXSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER\nand FLASK_CONTEXT_TO_SID suboperations of the flask\nhypercall are vulnerable to an integer overflow on the input\nsize. The hypercalls attempt to allocate a buffer which is 1\nlarger than this size and is therefore vulnerable to integer\noverflow and an attempt to allocate then access a zero byte\nbuffer. (bnc#860163)\n\nXSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through\n0Fh processors does not properly handle the interaction\nbetween locked instructions and write-combined memory types,\nwhich allows local users to cause a denial of service\n(system hang) via a crafted application, aka the errata 793\nissue. (bnc#853049)\n\nXSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly\n4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1)\ndoes not properly prevent access to hypercalls, which allows\nlocal guest users to gain privileges via a crafted\napplication running in ring 1 or 2. (bnc#849668)\n\nXSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall\nin Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always\nobtain the page_alloc_lock and mm_rwlock in the same order,\nwhich allows local guest administrators to cause a denial of\nservice (host deadlock). (bnc#849667)\n\nXSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen\n3.3 through 4.3, when disabling chaches, allows local HVM\nguests with access to memory mapped I/O regions to cause a\ndenial of service (CPU consumption and possibly hypervisor\nor guest kernel panic) via a crafted GFN range. (bnc#831120)\n\nAlso the following non-security bugs have been fixed :\n\n - Boot Failure with xen kernel in UEFI mode with error 'No\n memory for trampoline' (bnc#833483)\n\n - Fixed Xen hypervisor panic on 8-blades nPar with 46-bit\n memory addressing. (bnc#848014)\n\n - In HP's UEFI x86_64 platform and sles11sp3 with xen\n environment, dom0 will soft lockup on multiple blades\n nPar. (bnc#842417)\n\n - Soft lockup with PCI passthrough and many VCPUs\n (bnc#846849)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "published": "2015-05-20T00:00:00", "title": "SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0372-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-4553", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "modified": "2015-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-kmp-trace", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:xen-doc-pdf", "p-cpe:/a:novell:suse_linux:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-tools"], "id": "SUSE_SU-2014-0372-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83613", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2014:0372-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83613);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2212\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6885\", \"CVE-2014-1666\", \"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1950\");\n script_bugtraq_id(61424, 63931, 63933, 63983, 65125, 65419, 65529);\n\n script_name(english:\"SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0372-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen hypervisor\nand toolset has been updated to fix various security issues and\nseveral bugs.\n\nThe following security issues have been addressed :\n\nXSA-88: CVE-2014-1950: Use-after-free vulnerability in the\nxc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a\nmultithreaded toolstack, does not properly handle a failure by the\nxc_cpumap_alloc function, which allows local users with access to\nmanagement functions to cause a denial of service (heap corruption)\nand possibly gain privileges via unspecified vectors. (bnc#861256)\n\nXSA-87: CVE-2014-1666: The do_physdev_op function in Xen\n4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not\nproperly restrict access to the (1) PHYSDEVOP_prepare_msix\nand (2) PHYSDEVOP_release_msix operations, which allows\nlocal PV guests to cause a denial of service (host or guest\nmalfunction) or possibly gain privileges via unspecified\nvectors. (bnc#860302)\n\nXSA-84: CVE-2014-1894: Xen 3.2 (and presumably earlier)\nexhibit both problems with the overflow issue being present\nfor more than just the suboperations listed above.\n(bnc#860163)\n\nXSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through 4.1,\nwhile not affected by the above overflow, have a different\noverflow issue on FLASK_{GET,SET}BOOL and expose\nunreasonably large memory allocation to arbitrary guests.\n(bnc#860163)\n\nXSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL, FLASK_USER\nand FLASK_CONTEXT_TO_SID suboperations of the flask\nhypercall are vulnerable to an integer overflow on the input\nsize. The hypercalls attempt to allocate a buffer which is 1\nlarger than this size and is therefore vulnerable to integer\noverflow and an attempt to allocate then access a zero byte\nbuffer. (bnc#860163)\n\nXSA-82: CVE-2013-6885: The microcode on AMD 16h 00h through\n0Fh processors does not properly handle the interaction\nbetween locked instructions and write-combined memory types,\nwhich allows local users to cause a denial of service\n(system hang) via a crafted application, aka the errata 793\nissue. (bnc#853049)\n\nXSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x (possibly\n4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1)\ndoes not properly prevent access to hypercalls, which allows\nlocal guest users