ID DEBIAN_DLA-1300.NASL Type nessus Reporter This script is Copyright (C) 2018-2021 Tenable Network Security, Inc. Modified 2021-01-11T00:00:00
Description
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation.
For Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-13.
We recommend that you upgrade your xen packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1300-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(107134);
script_version("3.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2018-7540", "CVE-2018-7541");
script_name(english:"Debian DLA-1300-1 : xen security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in denial of service, informations leaks or
privilege escalation.
For Debian 7 'Wheezy', these problems have been fixed in version
4.1.6.lts1-13.
We recommend that you upgrade your xen packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/xen"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxen-4.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxen-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxen-ocaml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxen-ocaml-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxenstore3.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-docs-4.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-system-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-system-i386");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-utils-4.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-utils-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xenstore-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/06");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"libxen-4.1", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"libxen-dev", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"libxen-ocaml", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"libxen-ocaml-dev", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"libxenstore3.0", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"xen-docs-4.1", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-amd64", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-i386", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"xen-system-amd64", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"xen-system-i386", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"xen-utils-4.1", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"xen-utils-common", reference:"4.1.6.lts1-13")) flag++;
if (deb_check(release:"7.0", prefix:"xenstore-utils", reference:"4.1.6.lts1-13")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DLA-1300.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-1300-1 : xen security update", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 4.1.6.lts1-13.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-03-06T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/107134", "reporter": "This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7540", "https://packages.debian.org/source/wheezy/xen", "https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7541"], "cvelist": ["CVE-2018-7540", "CVE-2018-7541"], "immutableFields": [], "lastseen": "2021-08-19T12:33:09", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "citrix", "idList": ["CTX232655"]}, {"type": "cve", "idList": ["CVE-2018-7540", "CVE-2018-7541"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1300-1:11474", "DEBIAN:DLA-1300-1:7B6EB", "DEBIAN:DLA-1577-1:71995", "DEBIAN:DLA-1577-1:76F49", "DEBIAN:DSA-4131-1:D22BC"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-7540", "DEBIANCVE:CVE-2018-7541"]}, {"type": "fedora", "idList": ["FEDORA:2C89F6167407", "FEDORA:520A96076F57", "FEDORA:6315F608DDDD", "FEDORA:698AD6087A96", "FEDORA:728DA604CD72", "FEDORA:73C6F628E99A", "FEDORA:977BB60A6180", "FEDORA:BCAE760875D9", "FEDORA:D5F726042B1F", "FEDORA:E655260321A8", "FEDORA:EAC7F6435E1F"]}, {"type": "gentoo", "idList": ["GLSA-201810-06"]}, {"type": "nessus", "idList": ["CITRIX_XENSERVER_CTX232096.NASL", "CITRIX_XENSERVER_CTX232655.NASL", "DEBIAN_DLA-1577.NASL", "DEBIAN_DSA-4131.NASL", "FEDORA_2018-0746DAC335.NASL", "FEDORA_2018-C553A586C8.NASL", "GENTOO_GLSA-201810-06.NASL", "OPENSUSE-2018-454.NASL", "ORACLEVM_OVMSA-2018-0020.NASL", "ORACLEVM_OVMSA-2018-0021.NASL", "ORACLEVM_OVMSA-2018-0218.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2018-0271.NASL", "ORACLEVM_OVMSA-2018-0272.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "SUSE_SU-2018-0678-1.NASL", "SUSE_SU-2018-0909-1.NASL", "SUSE_SU-2018-1184-1.NASL", "XEN_SERVER_XSA-252.NASL", "XEN_SERVER_XSA-255.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704131", "OPENVAS:1361412562310851742", "OPENVAS:1361412562310874189", "OPENVAS:1361412562310874259", "OPENVAS:1361412562310874408", "OPENVAS:1361412562310874435", "OPENVAS:1361412562310874580", "OPENVAS:1361412562310874616", "OPENVAS:1361412562310874659", "OPENVAS:1361412562310874805", "OPENVAS:1361412562310875025", "OPENVAS:1361412562310875247", "OPENVAS:1361412562310875287", "OPENVAS:1361412562310891300", "OPENVAS:1361412562310891577"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-7540", "RH:CVE-2018-7541"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1274-1", "SUSE-SU-2018:0678-1", "SUSE-SU-2018:0909-1", "SUSE-SU-2018:1184-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-7540", "UB:CVE-2018-7541"]}, {"type": "xen", "idList": ["XSA-252", "XSA-255"]}], "rev": 4}, "score": {"value": 5.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-7540", "CVE-2018-7541"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1300-1:11474", "DEBIAN:DSA-4131-1:D22BC"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-7540", "DEBIANCVE:CVE-2018-7541"]}, {"type": "fedora", "idList": ["FEDORA:2C89F6167407", "FEDORA:520A96076F57", "FEDORA:6315F608DDDD", "FEDORA:698AD6087A96", "FEDORA:728DA604CD72", "FEDORA:73C6F628E99A", "FEDORA:977BB60A6180", "FEDORA:BCAE760875D9", "FEDORA:D5F726042B1F", "FEDORA:E655260321A8", "FEDORA:EAC7F6435E1F"]}, {"type": "gentoo", "idList": ["GLSA-201810-06"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4131.NASL", "FEDORA_2018-C553A586C8.NASL", "GENTOO_GLSA-201810-06.NASL", "ORACLEVM_OVMSA-2018-0020.NASL", "ORACLEVM_OVMSA-2018-0021.NASL", "XEN_SERVER_XSA-252.NASL", "XEN_SERVER_XSA-255.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704131"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-7540", "RH:CVE-2018-7541"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0678-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-7540", "UB:CVE-2018-7541"]}, {"type": "xen", "idList": ["XSA-252"]}]}, "exploitation": null, "vulnersScore": 5.9}, "pluginID": "107134", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1300-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107134);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\");\n\n script_name(english:\"Debian DLA-1300-1 : xen security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-13.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/xen\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-ocaml-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxenstore3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-docs-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xenstore-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxen-4.1\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-dev\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml-dev\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxenstore3.0\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-docs-4.1\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-amd64\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-i386\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-amd64\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-i386\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-4.1\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-common\", reference:\"4.1.6.lts1-13\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xenstore-utils\", reference:\"4.1.6.lts1-13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:libxen-4.1", "p-cpe:/a:debian:debian_linux:libxen-dev", "p-cpe:/a:debian:debian_linux:libxen-ocaml", "p-cpe:/a:debian:debian_linux:libxen-ocaml-dev", "p-cpe:/a:debian:debian_linux:libxenstore3.0", "p-cpe:/a:debian:debian_linux:xen-docs-4.1", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-amd64", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.1-i386", "p-cpe:/a:debian:debian_linux:xen-system-amd64", "p-cpe:/a:debian:debian_linux:xen-system-i386", "p-cpe:/a:debian:debian_linux:xen-utils-4.1", "p-cpe:/a:debian:debian_linux:xen-utils-common", "p-cpe:/a:debian:debian_linux:xenstore-utils", "cpe:/o:debian:debian_linux:7.