Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 Tenable Network Security, Inc.DEBIAN_DLA-1070.NASL
HistoryAug 29, 2017 - 12:00 a.m.

Debian DLA-1070-1 : qemu security update

2017-08-2900:00:00
This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.
www.tenable.com
67
JSON

Multiple vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems :

CVE-2017-6505

Denial of service via infinite loop in the USB OHCI emulation

CVE-2017-8309

Denial of service via VNC audio capture

CVE-2017-10664

Denial of service in qemu-nbd server, qemu-io and qemu-img

CVE-2017-11434

Denial of service via a crafted DHCP options string

For Debian 7 ‘Wheezy’, these problems have been fixed in version 1.1.2+dfsg-6+deb7u23.

We recommend that you upgrade your qemu packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1070-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(102804);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2017-10664", "CVE-2017-11434", "CVE-2017-6505", "CVE-2017-8309");

  script_name(english:"Debian DLA-1070-1 : qemu security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities were discovered in qemu, a fast processor
emulator. The Common Vulnerabilities and Exposures project identifies
the following problems :

CVE-2017-6505

Denial of service via infinite loop in the USB OHCI emulation

CVE-2017-8309

Denial of service via VNC audio capture

CVE-2017-10664

Denial of service in qemu-nbd server, qemu-io and qemu-img

CVE-2017-11434

Denial of service via a crafted DHCP options string

For Debian 7 'Wheezy', these problems have been fixed in version
1.1.2+dfsg-6+deb7u23.

We recommend that you upgrade your qemu packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2017/08/msg00023.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/qemu"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-keymaps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"qemu", reference:"1.1.2+dfsg-6+deb7u23")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-keymaps", reference:"1.1.2+dfsg-6+deb7u23")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-system", reference:"1.1.2+dfsg-6+deb7u23")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-user", reference:"1.1.2+dfsg-6+deb7u23")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-user-static", reference:"1.1.2+dfsg-6+deb7u23")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-utils", reference:"1.1.2+dfsg-6+deb7u23")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxqemup-cpe:/a:debian:debian_linux:qemu
debiandebian_linuxqemu-keymapsp-cpe:/a:debian:debian_linux:qemu-keymaps
debiandebian_linuxqemu-systemp-cpe:/a:debian:debian_linux:qemu-system
debiandebian_linuxqemu-userp-cpe:/a:debian:debian_linux:qemu-user
debiandebian_linuxqemu-user-staticp-cpe:/a:debian:debian_linux:qemu-user-static
debiandebian_linuxqemu-utilsp-cpe:/a:debian:debian_linux:qemu-utils
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

Related

osv 9
openvas 49
debian 3
nessus 55
suse 29
veracode 5
oraclelinux 2
ubuntucve 5
debiancve 5
prion 5
cve 5
redhatcve 4
redhat 8
centos 1
fedora 8
alpinelinux 1
ubuntu 4
gentoo 1
osv
osv
qemu-kvm - security update
2017-08-28 00:00:00
qemu - security update
2017-08-28 00:00:00
CVE-2017-11434
2017-07-25 18:29:01
openvas
openvas
Debian: Security Advisory (DLA-1071-1)
2018-02-06 00:00:00
Debian: Security Advisory (DLA-1070-1)
2018-02-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2416-1)
2021-04-19 00:00:00
debian
debian
[SECURITY] [DLA 1070-1] qemu security update
2017-08-28 08:01:19
[SECURITY] [DLA 1071-1] qemu-kvm security update
2017-08-28 08:01:07
[SECURITY] [DSA 3920-1] qemu security update
2017-07-25 20:06:11
nessus
nessus
Debian DLA-1071-1 : qemu-kvm security update
2017-08-29 00:00:00
openSUSE Security Update : qemu (openSUSE-2017-1072)
2017-09-18 00:00:00
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2416-1)
2017-09-12 00:00:00
suse
suse
Security update for qemu (important)
2017-09-11 21:07:22
Security update for qemu (important)
2017-09-18 00:08:38
Security update for xen (important)
2017-09-01 18:10:29
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:18:31
Denial Of Service (DoS)
2020-09-21 06:26:06
Denial Of Service (DoS)
2019-05-02 06:36:28
oraclelinux
oraclelinux
qemu-kvm security update
2017-08-09 00:00:00
qemu-kvm security, bug fix, and enhancement update
2018-04-16 00:00:00
ubuntucve
ubuntucve
CVE-2017-10664
2017-08-02 00:00:00
CVE-2017-11434
2017-07-25 00:00:00
CVE-2017-8309
2017-05-03 00:00:00
debiancve
debiancve
CVE-2017-10664
2017-08-02 19:29:00
CVE-2017-11434
2017-07-25 18:29:00
CVE-2017-8309
2017-05-23 04:29:00
prion
prion
Out-of-bounds
2017-07-25 18:29:00
Code injection
2017-08-02 19:29:00
Memory corruption
2017-05-23 04:29:00
cve
cve
CVE-2017-11434
2017-07-25 18:29:00
CVE-2017-10664
2017-08-02 19:29:00
CVE-2017-8309
2017-05-23 04:29:00
redhatcve
redhatcve
CVE-2017-11434
2017-07-19 06:18:29
CVE-2017-8309
2019-10-19 18:46:51
CVE-2017-9330
2017-06-01 07:49:09
redhat
redhat
(RHSA-2017:2445) Moderate: qemu-kvm security update
2017-08-08 19:01:08
(RHSA-2017:2390) Moderate: qemu-kvm-rhev security update
2017-08-01 15:24:44
(RHSA-2017:3474) Moderate: qemu-kvm-rhev security and bug fix update
2017-12-14 21:59:15
centos
centos
qemu security update
2017-08-24 09:44:08
fedora
fedora
[SECURITY] Fedora 26 Update: xen-4.8.1-7.fc26
2017-08-26 20:05:37
[SECURITY] Fedora 25 Update: xen-4.7.2-2.fc25
2017-03-21 03:23:43
[SECURITY] Fedora 25 Update: xen-4.7.3-4.fc25
2017-09-16 03:24:28
alpinelinux
alpinelinux
CVE-2017-6505
2017-03-15 14:59:00
ubuntu
ubuntu
QEMU vulnerabilities
2017-09-13 00:00:00
QEMU vulnerabilities
2017-05-16 00:00:00
QEMU regression
2017-09-20 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2017-04-10 00:00:00
JSON
Related for DEBIAN_DLA-1070.NASL
osv9openvas49debian3nessus55suse29veracode5oraclelinux2ubuntucve5debiancve5prion5cve5redhatcve4redhat8centos1fedora8alpinelinux1ubuntu4gentoo1