to gain privileges via a crafted\napplication running in ring 1 or 2. (bnc#849668)\n\nXSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist hypercall\nin Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always\nobtain the page_alloc_lock and mm_rwlock in the same order,\nwhich allows local guest administrators to cause a denial of\nservice (host deadlock). (bnc#849667)\n\nXSA-60: CVE-2013-2212: The vmx_set_uc_mode function in Xen\n3.3 through 4.3, when disabling chaches, allows local HVM\nguests with access to memory mapped I/O regions to cause a\ndenial of service (CPU consumption and possibly hypervisor\nor guest kernel panic) via a crafted GFN range. (bnc#831120)\n\nAlso the following non-security bugs have been fixed :\n\n - Boot Failure with xen kernel in UEFI mode with error 'No\n memory for trampoline' (bnc#833483)\n\n - Fixed Xen hypervisor panic on 8-blades nPar with 46-bit\n memory addressing. (bnc#848014)\n\n - In HP's UEFI x86_64 platform and sles11sp3 with xen\n environment, dom0 will soft lockup on multiple blades\n nPar. (bnc#842417)\n\n - Soft lockup with PCI passthrough and many VCPUs\n (bnc#846849)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://download.suse.com/patch/finder/?keywords=39ca3113e56362a1b6ff0a74f08124b2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfc5cc4b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2212.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4553.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4554.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6885.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1666.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1891.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1893.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1894.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-1950.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/831120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/833483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/842417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/846849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/848014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/849667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/849668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/853049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/860163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/860302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/861256\"\n );\n # https://www.suse.com/support/update/announcement/2014/suse-su-20140372-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a9a98b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP2 LTSS :\n\nzypper in -t patch slessp2-xen-201402-8964\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^2$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-devel-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.1.6_06_3.0.101_0.7.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-kmp-trace-4.1.6_06_3.0.101_0.7.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-pdf-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-kmp-pae-4.1.6_06_3.0.101_0.7.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"xen-devel-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"xen-kmp-default-4.1.6_06_3.0.101_0.7.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"xen-kmp-trace-4.1.6_06_3.0.101_0.7.17-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"xen-libs-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"xen-tools-domU-4.1.6_06-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"xen-kmp-pae-4.1.6_06_3.0.101_0.7.17-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xen\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:27:29", "description": "Xen was updated to fix various bugs and security issues :\n\nUpdate to Xen version 4.2.4 c/s 26280.\n\n - bnc#861256 - CVE-2014-1950: xen: XSA-88: use-after-free\n in xc_cpupool_getinfo() under memory pressure. (fix\n included with update)\n\n - bnc#863297: xend/pvscsi: recognize also SCSI CDROM\n devices\n\n - bnc#858496 - CVE-2014-1642: Xen: XSA-83: Out-of-memory\n condition yielding memory corruption during IRQ setup\n\n - bnc#860163 - xen: XSA-84: integer overflow in several\n XSM/Flask hypercalls (CVE-2014-1891 CVE-2014-1892\n CVE-2014-1893 CVE-2014-1894)\n\n - bnc#860165 - CVE-2014-1895: xen: XSA-85: Off-by-one\n error in FLASK_AVC_CACHESTAT hypercall\n\n - bnc#860300 - CVE-2014-1896: xen: XSA-86: libvchan\n failure handling malicious ring indexes\n\n - bnc#860302 - CVE-2014-1666: xen: XSA-87:\n PHYSDEVOP_(prepare,release)_msix exposed to unprivileged\n guests\n\n - bnc#858311 - Server is not booting in kernel XEN after\n latest updates - (XEN) setup 0000:00:18.0 for d0 failed\n (-19)\n\n - bnc#858496 - CVE-2014-1642: Xen: XSA-83: Out-of-memory\n condition yielding memory corruption during IRQ setup\n\n - bnc#853049 - CVE-2013-6885: xen: XSA-82: Guest\n triggerable AMD CPU erratum may cause host hang\n\n - bnc#853048 - CVE-2013-6400: xen: XSA-80: IOMMU TLB\n flushing may be inadvertently suppressed\n\n - bnc#831120 - CVE-2013-2212: xen: XSA-60: Excessive time\n to disable caching with HVM guests with PCI passthrough\n\n - bnc#848014 - [HP HPS] Xen hypervisor panics on 8-blades\n nPar with 46-bit memory addressing\n\n - bnc#833251 - [HP BCS SLES11 Bug]: In HPs UEFI x86_64\n platform and with xen environment, in booting stage ,xen\n hypervisor will panic.