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.5"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2018-03-06T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"debian": [{"lastseen": "2021-10-22T13:01:26", "description": "Package : xen\nVersion : 4.1.6.lts1-13\nCVE ID : CVE-2018-7540 CVE-2018-7541\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n4.1.6.lts1-13.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-03-06T06:47:56", "type": "debian", "title": "[SECURITY] [DLA 1300-1] xen security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540", "CVE-2018-7541"], "modified": "2018-03-06T06:47:56", "id": "DEBIAN:DLA-1300-1:7B6EB", "href": "https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-12-09T04:29:48", "description": "Package : xen\nVersion : 4.1.6.lts1-13\nCVE ID : CVE-2018-7540 CVE-2018-7541\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n4.1.6.lts1-13.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-03-06T06:47:56", "type": "debian", "title": "[SECURITY] [DLA 1300-1] xen security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540", "CVE-2018-7541"], "modified": "2018-03-06T06:47:56", "id": "DEBIAN:DLA-1300-1:11474", "href": "https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-02-18T23:51:32", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4131-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 04, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-7542\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-7540\n\n Jann Horn discovered that missing checks in page table freeing may\n result in denial of service.\n\nCVE-2018-7541\n\n Jan Beulich discovered that incorrect error handling in grant table\n checks may result in guest-to-host denial of service and potentially\n privilege escalation.\n\nCVE-2018-7542\n\n Ian Jackson discovered that insufficient handling of x86 PVH guests\n without local APICs may result in guest-to-host denial of service.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.\n\nWe recommend that you upgrade your xen packages.\n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-03-04T09:59:29", "type": "debian", "title": "[SECURITY] [DSA 4131-1] xen security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2018-03-04T09:59:29", "id": "DEBIAN:DSA-4131-1:D22BC", "href": "https://lists.debian.org/debian-security-announce/2018/msg00057.html", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-03-26T20:02:10", "description": "Package : xen\nVersion : 4.4.4lts4-0+deb8u1\nCVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 \n CVE-2018-12893 CVE-2018-15469 CVE-2018-15470\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4.4.4lts4-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-11-12T13:09:39", "type": "debian", "title": "[SECURITY] [DLA 1577-1] xen security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12891", "CVE-2018-12893", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2018-11-12T13:09:39", "id": "DEBIAN:DLA-1577-1:71995", "href": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T13:22:49", "description": "Package : xen\nVersion : 4.4.4lts4-0+deb8u1\nCVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 \n CVE-2018-12893 CVE-2018-15469 CVE-2018-15470\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, informations leaks or privilege\nescalation.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4.4.4lts4-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-11-12T13:09:39", "type": "debian", "title": "[SECURITY] [DLA 1577-1] xen security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12891", "CVE-2018-12893", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2018-11-12T13:09:39", "id": "DEBIAN:DLA-1577-1:76F49", "href": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-29T20:07:13", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.", "cvss3": {}, "published": "2018-03-27T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for xen (DLA-1300-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2018-7541"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891300", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891300", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891300\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1300-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-27 00:00:00 +0200 (Tue, 27 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.1.6.lts1-13.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.6.lts1-13\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-07-04T18:56:03", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-7540\nJann Horn discovered that missing checks in page table freeing may\nresult in denial of service.\n\nCVE-2018-7541\nJan Beulich discovered that incorrect error handling in grant table\nchecks may result in guest-to-host denial of service and potentially\nprivilege escalation.\n\nCVE-2018-7542\nIan Jackson discovered that insufficient handling of x86 PVH guests\nwithout local APICs may result in guest-to-host denial of service.", "cvss3": {}, "published": "2018-03-04T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4131-1 (xen - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704131", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4131-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704131\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_name(\"Debian Security Advisory DSA 4131-1 (xen - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-04 00:00:00 +0100 (Sun, 04 Mar 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4131.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/xen\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor:\n\nCVE-2018-7540\nJann Horn discovered that missing checks in page table freeing may\nresult in denial of service.\n\nCVE-2018-7541\nJan Beulich discovered that incorrect error handling in grant table\nchecks may result in guest-to-host denial of service and potentially\nprivilege escalation.\n\nCVE-2018-7542\nIan Jackson discovered that insufficient handling of x86 PVH guests\nwithout local APICs may result in guest-to-host denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.8\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-amd64\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-arm64\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.8-armhf\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-arm64\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.8\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-c553a586c8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874189", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c553a586c8_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-c553a586c8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874189\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:37:51 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-c553a586c8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c553a586c8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EON2NY7TTGVGFRL4CFQGVPUCGIDVKO42\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.1~5.