Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2020-4676.NASLHistoryFeb 09, 2022 - 12:00 a.m.
AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2020:4676)
2022-02-0900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
7.3 High
AI Score
Confidence
High
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4676 advisory.
-
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. (CVE-2019-15890)
-
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). (CVE-2019-20485)
-
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. (CVE-2020-1983)
-
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD.
Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service. (CVE-2020-10703) -
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the
dumpxmlcommand.
(CVE-2020-14301) -
A flaw was found in libvirt, where it leaked a file descriptor for
/dev/mapper/controlinto the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14339)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2020:4676.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(157535);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/13");
script_cve_id(
"CVE-2019-15890",
"CVE-2019-20485",
"CVE-2020-1983",
"CVE-2020-10703",
"CVE-2020-14301",
"CVE-2020-14339"
);
script_xref(name:"ALSA", value:"2020:4676");
script_name(english:"AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2020:4676)");
script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ALSA-2020:4676 advisory.
- libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. (CVE-2019-15890)
- qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a
guest agent, which allows attackers to cause a denial of service (API blockage). (CVE-2019-20485)
- A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows
crafted packets to cause a denial of service. (CVE-2020-1983)
- A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0,
and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this
flaw affects storage pools created without a target path such as network-based pools like gluster and RBD.
Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon,
resulting in a potential denial of service. (CVE-2020-10703)
- An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used
to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker
to access potentially sensitive information in the domain configuration via the `dumpxml` command.
(CVE-2020-14301)
- A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU
process. This file descriptor allows for privileged operations to happen against the device-mapper on the
host. This flaw allows a malicious guest user or process to perform operations outside of their standard
permissions, potentially causing serious damage to the host operating system. The highest threat from this
vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14339)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2020-4676.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14339");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:hivex");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:hivex-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libguestfs-winsupport");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libiscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libiscsi-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libiscsi-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libnbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libnbd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-admin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-bash-completion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-config-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-config-nwfilter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-interface");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-nodedev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-nwfilter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-secret");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-storage");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-storage-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-storage-disk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-storage-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-storage-iscsi-direct");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-storage-logical");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-storage-mpath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-storage-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-daemon-driver-storage-scsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-dbus");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:libvirt-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:nbdfuse");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:netcf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:netcf-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:netcf-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ocaml-hivex");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ocaml-hivex-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ocaml-libguestfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ocaml-libguestfs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ocaml-libnbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ocaml-libnbd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:perl-Sys-Virt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:perl-hivex");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:python3-hivex");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:python3-libnbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:python3-libvirt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ruby-hivex");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:sgabios");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alma Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AlmaLinux/release');
if (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);
if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);
var module_ver = get_kb_item('Host/AlmaLinux/appstream/virt-devel');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:rhel');
if ('rhel' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module virt-devel:' + module_ver);
var appstreams = {
'virt-devel:rhel': [