\n\n - pygrub: Support (/dev/xvda) style disk specifications\n\n - bnc#849667 - CVE-2014-1895: xen: XSA-74: Lock order\n reversal between page_alloc_lock and mm_rwlock\n\n - bnc#849668 - CVE-2013-4554: xen: XSA-76: Hypercalls\n exposed to privilege rings 1 and 2 of HVM guests\n\n - bnc#842417 - In HPs UEFI x86_64 platform and sles11sp3\n with xen environment, dom0 will soft lockup on multiple\n blades nPar.\n\n - bnc#848014 - [HP HPS] Xen hypervisor panics on 8-blades\n nPar with 46-bit memory addressing\n\n - bnc#846849 - Soft lockup with PCI passthrough and many\n VCPUs\n\n - bnc#833483 - Boot Failure with xen kernel in UEFI mode\n with error 'No memory for trampoline'\n\n - bnc#849665 - CVE-2013-4551: xen: XSA-75: Host crash due\n to guest VMX instruction execution\n\n - The upstream version of checking for xend when using the\n 'xl' command is used is not working.\n\n - bnc#840997 - It is possible to start a VM twice on the\n same node.\n\n - bnc#848657 - xen: CVE-2013-4494: XSA-73: Lock order\n reversal between page allocation and grant table locks", "edition": 20, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-SU-2014:0483-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2014-1893", "CVE-2013-6885", "CVE-2013-4551", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212", "CVE-2013-4494"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-doc-pdf", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"], "id": "OPENSUSE-2014-271.NASL", "href": "https://www.tenable.com/plugins/nessus/75312", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-271.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75312);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2212\", \"CVE-2013-4494\", \"CVE-2013-4551\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6400\", \"CVE-2013-6885\", \"CVE-2014-1642\", \"CVE-2014-1666\", \"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\", \"CVE-2014-1896\", \"CVE-2014-1950\");\n script_bugtraq_id(61424, 63494, 63625, 63931, 63933, 63983, 64195, 65097, 65125, 65414, 65419, 65424, 65529);\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-SU-2014:0483-1)\");\n script_summary(english:\"Check for the openSUSE-2014-271 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Xen was updated to fix various bugs and security issues :\n\nUpdate to Xen version 4.2.4 c/s 26280.\n\n - bnc#861256 - CVE-2014-1950: xen: XSA-88: use-after-free\n in xc_cpupool_getinfo() under memory pressure. (fix\n included with update)\n\n - bnc#863297: xend/pvscsi: recognize also SCSI CDROM\n devices\n\n - bnc#858496 - CVE-2014-1642: Xen: XSA-83: Out-of-memory\n condition yielding memory corruption during IRQ setup\n\n - bnc#860163 - xen: XSA-84: integer overflow in several\n XSM/Flask hypercalls (CVE-2014-1891 CVE-2014-1892\n CVE-2014-1893 CVE-2014-1894)\n\n - bnc#860165 - CVE-2014-1895: xen: XSA-85: Off-by-one\n error in FLASK_AVC_CACHESTAT hypercall\n\n - bnc#860300 - CVE-2014-1896: xen: XSA-86: libvchan\n failure handling malicious ring indexes\n\n - bnc#860302 - CVE-2014-1666: xen: XSA-87:\n PHYSDEVOP_(prepare,release)_msix exposed to unprivileged\n guests\n\n - bnc#858311 - Server is not booting in kernel XEN after\n latest updates - (XEN) setup 0000:00:18.0 for d0 failed\n (-19)\n\n - bnc#858496 - CVE-2014-1642: Xen: XSA-83: Out-of-memory\n condition yielding memory corruption during IRQ setup\n\n - bnc#853049 - CVE-2013-6885: xen: XSA-82: Guest\n triggerable AMD CPU erratum may cause host hang\n\n - bnc#853048 - CVE-2013-6400: xen: XSA-80: IOMMU TLB\n flushing may be inadvertently suppressed\n\n - bnc#831120 - CVE-2013-2212: xen: XSA-60: Excessive time\n to disable caching with HVM guests with PCI passthrough\n\n - bnc#848014 - [HP HPS] Xen hypervisor panics on 8-blades\n nPar with 46-bit memory addressing\n\n - bnc#833251 - [HP BCS SLES11 Bug]: In HPs UEFI x86_64\n platform and with xen environment, in booting stage ,xen\n hypervisor will panic.\n\n - pygrub: Support (/dev/xvda) style disk specifications\n\n - bnc#849667 - CVE-2014-1895: xen: XSA-74: Lock order\n reversal between page_alloc_lock and mm_rwlock\n\n - bnc#849668 - CVE-2013-4554: xen: XSA-76: Hypercalls\n exposed to privilege rings 1 and 2 of HVM guests\n\n - bnc#842417 - In HPs UEFI x86_64 platform and sles11sp3\n with xen environment, dom0 will soft lockup on multiple\n blades nPar.\n\n - bnc#848014 - [HP HPS] Xen hypervisor panics on 8-blades\n nPar with 46-bit memory addressing\n\n - bnc#846849 - Soft lockup with PCI passthrough and many\n VCPUs\n\n - bnc#833483 - Boot Failure with xen kernel in UEFI mode\n with error 'No memory for trampoline'\n\n - bnc#849665 - CVE-2013-4551: xen: XSA-75: Host crash due\n to guest VMX instruction execution\n\n - The upstream version of checking for xend when using the\n 'xl' command is used is not working.\n\n - bnc#840997 - It is possible to start a VM twice on the\n same node.\n\n - bnc#848657 - xen: CVE-2013-4494: XSA-73: Lock order\n reversal between page allocation and grant table locks\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=833251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=833483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=840997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=842417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=848014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=848657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=861256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00010.