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-21T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-0746dac335", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2018-7542", "CVE-2018-7541"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874259", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874259", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_0746dac335_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-0746dac335\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874259\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-21 15:11:29 +0100 (Wed, 21 Mar 2018)\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-0746dac335\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-0746dac335\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGRVYJZOR6DZ26U3INZ7MMCY6DDQSG65\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.3~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-29T20:06:53", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.", "cvss3": {}, "published": "2018-11-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for xen (DLA-1577-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2018-15470", "CVE-2018-12893", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-12891"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891577", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891577", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891577\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-12891\", \"CVE-2018-12893\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-7540\",\n \"CVE-2018-7541\", \"CVE-2018-8897\");\n script_name(\"Debian LTS: Security Advisory for xen (DLA-1577-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-12 00:00:00 +0100 (Mon, 12 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.4.4lts4-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities have been discovered in the Xen hypervisor, which\ncould result in denial of service, information leaks or privilege\nescalation.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-4.4\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-amd64\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-hypervisor-4.4-armhf\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-system-armhf\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-4.4\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.4.4lts4-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T16:46:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-12T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for xen (openSUSE-SU-2018:1274-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-7542", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310851742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851742", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851742\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 05:51:06 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-7540\", \"CVE-2018-7541\",\n \"CVE-2018-7542\", \"CVE-2018-8897\", \"CVE-2017-5754\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for xen (openSUSE-SU-2018:1274-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for xen to version 4.9.2 fixes several issues.\n\n This feature was added:\n\n - Added script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU. They are triggered via 'xl vcpu-set\n domU N'\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of\n service (host OS CPU hang) via non-preemptible L3/L4 pagetable freeing\n (bsc#1080635).\n\n - CVE-2018-7541: Guest OS users were able to cause a denial of service\n (hypervisor crash) or gain privileges by triggering a grant-table\n transition from v2 to v1 (bsc#1080662).\n\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of\n service (NULL pointer dereference and hypervisor crash) by leveraging\n the mishandling\n of configurations that lack a Local APIC (bsc#1080634).\n\n These non-security issues were fixed:\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep\n default to run xenstored as daemon in dom0\n\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1)\n\n - bsc#1072834: Prevent unchecked MSR access error\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-454=1\");\n\n script_tag(name:\"affected\", value:\"xen on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1274-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00059.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.9.2_04~19.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-02T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-604574c943", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-15597", "CVE-2018-10472", "CVE-2017-17564", "CVE-2018-7542", "CVE-2017-15592", "CVE-2017-17565", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-7541", "CVE-2017-17566", "CVE-2017-15595"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874408", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_604574c943_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-604574c943\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874408\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-02 16:58:54 +0530 (Wed, 02 May 2018)\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\",\n \"CVE-2017-17566\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\",\n \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\",\n \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\",\n \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2018-10472\", \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-604574c943\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-604574c943\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLLQI3WPM62M45JCLWN4SSYWILJ7EHI5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-17T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-98684f429b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2017-17564", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-15592", "CVE-2017-17565", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-7541", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-17566", "CVE-2017-15595"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874580", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874580", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_98684f429b_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-98684f429b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874580\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-17 05:46:54 +0200 (Thu, 17 May 2018)\");\n script_cve_id(\"CVE-2018-8897\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\", \"CVE-2017-17566\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\", \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\", \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\", \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2018-10982\", \"CVE-2018-10981\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-98684f429b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-98684f429b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6OEW7BFEIZGLUN6VOIHINTWV4FXDAXG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2~3.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-09T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-aec846c0ef", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2017-17564", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-15592", "CVE-2017-17565", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-7541", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-17566", "CVE-2018-3639", "CVE-2017-15595"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874659", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_aec846c0ef_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-aec846c0ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874659\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-09 06:00:05 +0200 (Sat, 09 Jun 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\",\n \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\",\n \"CVE-2017-17566\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\",\n \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\",\n \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\",\n \"CVE-2017-15593\", \"CVE-2017-15594\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-aec846c0ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-aec846c0ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXWQTCUKDG3QIEY5FXMOSW4CV7SD6SKX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2~4.