Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2018-1049.NASL
HistoryJul 26, 2018 - 12:00 a.m.

Amazon Linux 2 : libvirt (ALAS-2018-1049) (Spectre)

2018-07-2600:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent.(CVE-2018-1064)

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.(CVE-2018-5748)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1049.
#

include("compat.inc");

if (description)
{
  script_id(111336);
  script_version("1.2");
  script_cvs_date("Date: 2019/04/05 23:25:05");

  script_cve_id("CVE-2018-1064", "CVE-2018-3639", "CVE-2018-5748");
  script_xref(name:"ALAS", value:"2018-1049");

  script_name(english:"Amazon Linux 2 : libvirt (ALAS-2018-1049) (Spectre)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux 2 host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading
to a resource exhaustion but now also triggered via QEMU guest
agent.(CVE-2018-1064)

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of
service (memory consumption) via a large QEMU reply.(CVE-2018-5748)

An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store
instructions (a commonly used performance optimization). It relies on
the presence of a precisely-defined instruction sequence in the
privileged code as well as the fact that memory read from address to
which a recent memory write has occurred may see an older value and
subsequently cause an update into the microprocessor's data cache even
for speculatively executed instructions that never actually commit
(retire). As a result, an unprivileged attacker could use this flaw to
read privileged memory by conducting targeted cache side-channel
attacks.(CVE-2018-3639)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1049.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update libvirt' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-admin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-config-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-config-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-interface");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-nodedev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-secret");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-disk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-gluster");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-iscsi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-logical");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-mpath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-scsi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-lock-sanlock");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-login-shell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-nss");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/24");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-admin-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-client-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-config-network-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-network-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-core-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-disk-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-gluster-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-iscsi-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-logical-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-mpath-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-scsi-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-kvm-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-lxc-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-debuginfo-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-devel-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-docs-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-libs-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-lock-sanlock-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-login-shell-3.9.0-14.amzn2.6")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-nss-3.9.0-14.amzn2.6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-admin / libvirt-client / libvirt-daemon / etc");
}
VendorProductVersionCPE
amazonlinuxlibvirtp-cpe:/a:amazon:linux:libvirt
amazonlinuxlibvirt-adminp-cpe:/a:amazon:linux:libvirt-admin
amazonlinuxlibvirt-clientp-cpe:/a:amazon:linux:libvirt-client
amazonlinuxlibvirt-daemonp-cpe:/a:amazon:linux:libvirt-daemon
amazonlinuxlibvirt-daemon-config-networkp-cpe:/a:amazon:linux:libvirt-daemon-config-network
amazonlinuxlibvirt-daemon-config-nwfilterp-cpe:/a:amazon:linux:libvirt-daemon-config-nwfilter
amazonlinuxlibvirt-daemon-driver-interfacep-cpe:/a:amazon:linux:libvirt-daemon-driver-interface
amazonlinuxlibvirt-daemon-driver-lxcp-cpe:/a:amazon:linux:libvirt-daemon-driver-lxc
amazonlinuxlibvirt-daemon-driver-networkp-cpe:/a:amazon:linux:libvirt-daemon-driver-network
amazonlinuxlibvirt-daemon-driver-nodedevp-cpe:/a:amazon:linux:libvirt-daemon-driver-nodedev
Rows per page:
1-10 of 321

Related

oraclelinux 5
nessus 80
amazon 1
openvas 38
osv 2
ibm 5
ubuntucve 3
veracode 2
debian 3
redhat 25
redhatcve 2
debiancve 3
cve 2
centos 6
prion 2
ubuntu 3
suse 4
fedora 5
mageia 2
f5 1
citrix 1
virtuozzo 2
almalinux 1
threatpost 1
oraclelinux
oraclelinux
libvirt security update
2018-06-25 00:00:00
libvirt security and bug fix update
2018-05-14 00:00:00
libvirt security update
2018-05-22 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : libvirt (EulerOS-SA-2018-1197)
2018-07-03 00:00:00
NewStart CGSL MAIN 4.05 : libvirt Multiple Vulnerabilities (NS-SA-2019-0132)
2019-08-12 00:00:00
SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2082-1) (Spectre)
2018-07-30 00:00:00
amazon
amazon
Important: libvirt
2018-07-24 16:05:00
openvas
openvas
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2018-1197)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2082-1)
2021-04-19 00:00:00
CentOS Update for libvirt CESA-2018:1396 centos7
2018-06-05 00:00:00
osv
osv
libvirt - security update
2018-03-24 00:00:00
libvirt - security update
2018-03-14 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libvirt affect PowerKVM
2018-07-06 23:39:30
Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.
2019-10-18 03:36:34
Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM
2018-12-19 20:55:02
ubuntucve
ubuntucve
CVE-2018-1064
2018-03-28 00:00:00
CVE-2018-5748
2018-01-25 00:00:00
CVE-2018-3639
2018-05-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:23:06
Denial Of Service (DoS)
2018-05-03 05:13:55
debian
debian
[SECURITY] [DLA 1315-1] libvirt security update
2018-03-24 16:24:47
[SECURITY] [DSA 4137-1] libvirt security update
2018-03-14 21:50:24
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
redhat
redhat
(RHSA-2018:1929) Low: libvirt security update
2018-06-19 02:12:46
(RHSA-2018:1396) Low: libvirt security and bug fix update
2018-05-14 12:57:03
(RHSA-2018:2171) Important: kernel security update
2018-07-11 15:14:50
redhatcve
redhatcve
CVE-2018-1064
2019-10-08 22:28:17
CVE-2018-5748
2018-01-18 06:19:50
debiancve
debiancve
CVE-2018-1064
2018-03-28 18:29:00
CVE-2018-5748
2018-01-25 16:29:00
CVE-2018-3639
2018-05-22 12:29:00
cve
cve
CVE-2018-1064
2018-03-28 18:29:00
CVE-2018-5748
2018-01-25 16:29:00
centos
centos
libvirt security update
2018-05-30 18:24:07
libvirt security update
2018-06-21 11:55:48
java security update
2018-05-22 15:30:51
prion
prion
Code injection
2018-03-28 18:29:00
Design/Logic Flaw
2018-01-25 16:29:00
ubuntu
ubuntu
libvirt vulnerability and update
2018-06-12 00:00:00
QEMU update
2018-05-21 00:00:00
Linux kernel vulnerability
2018-05-22 00:00:00
suse
suse
Security update for libvirt (important)
2018-03-29 12:11:46
Security update for libvirt (moderate)
2018-08-13 12:07:25
Security update for qemu (important)
2018-05-23 15:07:21
fedora
fedora
[SECURITY] Fedora 27 Update: libvirt-3.7.0-6.fc27
2018-08-01 17:55:42
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
[SECURITY] Fedora 28 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc28
2019-02-25 01:34:09
mageia
mageia
Updated libvirt packages fix CVE-2018-1064
2018-03-30 00:00:32
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
f5
f5
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)
2018-05-23 00:00:00
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-05-23 00:00:00
almalinux
almalinux
java-1.8.0-openjdk bug fix and enhancement update
2021-01-21 10:00:00
threatpost
threatpost
Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4
2018-05-24 15:18:03
JSON
Related for AL2_ALAS-2018-1049.NASL
oraclelinux5nessus80amazon1openvas38osv2ibm5ubuntucve3veracode2debian3redhat25redhatcve2debiancve3cve2centos6prion2ubuntu3suse4fedora5mageia2f51citrix1virtuozzo2almalinux1threatpost1