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-debugsource-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-devel-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-kmp-default-4.2.4_02_k3.7.10_1.28-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-kmp-default-debuginfo-4.2.4_02_k3.7.10_1.28-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-kmp-desktop-4.2.4_02_k3.7.10_1.28-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-kmp-desktop-debuginfo-4.2.4_02_k3.7.10_1.28-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-kmp-pae-4.2.4_02_k3.7.10_1.28-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-kmp-pae-debuginfo-4.2.4_02_k3.7.10_1.28-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-libs-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-libs-debuginfo-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-tools-domU-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"xen-tools-domU-debuginfo-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"xen-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"xen-doc-pdf-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"xen-tools-4.2.4_02-1.26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.2.4_02-1.26.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:12:31", "description": "three security fixes: integer overflow in several XSM/Flask hypercalls\n[XSA-84] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85]\nlibvchan failure handling malicious ring indexes [XSA-86]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-02-17T00:00:00", "title": "Fedora 19 : xen-4.2.3-15.fc19 (2014-2188)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1895", "CVE-2014-1894", "CVE-2014-1892", "CVE-2014-1896", "CVE-2014-1893"], "modified": "2014-02-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2014-2188.NASL", "href": "https://www.tenable.com/plugins/nessus/72540", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2188.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72540);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\", \"CVE-2014-1896\");\n script_bugtraq_id(65414, 65419, 65424);\n script_xref(name:\"FEDORA\", value:\"2014-2188\");\n\n script_name(english:\"Fedora 19 : xen-4.2.3-15.fc19 (2014-2188)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"three security fixes: integer overflow in several XSM/Flask hypercalls\n[XSA-84] Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85]\nlibvchan failure handling malicious ring indexes [XSA-86]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1062326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1062329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1062331\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128429.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?62988bdd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"xen-4.2.3-15.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:M/Au:S/C:P/I:N/A:C"}}, {"lastseen": "2021-01-12T10:12:31", "description": "three security fixes: integer overflow in several XSM/Flask hypercalls\n[XSA-84], Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85],\nlibvchan failure handling malicious ring indexes [XSA-86]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-02-17T00:00:00", "title": "Fedora 20 : xen-4.3.1-9.fc20 (2014-2170)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-1895", "CVE-2014-1894", "CVE-2014-1892", "CVE-2014-1896", "CVE-2014-1893"], "modified": "2014-02-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-2170.NASL", "href": "https://www.tenable.com/plugins/nessus/72539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2170.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72539);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\", \"CVE-2014-1896\");\n script_bugtraq_id(65414, 65419, 65424);\n script_xref(name:\"FEDORA\", value:\"2014-2170\");\n\n script_name(english:\"Fedora 20 : xen-4.3.1-9.fc20 (2014-2170)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"three security fixes: integer overflow in several XSM/Flask hypercalls\n[XSA-84], Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85],\nlibvchan failure handling malicious ring indexes [XSA-86]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1062326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1062329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1062331\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128476.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?356ccdee\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"xen-4.3.1-9.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:A/AC:M/Au:S/C:P/I:N/A:C"}}, {"lastseen": "2021-01-20T12:27:29", "description": "Xen was updated to fix security issues and bugs.\n\nUpdate to bug fix release Xen 4.3.2 c/s 27404\n\n - CVE-2013-6885: xen: XSA-82: A guest triggerable AMD CPU\n erratum may cause host hangs.\n\n - CVE-2013-6400: xen: XSA-80: IOMMU TLB flushing may be\n inadvertently suppressed, potentially leaking\n information to other guests.\n\n - CVE-2013-2212: xen: XSA-60: Excessive time to disable\n caching with HVM guests with PCI passthrough\n\n - pygrub: Support (/dev/xvda) style disk specifications", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-SU-2014:0482-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4554", "CVE-2013-6400", "CVE-2013-4553", "CVE-2013-6885", "CVE-2013-2212"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-272.NASL", "href": "https://www.tenable.com/plugins/nessus/75313", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-272.