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-15T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-1a467757ce", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2017-17564", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-15592", "CVE-2018-12892", "CVE-2017-17565", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2018-12893", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-3665", "CVE-2018-7541", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-17566", "CVE-2018-12891", "CVE-2018-3639", "CVE-2017-15595"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1a467757ce_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-1a467757ce\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874805\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-15 06:02:45 +0200 (Sun, 15 Jul 2018)\");\n script_cve_id(\"CVE-2018-12891\", \"CVE-2018-12893\", \"CVE-2018-12892\", \"CVE-2018-3665\",\n \"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\",\n \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\",\n \"CVE-2017-17566\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\",\n \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\",\n \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\",\n \"CVE-2017-15593\", \"CVE-2017-15594\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-1a467757ce\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1a467757ce\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Q2DYZXIZH5NK6GZ24XMBJ24W6MHVDAW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2~6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-01T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-915602df63", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2018-15468", "CVE-2017-17564", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-15592", "CVE-2018-12892", "CVE-2017-17565", "CVE-2018-15470", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2018-3646", "CVE-2018-12893", "CVE-2018-3620", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-3665", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-17566", "CVE-2018-12891", "CVE-2018-3639", "CVE-2017-15595"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875025", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875025", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_915602df63_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-915602df63\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875025\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-01 07:41:08 +0200 (Sat, 01 Sep 2018)\");\n script_cve_id(\"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-12891\", \"CVE-2018-12893\",\n \"CVE-2018-12892\", \"CVE-2018-3665\", \"CVE-2018-3639\", \"CVE-2018-8897\",\n \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-7540\", \"CVE-2018-7541\",\n \"CVE-2018-7542\", \"CVE-2017-15595\", \"CVE-2017-17566\", \"CVE-2017-17563\",\n \"CVE-2017-17564\", \"CVE-2017-17565\", \"CVE-2017-17044\", \"CVE-2017-17045\",\n \"CVE-2017-15592\", \"CVE-2017-15597\", \"CVE-2017-15590\", \"CVE-2017-15591\",\n \"CVE-2017-15589\", \"CVE-2017-15588\", \"CVE-2017-15593\", \"CVE-2017-15594\",\n \"CVE-2018-15469\", \"CVE-2018-15468\", \"CVE-2018-15470\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-915602df63\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-915602df63\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXSMCV65ODY76PDV2TGMQ3V3JWMQAFFG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.2~7.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-fe24359b69", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2018-15468", "CVE-2017-17564", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-15592", "CVE-2018-12892", "CVE-2017-17565", "CVE-2018-15470", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2018-3646", "CVE-2018-12893", "CVE-2018-18883", "CVE-2018-3620", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-3665", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-17566", "CVE-2018-12891", "CVE-2018-3639", "CVE-2017-15595"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875287", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875287", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_fe24359b69_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-fe24359b69\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875287\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-18883\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-15469\",\n \"CVE-2018-15468\", \"CVE-2018-15470\", \"CVE-2018-12891\", \"CVE-2018-12893\",\n \"CVE-2018-12892\", \"CVE-2018-3665\", \"CVE-2018-3639\", \"CVE-2018-8897\",\n \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-7540\", \"CVE-2018-7541\",\n \"CVE-2018-7542\", \"CVE-2017-15595\", \"CVE-2017-17566\", \"CVE-2017-17563\",\n \"CVE-2017-17564\", \"CVE-2017-17565\", \"CVE-2017-17044\", \"CVE-2017-17045\",\n \"CVE-2017-15592\", \"CVE-2017-15597\", \"CVE-2017-15590\", \"CVE-2017-15591\",\n \"CVE-2017-15589\", \"CVE-2017-15588\", \"CVE-2017-15593\", \"CVE-2017-15594\");\n script_bugtraq_id(106054);\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 12:40:47 +0530 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for xen FEDORA-2018-fe24359b69\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fe24359b69\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCNCVBHUTUKAEDCTEZO6MK4PF3AI6XTE\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2018-fe24359b69 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"xen on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.3~3.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-11-12T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-f20a0cead5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2018-15468", "CVE-2017-17564", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-15592", "CVE-2018-12892", "CVE-2017-17565", "CVE-2018-15470", "CVE-2017-15591", "CVE-2017-17563", "CVE-2017-17045", "CVE-2017-17044", "CVE-2017-15593", "CVE-2018-3646", "CVE-2018-12893", "CVE-2018-18883", "CVE-2018-3620", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2018-3665", "CVE-2018-7541", "CVE-2018-15469", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-17566", "CVE-2018-12891", "CVE-2018-3639", "CVE-2017-15595"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_f20a0cead5_xen_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-f20a0cead5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875247\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-15469\", \"CVE-2018-15468\", \"CVE-2018-15470\", \"CVE-2018-12891\", \"CVE-2018-12893\", \"CVE-2018-12892\", \"CVE-2018-3665\", \"CVE-2018-3639\", \"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\", \"CVE-2017-17566\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\", \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\", \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\", \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2018-18883\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-12 06:18:52 +0100 (Mon, 12 Nov 2018)\");\n script_name(\"Fedora Update for xen FEDORA-2018-f20a0cead5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-f20a0cead5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTZRP4YFEOQFO3N7OW7IEPY5WYQJWTBQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the FEDORA-2018-f20a0cead5 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"xen on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.9.3~2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-28T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-7cd077ddd3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2017-15597", "CVE-2017-11334", "CVE-2017-7718", "CVE-2018-10981", "CVE-2018-7542", "CVE-2017-14317", "CVE-2017-15592", "CVE-2017-8379", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-9330", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-17045", "CVE-2017-5579", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-8309", "CVE-2017-12137", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-10664", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-12136", "CVE-2017-14318", "CVE-2018-7541", "CVE-2017-13672", "CVE-2017-17046", "CVE-2018-8897", "CVE-2018-10982", "CVE-2017-15595", "CVE-2017-9524"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874616", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7cd077ddd3_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-7cd077ddd3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874616\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-28 05:53:47 +0200 (Mon, 28 May 2018)\");\n script_cve_id(\"CVE-2018-8897\", \"CVE-2018-10982\", \"CVE-2018-10981\", \"CVE-2018-7540\",\n \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\", \"CVE-2017-17044\",\n \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\", \"CVE-2017-15590\",\n \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\", \"CVE-2017-15593\",\n \"CVE-2017-15594\", \"CVE-2017-17046\", \"CVE-2017-13673\", \"CVE-2017-13672\",\n \"CVE-2017-14316\", \"CVE-2017-14318\", \"CVE-2017-14317\", \"CVE-2017-14319\",\n \"CVE-2017-9330\", \"CVE-2017-9524\", \"CVE-2017-10664\", \"CVE-2017-11334\",\n \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-5579\", \"CVE-2017-7718\",\n \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12136\", \"CVE-2017-12855\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-7cd077ddd3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7cd077ddd3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXFPXZZ4KQ6AGMTQLMLDRU2CQ4SRCPWK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.3~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-13T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2018-eb69078020", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-15597", "CVE-2018-10472", "CVE-2017-11334", "CVE-2017-7718", "CVE-2018-7542", "CVE-2017-14317", "CVE-2017-15592", "CVE-2017-8379", "CVE-2017-12855", "CVE-2017-12135", "CVE-2017-9330", "CVE-2017-15591", "CVE-2017-13673", "CVE-2017-17045", "CVE-2017-5579", "CVE-2017-17044", "CVE-2017-15593", "CVE-2017-8309", "CVE-2017-12137", "CVE-2017-14316", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-10664", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15594", "CVE-2017-12136", "CVE-2017-14318", "CVE-2018-7541", "CVE-2017-13672", "CVE-2017-17046", "CVE-2017-15595", "CVE-2017-9524"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_eb69078020_xen_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for xen FEDORA-2018-eb69078020\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874435\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-13 05:45:06 +0200 (Sun, 13 May 2018)\");\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2017-15595\",\n \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-15592\", \"CVE-2017-15597\",\n \"CVE-2017-15590\", \"CVE-2017-15591\", \"CVE-2017-15589\", \"CVE-2017-15588\",\n \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2017-17046\", \"CVE-2017-13673\",\n \"CVE-2017-13672\", \"CVE-2017-14316\", \"CVE-2017-14318\", \"CVE-2017-14317\",\n \"CVE-2017-14319\", \"CVE-2017-9330\", \"CVE-2017-9524\", \"CVE-2017-10664\",\n \"CVE-2017-11334\", \"CVE-2017-8309\", \"CVE-2017-8379\", \"CVE-2017-5579\",\n \"CVE-2017-7718\", \"CVE-2017-12135\", \"CVE-2017-12137\", \"CVE-2017-12136\",\n \"CVE-2017-12855\", \"CVE-2018-10472\", \"CVE-2018-10471\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2018-eb69078020\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-eb69078020\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTBUMHXXYEU5ST4CRY3CHNJZUII77XCT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.8.3~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:33:29", "description": "add Xen page-table isolation (XPTI) mitigation and Branch Target Injection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition may crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS the host [XSA-256] (#1549572)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-07T00:00:00", "type": "nessus", "title": "Fedora 27 : xen (2018-c553a586c8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-C553A586C8.NASL", "href": "https://www.tenable.com/plugins/nessus/107176", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-c553a586c8.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107176);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_xref(name:\"FEDORA\", value:\"2018-c553a586c8\");\n\n script_name(english:\"Fedora 27 : xen (2018-c553a586c8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"add Xen page-table isolation (XPTI) mitigation and Branch Target\nInjection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4\npagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition\nmay crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS\nthe host [XSA-256] (#1549572)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c553a586c8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"xen-4.9.1-5.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-08-19T12:33:32", "description": "update Xen page-table isolation (XPTI) mitigation and add Branch Target Injection (BTI) mitigation for XSA-254 DoS via non-preemptable L3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1 transition may crash Xen [XSA-255] (#1549570) x86 PVH guest without LAPIC may DoS the host [XSA-256] (#1549572)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-21T00:00:00", "type": "nessus", "title": "Fedora 26 : xen (2018-0746dac335)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-0746DAC335.NASL", "href": "https://www.tenable.com/plugins/nessus/108492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-0746dac335.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108492);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_xref(name:\"FEDORA\", value:\"2018-0746dac335\");\n\n script_name(english:\"Fedora 26 : xen (2018-0746dac335)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update Xen page-table isolation (XPTI) mitigation and add Branch\nTarget Injection (BTI) mitigation for XSA-254 DoS via non-preemptable\nL3/L4 pagetable freeing [XSA-252] (#1549568) grant table v2 -> v1\ntransition may crash Xen [XSA-255] (#1549570) x86 PVH guest without\nLAPIC may DoS the host [XSA-256] (#1549572)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0746dac335\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"xen-4.8.3-3.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-08-19T12:33:37", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2018-7540 Jann Horn discovered that missing checks in page table freeing may result in denial of service.\n\n - CVE-2018-7541 Jan Beulich discovered that incorrect error handling in grant table checks may result in guest-to-host denial of service and potentially privilege escalation.\n\n - CVE-2018-7542 Ian Jackson discovered that insufficient handling of x86 PVH guests without local APICs may result in guest-to-host denial of service.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-05T00:00:00", "type": "nessus", "title": "Debian DSA-4131-1 : xen - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2018-11-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:xen", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4131.NASL", "href": "https://www.tenable.com/plugins/nessus/107123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4131. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107123);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_xref(name:\"DSA\", value:\"4131\");\n\n script_name(english:\"Debian DSA-4131-1 : xen - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor :\n\n - CVE-2018-7540\n Jann Horn discovered that missing checks in page table\n freeing may result in denial of service.\n\n - CVE-2018-7541\n Jan Beulich discovered that incorrect error handling in\n grant table checks may result in guest-to-host denial of\n service and potentially privilege escalation.\n\n - CVE-2018-7542\n Ian Jackson discovered that insufficient handling of x86\n PVH guests without local APICs may result in\n guest-to-host denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4131\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libxen-4.8\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxen-dev\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libxenstore3.0\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-amd64\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-arm64\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-hypervisor-4.8-armhf\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-amd64\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-arm64\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-system-armhf\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-4.8\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xen-utils-common\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"xenstore-utils\", reference:\"4.8.3+comet2+shim4.10.0+comet3-1+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-08-19T12:32:51", "description": "The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-04-06T00:00:00", "type": "nessus", "title": "Citrix XenServer Multiple Vulnerabilities (CTX232655)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2074", "CVE-2018-7540", "CVE-2018-7541"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX232655.NASL", "href": "https://www.tenable.com/plugins/nessus/108887", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108887);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2016-2074\", \"CVE-2018-7540\", \"CVE-2018-7541\");\n script_bugtraq_id(85700, 103174, 103177);\n\n script_name(english:\"Citrix XenServer Multiple Vulnerabilities (CTX232655)\"); \n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by multiple\nvulnerabilities.