Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2014-0927.NASL
HistoryJul 26, 2014 - 12:00 a.m.

CentOS 7 : qemu-kvm (CESA-2014:0927)

2014-07-2600:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Updated qemu-kvm packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.

Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0222, CVE-2014-0223)

Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way virtio, virtio-net, virtio-scsi, usb, and hpet drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)

These issues were discovered by Michael S. Tsirkin, Anthony Liguori and Michael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461.

This update also fixes the following bugs :

  • Previously, QEMU did not free pre-allocated zero clusters correctly and the clusters under some circumstances leaked. With this update, pre-allocated zero clusters are freed appropriately and the cluster leaks no longer occur. (BZ#1110188)

  • Prior to this update, the QEMU command interface did not properly handle resizing of cache memory during guest migration, causing QEMU to terminate unexpectedly with a segmentation fault and QEMU to fail.
    This update fixes the related code and QEMU no longer crashes in the described situation. (BZ#1110191)

  • Previously, when a guest device was hot unplugged, QEMU correctly removed the corresponding file descriptor watch but did not re-create it after the device was re-connected. As a consequence, the guest became unable to receive any data from the host over this device. With this update, the file descriptor’s watch is re-created and the guest in the above scenario can communicate with the host as expected.
    (BZ#1110219)

  • Previously, the QEMU migration code did not account for the gaps caused by hot unplugged devices and thus expected more memory to be transferred during migrations. As a consequence, guest migration failed to complete after multiple devices were hot unplugged. In addition, the migration info text displayed erroneous values for the ‘remaining ram’ item. With this update, QEMU calculates memory after a device has been unplugged correctly, and any subsequent guest migrations proceed as expected. (BZ#1110189)

All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:0927 and 
# CentOS Errata and Security Advisory 2014:0927 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76839);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2013-4148", "CVE-2013-4149", "CVE-2013-4150", "CVE-2013-4151", "CVE-2013-4527", "CVE-2013-4529", "CVE-2013-4535", "CVE-2013-4536", "CVE-2013-4541", "CVE-2013-4542", "CVE-2013-6399", "CVE-2014-0182", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-3461");
  script_xref(name:"RHSA", value:"2014:0927");

  script_name(english:"CentOS 7 : qemu-kvm (CESA-2014:0927)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated qemu-kvm packages that fix multiple security issues and
various bugs are now available for Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution
for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides
the user-space component for running virtual machines using KVM.

Two integer overflow flaws were found in the QEMU block driver for
QCOW version 1 disk images. A user able to alter the QEMU disk image
files loaded by a guest could use either of these flaws to corrupt
QEMU process memory on the host, which could potentially result in
arbitrary code execution on the host with the privileges of the QEMU
process. (CVE-2014-0222, CVE-2014-0223)

Multiple buffer overflow, input validation, and out-of-bounds write
flaws were found in the way virtio, virtio-net, virtio-scsi, usb, and
hpet drivers of QEMU handled state loading after migration. A user
able to alter the savevm data (either on the disk or over the wire
during migration) could use either of these flaws to corrupt QEMU
process memory on the (destination) host, which could potentially
result in arbitrary code execution on the host with the privileges of
the QEMU process. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150,
CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535,
CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399,
CVE-2014-0182, CVE-2014-3461)

These issues were discovered by Michael S. Tsirkin, Anthony Liguori
and Michael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149,
CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529,
CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542,
CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461.

This update also fixes the following bugs :

* Previously, QEMU did not free pre-allocated zero clusters correctly
and the clusters under some circumstances leaked. With this update,
pre-allocated zero clusters are freed appropriately and the cluster
leaks no longer occur. (BZ#1110188)

* Prior to this update, the QEMU command interface did not properly
handle resizing of cache memory during guest migration, causing QEMU
to terminate unexpectedly with a segmentation fault and QEMU to fail.
This update fixes the related code and QEMU no longer crashes in the
described situation. (BZ#1110191)

* Previously, when a guest device was hot unplugged, QEMU correctly
removed the corresponding file descriptor watch but did not re-create
it after the device was re-connected. As a consequence, the guest
became unable to receive any data from the host over this device. With
this update, the file descriptor's watch is re-created and the guest
in the above scenario can communicate with the host as expected.
(BZ#1110219)

* Previously, the QEMU migration code did not account for the gaps
caused by hot unplugged devices and thus expected more memory to be
transferred during migrations. As a consequence, guest migration
failed to complete after multiple devices were hot unplugged. In
addition, the migration info text displayed erroneous values for the
'remaining ram' item. With this update, QEMU calculates memory after a
device has been unplugged correctly, and any subsequent guest
migrations proceed as expected. (BZ#1110189)