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75313);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2212\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6400\", \"CVE-2013-6885\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-SU-2014:0482-1)\");\n script_summary(english:\"Check for the openSUSE-2014-272 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Xen was updated to fix security issues and bugs.\n\nUpdate to bug fix release Xen 4.3.2 c/s 27404\n\n - CVE-2013-6885: xen: XSA-82: A guest triggerable AMD CPU\n erratum may cause host hangs.\n\n - CVE-2013-6400: xen: XSA-80: IOMMU TLB flushing may be\n inadvertently suppressed, potentially leaking\n information to other guests.\n\n - CVE-2013-2212: xen: XSA-60: Excessive time to disable\n caching with HVM guests with PCI passthrough\n\n - pygrub: Support (/dev/xvda) style disk specifications\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00009.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.2_01-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:34", "description": "Disaggregated domain management security status update, IOMMU TLB\nflushing may be inadvertently suppressed Lock order reversal between\npage_alloc_lock and mm_rwlock, Hypercalls exposed to privilege rings 1\nand 2 of HVM guests Insufficient TLB flushing in VT-d (iommu) code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-23T00:00:00", "title": "Fedora 20 : xen-4.3.1-6.fc20 (2013-23251)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4554", "CVE-2013-6400", "CVE-2013-4553", "CVE-2013-6375"], "modified": "2013-12-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-23251.NASL", "href": "https://www.tenable.com/plugins/nessus/71590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23251.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71590);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\", \"CVE-2013-6400\");\n script_bugtraq_id(63830, 63931, 63933, 64195);\n script_xref(name:\"FEDORA\", value:\"2013-23251\");\n\n script_name(english:\"Fedora 20 : xen-4.3.1-6.fc20 (2013-23251)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Disaggregated domain management security status update, IOMMU TLB\nflushing may be inadvertently suppressed Lock order reversal between\npage_alloc_lock and mm_rwlock, Hypercalls exposed to privilege rings 1\nand 2 of HVM guests Insufficient TLB flushing in VT-d (iommu) code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1035811\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124808.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6e515fc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"xen-4.3.1-6.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:59", "description": "The remote host is affected by the vulnerability described in GLSA-201407-03\n(Xen: Multiple Vunlerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker can utilize multiple vectors to execute arbitrary\n code, cause Denial of Service, or gain access to data on the host.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "published": "2014-07-17T00:00:00", "title": "GLSA-201407-03 : Xen: Multiple Vunlerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1891", "CVE-2014-4021", "CVE-2014-1642", "CVE-2013-4368", "CVE-2013-4370", "CVE-2013-4329", "CVE-2014-1895", "CVE-2013-4356", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-4416", "CVE-2013-4361", "CVE-2014-3124", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-2599", "CVE-2014-1893", "CVE-2013-4369", "CVE-2013-6885", "CVE-2013-4371", "CVE-2013-1442", "CVE-2013-4551", "CVE-2014-1666", "CVE-2013-4494", "CVE-2013-4355", "CVE-2013-4375"], "modified": "2014-07-17T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xen", "p-cpe:/a:gentoo:linux:xen-pvgrub", "p-cpe:/a:gentoo:linux:xen-tools"], "id": "GENTOO_GLSA-201407-03.NASL", "href": "https://www.tenable.com/plugins/nessus/76544", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201407-03.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76544);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1442\", \"CVE-2013-4329\", \"CVE-2013-4355\", \"CVE-2013-4356\", \"CVE-2013-4361\", \"CVE-2013-4368\", \"CVE-2013-4369\", \"CVE-2013-4370\", \"CVE-2013-4371\", \"CVE-2013-4375\", \"CVE-2013-4416\", \"CVE-2013-4494\", \"CVE-2013-4551\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\", \"CVE-2013-6400\", \"CVE-2013-6885\", \"CVE-2014-1642\", \"CVE-2014-1666\", \"CVE-2014-1891\", \"CVE-2014-1892\", \"CVE-2014-1893\", \"CVE-2014-1894\", \"CVE-2014-1895\", \"CVE-2014-1896\", \"CVE-2014-2599\", \"CVE-2014-3124\", \"CVE-2014-4021\");\n script_bugtraq_id(62307, 62630, 62708, 62709, 62710, 62930, 62931, 62932, 62934, 62935, 63404, 63494, 63625, 63830, 63931, 63933, 63983, 64195, 65097, 65125, 65414, 65419, 65424, 66407, 67113, 68070);\n script_xref(name:\"GLSA\", value:\"201407-03\");\n\n script_name(english:\"GLSA-201407-03 : Xen: Multiple Vunlerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201407-03\n(Xen: Multiple Vunlerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker can utilize multiple vectors to execute arbitrary\n code, cause Denial of Service, or gain access to data on the host.