\"\n);\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX232655\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2018/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2018/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp_name = \"Citrix XenServer\";\nversion = get_kb_item_or_exit(\"Host/XenServer/version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\npatches = get_kb_item(\"Host/XenServer/patches\");\nvuln = FALSE;\nfix = '';\n\nif (version =~ \"^7\\.0($|[^0-9])\")\n{\n fix1 = \"XS70E052\"; # CTX233362\n fix2 = \"XS70E051\"; # CTX233364\n if (fix1 >!< patches && fix2 >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^7\\.1($|[^0-9])\")\n{\n fix = \"XS71ECU1012\"; # CTX233365\n fix2 = \"XS71ECU1013\"; # CTX233363\n if (fix >!< patches && fix2 >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^7\\.2($|[^0-9])\")\n{\n fix = \"XS72E016\"; # CTX233366\n if (fix >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^7\\.3($|[^0-9])\")\n{\n fix = \"XS73E003\"; # CTX233368\n if (fix >!< patches) vuln = TRUE;\n}\n\n\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nif (vuln)\n{\n port = 0;\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Missing hotfix\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Missing hotfix\")\n );\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-08T14:55:21", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - BUILDINFO: xen commit=b2a6db11ced11291a472bc1bda20ce329eda4d66\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - gnttab: don't blindly free status pages upon version change (Andrew Cooper)  [Orabug: 27571750]  (CVE-2018-7541)\n\n - memory: don't implicitly unpin for decrease-reservation (Andrew Cooper)  [Orabug: 27571737]  (CVE-2018-7540)\n\n - BUILDINFO: xen commit=873b8236e886daa3c26dae28d0c1c53d88447dc0\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: if secure boot is enabled don't write pci config space (Elena Ufimtseva)  [Orabug: 27533309]\n\n - BUILDINFO: xen commit=81602116e75b6bbc519366b242c71888aa1b1673\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86: allow easier disabling of BTI mitigations (Zhenzhong Duan) [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/boot: Make alternative patching NMI-safe (Andrew Cooper) [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - xen/cmdline: Fix parse_boolean for unadorned values (Andrew Cooper)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Optimize the context switch code a bit (Zhenzhong Duan)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update init_speculation_mitigations to upstream's (Zhenzhong Duan)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update RSB related implementation to upstream ones (Zhenzhong Duan)  [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - BUILDINFO: xen commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux) (Konrad Rzeszutek Wilk)  [Orabug:\n 27445678]\n\n - BUILDINFO: xen commit=9657d91fcbf49798d2c5135866e1947113d536dc\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/Spectre: Set thunk to THUNK_NONE if compiler support is not available (Boris Ostrovsky)  [Orabug:\n 27375688]\n\n - BUILDINFO: xen commit=4e5826dfcb56d3a868a9934646989f8483f03b3c\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen: No dependencies on dracut and microcode_ctl RPMs (Boris Ostrovsky)  [Orabug: 27409718]", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-05T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-7540", "CVE-2018-7541"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/107130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0021.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107130);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2018-7540\", \"CVE-2018-7541\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - BUILDINFO: xen\n commit=b2a6db11ced11291a472bc1bda20ce329eda4d66\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - gnttab: don't blindly free status pages upon version\n change (Andrew Cooper)  [Orabug: 27571750]  \n (CVE-2018-7541)\n\n - memory: don't implicitly unpin for decrease-reservation\n (Andrew Cooper)  [Orabug: 27571737]  \n (CVE-2018-7540)\n\n - BUILDINFO: xen\n commit=873b8236e886daa3c26dae28d0c1c53d88447dc0\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: if secure boot is enabled don't write pci config\n space (Elena Ufimtseva)  [Orabug: 27533309]\n\n - BUILDINFO: xen\n commit=81602116e75b6bbc519366b242c71888aa1b1673\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec_ctrl: Fix several bugs in\n SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)  \n [Orabug: 27553376]  (CVE-2017-5753) (CVE-2017-5715)\n (CVE-2017-5754)\n\n - x86: allow easier disabling of BTI mitigations\n (Zhenzhong Duan) [Orabug: 27553376]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/boot: Make alternative patching NMI-safe (Andrew\n Cooper) [Orabug: 27553376]  (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - xen/cmdline: Fix parse_boolean for unadorned values\n (Andrew Cooper)  [Orabug: 27553376]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Optimize the context switch code a bit (Zhenzhong\n Duan)  [Orabug: 27553376]  (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - Update init_speculation_mitigations to upstream's\n (Zhenzhong Duan)  [Orabug: 27553376]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/entry: Avoid using alternatives in NMI/#MC paths\n (Andrew Cooper)  [Orabug: 27553376]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update RSB related implementation to upstream ones\n (Zhenzhong Duan)  [Orabug: 27553376]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - BUILDINFO: xen\n commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008,\n EBX.12 (redux) (Konrad Rzeszutek Wilk)  [Orabug:\n 27445678]\n\n - BUILDINFO: xen\n commit=9657d91fcbf49798d2c5135866e1947113d536dc\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/Spectre: Set thunk to THUNK_NONE if compiler support\n is not available (Boris Ostrovsky)  [Orabug:\n 27375688]\n\n - BUILDINFO: xen\n commit=4e5826dfcb56d3a868a9934646989f8483f03b3c\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen: No dependencies on dracut and microcode_ctl RPMs\n (Boris Ostrovsky)  [Orabug: 27409718]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-March/000832.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de7c508d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/05\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-105.0.36.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-105.0.36.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-04-08T14:55:47", "description": "This update for xen fixes the following issues: Update to Xen 4.7.5 bug fix only release (bsc#1027519) Security issues fixed :\n\n - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) (bsc#1080635)\n\n - CVE-2018-7541: A grant table v2 -> v1 transition may crash Xen (XSA-255) (bsc#1080662)\n\n - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed information leaks via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation.\n (bsc#1074562)\n\n - Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) (bsc#1087251)\n\n - Xen HVM: Fixed unchecked MSR access error (bsc#1072834)\n\n - Add script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU They are triggered via xl vcpu-set domU N (fate#324965)\n\n - Make sure tools and tools-domU require libs from the very same build\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-04-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0909-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-7540", "CVE-2018-7541"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0909-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0909-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109001);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2018-7540\", \"CVE-2018-7541\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0909-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes the following issues: Update to Xen 4.7.5\nbug fix only release (bsc#1027519) Security issues fixed :\n\n - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4\n pagetable freeing (XSA-252) (bsc#1080635)\n\n - CVE-2018-7541: A grant table v2 -> v1 transition may\n crash Xen (XSA-255) (bsc#1080662)\n\n - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed\n information leaks via side effects of speculative\n execution (XSA-254). Includes Spectre v2 mitigation.