All qemu-kvm users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After
installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update
to take effect."
  );
  # https://lists.centos.org/pipermail/centos-announce/2014-July/020447.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b27fa7f4"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected qemu-kvm packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4148");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libcacard");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libcacard-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libcacard-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qemu-img");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qemu-kvm-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qemu-kvm-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libcacard-1.5.3-60.el7_0.5")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libcacard-devel-1.5.3-60.el7_0.5")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libcacard-tools-1.5.3-60.el7_0.5")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"qemu-guest-agent-1.5.3-60.el7_0.5")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"qemu-img-1.5.3-60.el7_0.5")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"qemu-kvm-1.5.3-60.el7_0.5")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"qemu-kvm-common-1.5.3-60.el7_0.5")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"qemu-kvm-tools-1.5.3-60.el7_0.5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcacard / libcacard-devel / libcacard-tools / qemu-guest-agent / etc");
}
VendorProductVersionCPE
centoscentoslibcacardp-cpe:/a:centos:centos:libcacard
centoscentoslibcacard-develp-cpe:/a:centos:centos:libcacard-devel
centoscentoslibcacard-toolsp-cpe:/a:centos:centos:libcacard-tools
centoscentosqemu-guest-agentp-cpe:/a:centos:centos:qemu-guest-agent
centoscentosqemu-imgp-cpe:/a:centos:centos:qemu-img
centoscentosqemu-kvmp-cpe:/a:centos:centos:qemu-kvm
centoscentosqemu-kvm-commonp-cpe:/a:centos:centos:qemu-kvm-common
centoscentosqemu-kvm-toolsp-cpe:/a:centos:centos:qemu-kvm-tools
centoscentos7cpe:/o:centos:centos:7

References

Related

nessus 36
openvas 42
redhat 10
oraclelinux 4
centos 3
veracode 12
fedora 9
ubuntu 1
mageia 1
securityvulns 6
ubuntucve 15
ibm 1
suse 11
debiancve 15
prion 15
cve 15
gentoo 1
debian 2
nessus
nessus
Oracle Linux 7 : qemu-kvm (ELSA-2014-0927)
2014-07-24 00:00:00
RHEL 7 : qemu-kvm (RHSA-2014:0927)
2014-07-30 00:00:00
RHEL 6 : qemu-kvm (RHSA-2014:0743)
2014-06-11 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2014-0927)
2015-10-06 00:00:00
RedHat Update for qemu-kvm RHSA-2014:0927-01
2014-07-28 00:00:00
Oracle: Security Advisory (ELSA-2014-0743)
2015-10-06 00:00:00
redhat
redhat
(RHSA-2014:1268) Moderate: qemu-kvm-rhev security update
2014-09-22 00:00:00
(RHSA-2014:0927) Moderate: qemu-kvm security and bug fix update
2014-07-23 00:00:00
(RHSA-2014:0743) Moderate: qemu-kvm security and bug fix update
2014-06-10 00:00:00
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2014-07-23 00:00:00
qemu-kvm security and bug fix update
2014-06-10 00:00:00
qemu-kvm security, bug fix, and enhancement update
2015-03-11 00:00:00
centos
centos
libcacard, qemu security update
2014-07-25 13:23:24
qemu security update
2014-06-11 11:37:18
qemu security update
2014-08-19 10:00:56
veracode
veracode
Memory Corruption
2019-05-02 04:58:38
Arbitrary Code Execution
2019-05-02 04:58:38
Arbitrary Code Execution
2019-05-02 04:58:37
fedora
fedora
[SECURITY] Fedora 20 Update: qemu-1.6.2-5.fc20
2014-05-16 10:01:41
[SECURITY] Fedora 20 Update: qemu-1.6.2-6.fc20
2014-06-10 02:56:05
[SECURITY] Fedora 20 Update: qemu-1.6.2-7.fc20
2014-07-26 00:11:13
ubuntu
ubuntu
QEMU vulnerabilities
2014-09-08 00:00:00
mageia
mageia
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
securityvulns
securityvulns
[oss-security] Re: CVE request: Qemu: usb: fix up post load checks
2014-05-15 00:00:00
QEMU multiple security vulnerabilities
2014-05-15 00:00:00
[oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size
2014-05-15 00:00:00
ubuntucve
ubuntucve
CVE-2013-4536
2014-02-20 00:00:00
CVE-2013-6399
2014-02-20 00:00:00
CVE-2013-4529
2014-02-20 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance.
2018-06-17 22:30:11
suse
suse
Security update for KVM (important)
2015-05-22 00:08:52
Security update for xen (important)
2015-11-10 18:10:12
Security update for xen (important)
2015-11-03 11:12:06
debiancve
debiancve
CVE-2013-6399
2014-11-04 21:55:00
CVE-2013-4529
2014-11-04 21:55:00
CVE-2013-4149
2014-11-04 21:55:00
prion
prion
Code injection
2014-11-04 21:55:00
Buffer overflow
2014-11-04 21:55:00
Out-of-bounds
2014-11-04 21:55:00
cve
cve
CVE-2013-6399
2014-11-04 21:55:00
CVE-2013-4529
2014-11-04 21:55:00
CVE-2013-4149
2014-11-04 21:55:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2014-08-30 00:00:00
debian
debian
[SECURITY] [DSA 3045-1] qemu security update
2014-10-04 19:27:38
[SECURITY] [DSA 3044-1] qemu-kvm security update
2014-10-04 19:26:54
JSON
Related for CENTOS_RHSA-2014-0927.NASL
nessus36openvas42redhat10oraclelinux4centos3veracode12fedora9ubuntu1mageia1securityvulns6ubuntucve15ibm1suse11debiancve15prion15cve15gentoo1debian2