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201407-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Xen 4.3 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulations/xen-4.3.2-r2'\n All Xen 4.2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulations/xen-4.2.4-r2'\n All xen-tools 4.3 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulations/xen-tools-4.3.2-r2'\n All xen-tools 4.2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulations/xen-tools-4.2.4-r2'\n All Xen PVGRUB 4.3 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulations/xen-pvgrub-4.3.2'\n All Xen PVGRUB 4.2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulations/xen-pvgrub-4.2.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-pvgrub\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulations/xen-pvgrub\", unaffected:make_list(\"rge 4.3.2\", \"rge 4.2.4\"), vulnerable:make_list(\"lt 4.3.2\"))) flag++;\nif (qpkg_check(package:\"app-emulations/xen-tools\", unaffected:make_list(\"ge 4.3.2-r5\", \"rge 4.2.4-r6\"), vulnerable:make_list(\"lt 4.3.2-r5\"))) flag++;\nif (qpkg_check(package:\"app-emulations/xen\", unaffected:make_list(\"ge 4.3.2-r4\", \"rge 4.2.4-r4\"), vulnerable:make_list(\"lt 4.3.2-r4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xen\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:26", "description": "Lock order reversal between page_alloc_lock and mm_rwlock, Hypercalls\nexposed to privilege rings 1 and 2 of HVM guests, Insufficient TLB\nflushing in VT-d (iommu) code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-08T00:00:00", "title": "Fedora 19 : xen-4.2.3-10.fc19 (2013-22325)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4554", "CVE-2013-4553", "CVE-2013-6375"], "modified": "2013-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2013-22325.NASL", "href": "https://www.tenable.com/plugins/nessus/71248", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22325.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71248);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\");\n script_bugtraq_id(63830, 63931);\n script_xref(name:\"FEDORA\", value:\"2013-22325\");\n\n script_name(english:\"Fedora 19 : xen-4.2.3-10.fc19 (2013-22325)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Lock order reversal between page_alloc_lock and mm_rwlock, Hypercalls\nexposed to privilege rings 1 and 2 of HVM guests, Insufficient TLB\nflushing in VT-d (iommu) code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033138\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba57ef9b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"xen-4.2.3-10.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:11:25", "description": "Lock order reversal between page_alloc_lock and mm_rwlock, Hypercalls\nexposed to privilege rings 1 and 2 of HVM guests, Insufficient TLB\nflushing in VT-d (iommu) code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-08T00:00:00", "title": "Fedora 18 : xen-4.2.3-10.fc18 (2013-22312)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4554", "CVE-2013-4553", "CVE-2013-6375"], "modified": "2013-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2013-22312.NASL", "href": "https://www.tenable.com/plugins/nessus/71247", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22312.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71247);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\");\n script_bugtraq_id(63830, 63931);\n script_xref(name:\"FEDORA\", value:\"2013-22312\");\n\n script_name(english:\"Fedora 18 : xen-4.2.3-10.fc18 (2013-22312)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Lock order reversal between page_alloc_lock and mm_rwlock, Hypercalls\nexposed to privilege rings 1 and 2 of HVM guests, Insufficient TLB\nflushing in VT-d (iommu) code\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1029120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033138\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123213.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc9ba5b1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"xen-4.2.3-10.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-10-03T12:46:08", "description": "Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an \"inverted boolean parameter.\"", "edition": 3, "cvss3": {}, "published": "2013-11-23T11:55:00", "title": "CVE-2013-6375", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6375"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/o:xen:xen:4.3.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:xen:xen:4.2.3", "cpe:/o:xen:xen:4.2.1", "cpe:/o:xen:xen:4.2.2", "cpe:/o:xen:xen:4.3.1"], "id": "CVE-2013-6375", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6375", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:46:09", "description": "The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.", "edition": 3, "cvss3": {}, "published": "2013-11-29T04:33:00", "title": "CVE-2013-6885", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6885"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/h:amd:16h_model_00h_processor:-", "cpe:/h:amd:16h_model_0fh_processor:-", "cpe:/o:amd:16h_model_processor_firmware:-"], "id": "CVE-2013-6885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6885", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:h:amd:16h_model_0fh_processor:-:*:*:*:*:*:*:*", "cpe:2.3:h:amd:16h_model_00h_processor:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:16h_model_processor_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:46:08", "description": "Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.", "edition": 