\n (bsc#1074562)\n\n - Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1) (bsc#1087251)\n\n - Xen HVM: Fixed unchecked MSR access error (bsc#1072834)\n\n - Add script, udev rule and systemd service to watch for\n vcpu online/offline events in a HVM domU They are\n triggered via xl vcpu-set domU N (fate#324965)\n\n - Make sure tools and tools-domU require libs from the\n very same build\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5753/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5754/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7540/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7541/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180909-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ac88457\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-612=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-612=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-612=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-debugsource-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.7.5_02-43.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.7.5_02-43.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-04-08T14:52:34", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=9ccc143584e12027a8db854d19ce8a120d22cfac\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - gnttab: don't blindly free status pages upon version change (Andrew Cooper)  [Orabug: 27614581]  (CVE-2018-7541)\n\n - memory: don't implicitly unpin for decrease-reservation (Andrew Cooper)  [Orabug: 27614605]  (CVE-2018-7540)\n\n - xend: allow setting topology if smt is off in bios (Elena Ufimtseva)  \n\n - x86/svm: clear CPUID IBPB when feature is not supported (Elena Ufimtseva)  [Orabug: 27416699]\n\n - x86/domain: Move hvm_vcpu_initialize before cpuid_policy_changed (Elena Ufimtseva)  [Orabug:\n 27416699]\n\n - x86, amd_ucode: support multiple container files appended together (Aravind Gopalakrishnan)  [Orabug: 27416699]\n\n - x86/intel: change default governor to performance (Joao Martins) \n\n - x86/cpuidle: Disable deep C-states due to erratum AAJ72 (Joao Martins)  [Orabug: 27614625]\n\n - Revert 'set max cstate to 1' (Joao Martins)  [Orabug: 27614625]\n\n - x86/cpuidle: add new CPU families (Jan Beulich)  [Orabug: 27614625]\n\n - x86/Intel: Broadwell doesn't have PKG_C[8,9,10]_RESIDENCY MSRs (Jan Beulich)  [Orabug: 27614625]\n\n - x86: support newer Intel CPU models (Jan Beulich)  [Orabug: 27614625]\n\n - mwait-idle: add KBL support (Len Brown)  [Orabug:\n 27614625]\n\n - mwait-idle: add SKX support (Len Brown)  [Orabug:\n 27614625]\n\n - mwait_idle: Skylake Client Support (Len Brown)  [Orabug: 27614625]\n\n - x86: support newer Intel CPU models (Jan Beulich)  [Orabug: 27614625]\n\n - x86/idle: update to include further package/core residency MSRs (Jan Beulich)  [Orabug: 27614625]\n\n - mwait-idle: support additional Broadwell model (Len Brown) [Orabug: 27614625]\n\n - x86/mwait-idle: Broadwell support (Len Brown)  [Orabug: 27614625]\n\n - x86/mwait-idle: disable Baytrail Core and Module C6 auto-demotion (Len Brown)  [Orabug: 27614625]\n\n - mwait-idle: add CPU model 54 (Atom N2000 series) (Jan Kiszka) [Orabug: 27614625]\n\n - mwait-idle: support Bay Trail (Len Brown)  [Orabug:\n 27614625]\n\n - mwait-idle: allow sparse sub-state numbering, for Bay Trail (Len Brown)  [Orabug: 27614625]\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=c837c35e1c04791a50f930926ba815ca5b4d3661\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: restore smt parameter on guest reboot (Elena Ufimtseva) [Orabug: 27574191]\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=f36f7903ae0886ab4ef7e3e01c83c9dba819537b\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86: allow easier disabling of BTI mitigations (Zhenzhong Duan) [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/boot: Make alternative patching NMI-safe (Andrew Cooper) [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - xen/cmdline: Fix parse_boolean for unadorned values (Andrew Cooper)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Optimize the context switch code a bit (Zhenzhong Duan)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update init_speculation_mitigations to upstream's (Zhenzhong Duan)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update RSB related implementation to upstream ones (Zhenzhong Duan)  [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=bdecffda647e17f8aaeb4057bd1064236075bc9c\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: if secure boot is enabled don't write pci config space (Elena Ufimtseva)  [Orabug: 27533309]\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=46aa4f995b266e9dc0bce98b448423c5fdc79fde\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - hvmloader: Correct nr_vnodes when init_vnuma_info fails (Annie Li)  \n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=1fb819ca1b801af1f59983f34776501336a57979\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Fail migration if destination does not allow pv guest running (Annie Li)  [Orabug: 27465310]\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=dfc241a5b6a952bde385b1d68ef42acf8f80302c\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux) (Konrad Rzeszutek Wilk)  [Orabug:\n 27445667]\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=d5afa57c42732dc35a572582099c67ee3c397434\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Enable creating pv guest on OVM3.4.4 by default (Annie Li) [Orabug: 27424482]\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=619dd3aa6aac97dbc9f23fdae3d6fd6dfab8a0da\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen/x86: Make sure identify_cpu is called with traps enabled (Joao Martins)  [Orabug: 27393237]\n\n - xend: disallow pv guests to run (Joao Martins)  [Orabug: 27370330]\n\n - hvmloader, x86/hvm, domctl: enumerate apicid based on vcpu_to_vnode (Joao Martins)  [Orabug: 27119689]\n\n - xend: conditionally use dom0 vcpus for vnuma auto (Joao Martins) \n\n - x86/Spectre: Set thunk to THUNK_NONE if compiler support is not available (Boris Ostrovsky)  [Orabug:\n 27375704]\n\n - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen commit=1d2270f50ef2b1b22b8f6ee7a9b571ea96f7f37b\n\n - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen: No dependencies on dracut and microcode_ctl RPMs (Boris Ostrovsky)  [Orabug: 27409734]", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-05T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : xen (OVMSA-2018-0020) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-7540", "CVE-2018-7541"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0020.NASL", "href": "https://www.tenable.com/plugins/nessus/107129", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0020.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107129);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2018-7540\", \"CVE-2018-7541\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2018-0020) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=9ccc143584e12027a8db854d19ce8a120d22cfac\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - gnttab: don't blindly free status pages upon version\n change (Andrew Cooper)  [Orabug: 27614581]  \n (CVE-2018-7541)\n\n - memory: don't implicitly unpin for decrease-reservation\n (Andrew Cooper)  [Orabug: 27614605]  \n (CVE-2018-7540)\n\n - xend: allow setting topology if smt is off in bios\n (Elena Ufimtseva)  \n\n - x86/svm: clear CPUID IBPB when feature is not supported\n (Elena Ufimtseva)  [Orabug: 27416699]\n\n - x86/domain: Move hvm_vcpu_initialize before\n cpuid_policy_changed (Elena Ufimtseva)  [Orabug:\n 27416699]\n\n - x86, amd_ucode: support multiple container files\n appended together (Aravind Gopalakrishnan)  \n [Orabug: 27416699]\n\n - x86/intel: change default governor to performance (Joao\n Martins) \n\n - x86/cpuidle: Disable deep C-states due to erratum AAJ72\n (Joao Martins)  [Orabug: 27614625]\n\n - Revert 'set max cstate to 1' (Joao Martins)  \n [Orabug: 27614625]\n\n - x86/cpuidle: add