{'reference':'hivex-1.3.18-20.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'hivex-devel-1.3.18-20.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libguestfs-winsupport-8.2-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libiscsi-1.18.0-8.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libiscsi-devel-1.18.0-8.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libiscsi-utils-1.18.0-8.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libnbd-1.2.2-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libnbd-devel-1.2.2-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-admin-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-bash-completion-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-client-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-config-network-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-config-nwfilter-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-interface-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-network-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-nodedev-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-nwfilter-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-secret-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-storage-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-storage-core-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-storage-disk-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-storage-iscsi-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-storage-iscsi-direct-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-storage-logical-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-storage-mpath-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-storage-rbd-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-daemon-driver-storage-scsi-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-dbus-1.3.0-2.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-devel-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-docs-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-libs-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libvirt-nss-6.0.0-28.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'nbdfuse-1.2.2-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'netcf-0.2.8-12.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'netcf-devel-0.2.8-12.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'netcf-libs-0.2.8-12.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocaml-hivex-1.3.18-20.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocaml-hivex-1.3.18-20.module_el8.3.0+2048+e7a0a3ea', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocaml-hivex-devel-1.3.18-20.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocaml-hivex-devel-1.3.18-20.module_el8.3.0+2048+e7a0a3ea', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocaml-libguestfs-1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'ocaml-libguestfs-devel-1.40.2-25.module_el8.3.0+2048+e7a0a3ea.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'ocaml-libnbd-1.2.2-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocaml-libnbd-1.2.2-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocaml-libnbd-devel-1.2.2-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ocaml-libnbd-devel-1.2.2-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-hivex-1.3.18-20.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-Sys-Virt-6.0.0-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-hivex-1.3.18-20.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-libnbd-1.2.2-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-libvirt-6.0.0-1.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-hivex-1.3.18-20.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'sgabios-0.20170427git-3.module_el8.3.0+2048+e7a0a3ea', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
]
};
var flag = 0;
var appstreams_found = 0;
foreach module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach package_array ( appstreams[module] ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module virt-devel:rhel');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'hivex / hivex-devel / libguestfs-winsupport / libiscsi / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| alma | linux | hivex | p-cpe:/a:alma:linux:hivex |
| alma | linux | hivex-devel | p-cpe:/a:alma:linux:hivex-devel |
| alma | linux | libguestfs-winsupport | p-cpe:/a:alma:linux:libguestfs-winsupport |
| alma | linux | libiscsi | p-cpe:/a:alma:linux:libiscsi |
| alma | linux | libiscsi-devel | p-cpe:/a:alma:linux:libiscsi-devel |
| alma | linux | libiscsi-utils | p-cpe:/a:alma:linux:libiscsi-utils |
| alma | linux | libnbd | p-cpe:/a:alma:linux:libnbd |
| alma | linux | libnbd-devel | p-cpe:/a:alma:linux:libnbd-devel |
| alma | linux | libvirt | p-cpe:/a:alma:linux:libvirt |
| alma | linux | libvirt-admin | p-cpe:/a:alma:linux:libvirt-admin |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15890
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1983
errata.almalinux.org/8/ALSA-2020-4676.html
Related
nessus
nessus
Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2020:4676)
2023-11-07 00:00:00
RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2020:4676)
2020-11-04 00:00:00
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2020-4676)
2023-09-07 00:00:00
osv
osv
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2020-11-03 12:26:07
Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2020-11-03 12:26:07
CVE-2020-14301
2021-05-27 20:15:07
almalinux
almalinux
oraclelinux
oraclelinux
virt:ol and virt-devel:rhel security, bug fix, and enhancement update
2020-11-10 00:00:00
libvirt security and bug fix update
2020-10-06 00:00:00
libvirt security update
2020-05-07 00:00:00
rocky
rocky
virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2020-11-03 12:26:07
container-tools:rhel8 security, bug fix, and enhancement update
2020-02-04 11:39:46
container-tools:rhel8 security, bug fix, and enhancement update
2020-07-21 15:01:40
redhat
redhat
amazon
amazon
Medium: libvirt
2020-11-09 17:10:00
Medium: qemu-kvm
2021-01-12 22:51:00
Medium: qemu-kvm
2020-12-16 20:31:00
centos
centos
libvirt security update
2020-10-20 18:26:40
qemu security update
2020-11-06 22:05:12
qemu security update
2020-03-10 20:44:03
openvas
openvas
Fedora: Security Advisory for libvirt (FEDORA-2020-5cd83efda7)
2020-06-23 00:00:00
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2021-1631)
2021-03-12 00:00:00
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2021-1666)
2021-03-12 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: libvirt-5.6.0-7.fc31
2020-06-16 01:19:11
[SECURITY] Fedora 32 Update: libslirp-4.2.0-2.fc32
2020-05-01 00:37:26
[SECURITY] Fedora 31 Update: libslirp-4.1.0-2.fc31
2020-05-09 04:12:56
redhatcve
redhatcve
alpinelinux
alpinelinux
cve
cve
prion
prion
Design/Logic Flaw
2020-03-19 02:15:00
Null pointer dereference
2020-06-02 13:15:00
Information disclosure
2021-05-27 20:15:00
mageia
mageia
Updated libvirt packages fix security vulnerability
2020-07-06 23:42:41
Updated libvirt packages fix security vulnerability
2020-06-11 01:26:12
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS)
2020-10-01 03:50:22
Denial Of Service (DoS)
2020-08-18 08:22:08
Information Disclosure
2020-08-18 08:23:06
debiancve
debiancve
gentoo
gentoo
libvirt: Unintended access to /dev/mapper/control
2021-01-26 00:00:00
suse
suse
Security update for libvirt (important)
2020-09-19 00:00:00
Security update for qemu (moderate)
2020-06-02 00:00:00
Security update for slirp4netns (important)
2020-05-11 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2355
2024-02-20 09:45:01
f5
f5
K75952001 : QEMU vulnerability CVE-2019-15890
2021-01-05 00:00:00
archlinux
archlinux
[ASA-202009-8] libvirt: privilege escalation
2020-09-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package libslirp version 4.3.0-alt1
2020-07-22 00:00:00
ubuntu
ubuntu
libvirt vulnerabilities
2020-05-21 00:00:00
debian
debian
[SECURITY] [DSA 4616-1] qemu security update
2020-02-02 20:47:20
[SECURITY] [DSA 4665-1] qemu security update
2020-04-27 17:56:01