3, "cvss3": {}, "published": "2013-12-13T18:55:00", "title": "CVE-2013-6400", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.2, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.8, "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6400"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.2.3", "cpe:/o:xen:xen:4.2.1", "cpe:/o:xen:xen:4.2.2", "cpe:/o:xen:xen:4.3.1"], "id": "CVE-2013-6400", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6400", "cvss": {"score": 6.8, "vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:22", "description": "Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.", "edition": 5, "cvss3": {}, "published": "2014-04-01T06:35:00", "title": "CVE-2014-1894", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.2, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1894"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/o:xen:xen:3.1.4", "cpe:/o:xen:xen:3.2.0", "cpe:/o:xen:xen:3.2.3", "cpe:/o:xen:xen:3.0.2", "cpe:/o:xen:xen:3.0.3", "cpe:/o:xen:xen:3.1.3", "cpe:/o:xen:xen:3.0.4", "cpe:/o:xen:xen:3.2.2", "cpe:/o:xen:xen:3.2.1"], "id": "CVE-2014-1894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1894", "cvss": {"score": 5.2, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:46:05", "description": "The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).", "edition": 3, "cvss3": {}, "published": "2013-12-24T19:55:00", "title": "CVE-2013-4553", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.2, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4553"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:3.4.4", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.0.4", "cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:4.1.5", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.1.4", "cpe:/o:xen:xen:4.0.1", "cpe:/o:xen:xen:4.2.3", "cpe:/o:xen:xen:4.2.1", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.1.6.1", "cpe:/o:xen:xen:4.2.2", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.0.0", "cpe:/o:xen:xen:3.4.1", "cpe:/o:xen:xen:4.3.1", "cpe:/o:xen:xen:4.1.2", "cpe:/o:xen:xen:3.4.3", "cpe:/o:xen:xen:3.4.2"], "id": "CVE-2013-4553", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4553", "cvss": {"score": 5.2, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:22", "description": "Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894.", "edition": 5, "cvss3": {}, "published": "2014-04-01T06:35:00", "title": "CVE-2014-1893", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.2, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1893"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:3.4.4", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.0.4", "cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:4.1.5", "cpe:/o:xen:xen:4.1.4", "cpe:/o:xen:xen:3.2.0", "cpe:/o:xen:xen:4.0.1", "cpe:/o:xen:xen:3.2.3", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.1.6.1", "cpe:/o:xen:xen:3.3.0", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.0.0", "cpe:/o:xen:xen:3.4.1", "cpe:/o:xen:xen:3.3.1", "cpe:/o:xen:xen:3.3.2", "cpe:/o:xen:xen:4.1.2", "cpe:/o:xen:xen:3.4.3", "cpe:/o:xen:xen:3.2.2", "cpe:/o:xen:xen:3.4.2", "cpe:/o:xen:xen:3.2.1"], "id": "CVE-2014-1893", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1893", "cvss": {"score": 5.2, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:59", "description": "The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.", "edition": 3, "cvss3": {}, "published": "2013-08-28T21:55:00", "title": "CVE-2013-2212", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.7, "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2212"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:3.4.4", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.0.4", "cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:4.1.5", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.1.4", "cpe:/o:xen:xen:4.0.1", "cpe:/o:xen:xen:4.2.1", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.2.2", "cpe:/o:xen:xen:3.3.0", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.0.0", "cpe:/o:xen:xen:3.4.1", "cpe:/o:xen:xen:3.3.1", "cpe:/o:xen:xen:3.3.2", "cpe:/o:xen:xen:4.1.2", "cpe:/o:xen:xen:3.4.3", "cpe:/o:xen:xen:3.4.2"], "id": "CVE-2013-2212", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2212", "cvss": {"score": 5.7, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:46:05", "description": "Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2.", "edition": 3, "cvss3": {}, "published": "2013-12-24T19:55:00", "title": "CVE-2013-4554", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4554"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:3.4.4", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.0.4", "cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:3.1.4", "cpe:/o:xen:xen:4.1.5", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.1.4", "cpe:/o:xen:xen:3.2.0", "cpe:/o:xen:xen:4.0.1", "cpe:/o:xen:xen:4.2.3", "cpe:/o:xen:xen:3.2.3", "cpe:/o:xen:xen:4.2.1", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.1.6.1", "cpe:/o:xen:xen:3.0.3", "cpe:/o:xen:xen:4.2.2", "cpe:/o:xen:xen:3.3.0", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.0.0", "cpe:/o:xen:xen:3.4.1", "cpe:/o:xen:xen:4.3.1", "cpe:/o:xen:xen:3.3.1", "cpe:/o:xen:xen:3.3.2", "cpe:/o:xen:xen:4.1.2", "cpe:/o:xen:xen:3.1.3", "cpe:/o:xen:xen:3.4.3", "cpe:/o:xen:xen:3.0.4", "cpe:/o:xen:xen:3.2.2", "cpe:/o:xen:xen:3.4.2", "cpe:/o:xen:xen:3.2.1"], "id": "CVE-2013-4554", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4554", "cvss": {"score": 5.2, "vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:14", "description": "Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a \"large memory allocation,\" a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.", "edition": 3, "cvss3": {}, "published": "2014-04-01T06:35:00", "title": "CVE-2014-1892", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.2, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1892"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:3.4.4", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.0.4", "cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:4.1.5", "cpe:/o:xen:xen:4.1.4", "cpe:/o:xen:xen:4.0.1", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.1.6.1", "cpe:/o:xen:xen:3.3.0", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.0.0", "cpe:/o:xen:xen:3.4.1", "cpe:/o:xen:xen:3.3.1", "cpe:/o:xen:xen:3.3.2", "cpe:/o:xen:xen:4.1.2", "cpe:/o:xen:xen:3.4.3", "cpe:/o:xen:xen:3.4.2"], "id": "CVE-2014-1892", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1892", "cvss": {"score": 5.2, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:14", "description": "The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.", "edition": 3, "cvss3": {}, "published": "2014-01-26T16:58:00", "title": "CVE-2014-1666", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1666"], "modified": "2018-01-03T02:29:00", "cpe": ["cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.1.5", "cpe:/o:xen:xen:4.2.3", "cpe:/o:xen:xen:4.1.6.1", "cpe:/o:xen:xen:4.2.2", "cpe:/o:xen:xen:4.3.1"], "id": "CVE-2014-1666", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1666", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*"]}], "xen": [{"lastseen": "2016-04-01T21:57:14", "bulletinFamily": "software", "cvelist": ["CVE-2014-1891", "CVE-2014-1894", "CVE-2014-1892", "CVE-2014-1893"], "description": "#### ISSUE DESCRIPTION\nThe FLASK_{GET,SET}BOOL, FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall are vulnerable to an integer overflow on the input size. The hypercalls attempt to allocate a buffer which is 1 larger than this size and is therefore vulnerable to integer overflow and an attempt to allocate then access a zero byte buffer. (CVE-2014-1891)\nXen 3.3 through 4.1, while not affected by the above overflow, have a different overflow issue on FLASK_{GET,SET}BOOL (CVE-2014-1893) and expose unreasonably large memory allocation to aribitrary guests (CVE-2014-1892).\nXen 3.2 (and presumably earlier) exhibit both problems with the overflow issue being present for more than just the suboperations listed above. (CVE-2014-1894 for the subops not covered above.)\nThe FLASK_GETBOOL op is available to all domains.\nThe FLASK_SETBOOL op is only available to domains which are granted access via the Flask policy. However the permissions check is performed only after running the vulnerable code and the vulnerability via this subop is exposed to all domains.\nThe FLASK_USER and FLASK_CONTEXT_TO_SID ops are only available to domains which are granted access via the Flask policy.\n#### IMPACT\nAttempting to access the result of a zero byte allocation results in a processor fault leading to a denial of service.\n#### VULNERABLE SYSTEMS\nAll Xen versions back to at least 3.2 are vulnerable to this issue when built with XSM/Flask support. XSM support is disabled by default and is enabled by building with XSM_ENABLE=y.\nWe have not checked earlier versions of Xen, but it is likely that they are vulnerable to this or related vulnerabilities.\nAll Xen versions built with XSM_ENABLE=y are vulnerable.\n", "edition": 1, "modified": "2014-02-10T11:29:00", "published": "2014-02-06T12:00:00", "id": "XSA-84", "href": "http://xenbits.xen.org/xsa/advisory-84.html", "type": "xen", "title": "integer overflow in several XSM/Flask hypercalls", "cvss": {"score": 5.2, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:32", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1891", "CVE-2014-4021", "CVE-2014-1642", "CVE-2013-4368", "CVE-2013-4370", "CVE-2013-4329", "CVE-2014-1895", "CVE-2013-4356", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-4416", "CVE-2013-4361", "CVE-2014-3124", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-2599", "CVE-2014-1893", "CVE-2013-4369", "CVE-2013-6885", "CVE-2013-4371", "CVE-2013-1442", "CVE-2013-4551", "CVE-2014-1666", "CVE-2013-4494", "CVE-2013-4355", "CVE-2013-4375"], "edition": 1, "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulations/xen-4.3.2-r2\"\n \n\nAll Xen 4.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulations/xen-4.2.4-r2\"\n \n\nAll xen-tools 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulations/xen-tools-4.3.2-r2\"\n \n\nAll xen-tools 4.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulations/xen-tools-4.2.4-r2\"\n \n\nAll Xen PVGRUB 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulations/xen-pvgrub-4.3.2\"\n \n\nAll Xen PVGRUB 4.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulations/xen-pvgrub-4.2.4\"", "modified": "2014-07-16T00:00:00", "published": "2014-07-16T00:00:00", "id": "GLSA-201407-03", "href": "https://security.gentoo.org/glsa/201407-03", "type": "gentoo", "title": "Xen: Multiple Vunlerabilities", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