new CPU families (Jan Beulich)  \n [Orabug: 27614625]\n\n - x86/Intel: Broadwell doesn't have\n PKG_C[8,9,10]_RESIDENCY MSRs (Jan Beulich)  \n [Orabug: 27614625]\n\n - x86: support newer Intel CPU models (Jan Beulich)  \n [Orabug: 27614625]\n\n - mwait-idle: add KBL support (Len Brown)  [Orabug:\n 27614625]\n\n - mwait-idle: add SKX support (Len Brown)  [Orabug:\n 27614625]\n\n - mwait_idle: Skylake Client Support (Len Brown)  \n [Orabug: 27614625]\n\n - x86: support newer Intel CPU models (Jan Beulich)  \n [Orabug: 27614625]\n\n - x86/idle: update to include further package/core\n residency MSRs (Jan Beulich)  [Orabug: 27614625]\n\n - mwait-idle: support additional Broadwell model (Len\n Brown) [Orabug: 27614625]\n\n - x86/mwait-idle: Broadwell support (Len Brown)  \n [Orabug: 27614625]\n\n - x86/mwait-idle: disable Baytrail Core and Module C6\n auto-demotion (Len Brown)  [Orabug: 27614625]\n\n - mwait-idle: add CPU model 54 (Atom N2000 series) (Jan\n Kiszka) [Orabug: 27614625]\n\n - mwait-idle: support Bay Trail (Len Brown)  [Orabug:\n 27614625]\n\n - mwait-idle: allow sparse sub-state numbering, for Bay\n Trail (Len Brown)  [Orabug: 27614625]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=c837c35e1c04791a50f930926ba815ca5b4d3661\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: restore smt parameter on guest reboot (Elena\n Ufimtseva) [Orabug: 27574191]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=f36f7903ae0886ab4ef7e3e01c83c9dba819537b\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86/spec_ctrl: Fix several bugs in\n SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)  \n [Orabug: 27553369]  (CVE-2017-5753) (CVE-2017-5715)\n (CVE-2017-5754)\n\n - x86: allow easier disabling of BTI mitigations\n (Zhenzhong Duan) [Orabug: 27553369]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/boot: Make alternative patching NMI-safe (Andrew\n Cooper) [Orabug: 27553369]  (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - xen/cmdline: Fix parse_boolean for unadorned values\n (Andrew Cooper)  [Orabug: 27553369]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Optimize the context switch code a bit (Zhenzhong\n Duan)  [Orabug: 27553369]  (CVE-2017-5753)\n (CVE-2017-5715) (CVE-2017-5754)\n\n - Update init_speculation_mitigations to upstream's\n (Zhenzhong Duan)  [Orabug: 27553369]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - x86/entry: Avoid using alternatives in NMI/#MC paths\n (Andrew Cooper)  [Orabug: 27553369]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - Update RSB related implementation to upstream ones\n (Zhenzhong Duan)  [Orabug: 27553369]  \n (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=bdecffda647e17f8aaeb4057bd1064236075bc9c\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xend: if secure boot is enabled don't write pci config\n space (Elena Ufimtseva)  [Orabug: 27533309]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=46aa4f995b266e9dc0bce98b448423c5fdc79fde\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - hvmloader: Correct nr_vnodes when init_vnuma_info fails\n (Annie Li)  \n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=1fb819ca1b801af1f59983f34776501336a57979\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Fail migration if destination does not allow pv guest\n running (Annie Li)  [Orabug: 27465310]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=dfc241a5b6a952bde385b1d68ef42acf8f80302c\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008,\n EBX.12 (redux) (Konrad Rzeszutek Wilk)  [Orabug:\n 27445667]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=d5afa57c42732dc35a572582099c67ee3c397434\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - Enable creating pv guest on OVM3.4.4 by default (Annie\n Li) [Orabug: 27424482]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=619dd3aa6aac97dbc9f23fdae3d6fd6dfab8a0da\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen/x86: Make sure identify_cpu is called with traps\n enabled (Joao Martins)  [Orabug: 27393237]\n\n - xend: disallow pv guests to run (Joao Martins)  \n [Orabug: 27370330]\n\n - hvmloader, x86/hvm, domctl: enumerate apicid based on\n vcpu_to_vnode (Joao Martins)  [Orabug: 27119689]\n\n - xend: conditionally use dom0 vcpus for vnuma auto (Joao\n Martins) \n\n - x86/Spectre: Set thunk to THUNK_NONE if compiler support\n is not available (Boris Ostrovsky)  [Orabug:\n 27375704]\n\n - BUILDINFO: OVMF\n commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8\n\n - BUILDINFO: xen\n commit=1d2270f50ef2b1b22b8f6ee7a9b571ea96f7f37b\n\n - BUILDINFO: QEMU upstream\n commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff\n\n - BUILDINFO: QEMU traditional\n commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba\n\n - BUILDINFO: IPXE\n commit=9a93db3f0947484e30e753bbd61a10b17336e20e\n\n - BUILDINFO: SeaBIOS\n commit=7d9cbe613694924921ed1a6f8947d711c5832eee\n\n - xen: No dependencies on dracut and microcode_ctl RPMs\n (Boris Ostrovsky)  [Orabug: 27409734]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-March/000831.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?884f76d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/05\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-155.0.22.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-155.0.22.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-08-19T12:33:31", "description": "According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability.\n\nNote that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}, "published": "2018-03-02T00:00:00", "type": "nessus", "title": "Xen guest_remove_page() Function Pagetable Unpinning Handling Guest-to-host DoS (XSA-252)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7540"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-252.NASL", "href": "https://www.tenable.com/plugins/nessus/107097", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107097);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-7540\");\n script_bugtraq_id(103174);\n\n script_name(english:\"Xen guest_remove_page() Function Pagetable Unpinning Handling Guest-to-host DoS (XSA-252)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by a denial of service\nvulnerability.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-252.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-7540\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\n\nfixes['4.7']['fixed_ver'] = '4.7.5-pre';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\n\nfixes['4.8']['fixed_ver'] = '4.8.4-pre';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\n\nfixes['4.9']['fixed_ver'] = '4.9.2-pre';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\n\nfixes['4.10']['fixed_ver'] = '4.10.1-pre';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n fix = fixes[ver_branch]['fixed_ver'];\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n \"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path\n);\n\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:33:02", "description": "According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability.\n\nNote that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-02T00:00:00", "type": "nessus", "title": "Xen gnttab_map_frame() Function Missing Mapping Check Upgrade Guest-to-host DoS (XSA-255)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-7541"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-255.NASL", "href": "https://www.tenable.com/plugins/nessus/107098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107098);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-7541\");\n script_bugtraq_id(103177);\n\n script_name(english:\"Xen gnttab_map_frame() Function Missing Mapping Check Upgrade Guest-to-host DoS (XSA-255)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by a denial of service\nvulnerability.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-255.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-7541\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['fixed_ver_display'] = '4.6.6 (changeset 4972c38)';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\nfixes['4.6']['affected_changesets'] = make_list(\"bd461fc\", \"c9c1bb6\",\n \"0fbf30a\", \"7e20b9b\", \"d1618f4\", \"9d534c1\", \"dbb3553\", \"e54a8c6\",\n \"8005ed3\", \"9a852e0\", \"d779cc1\", \"c93bcf9\", \"15adcf3\", \"d7b8190\",\n \"2b1457f\", \"a357880\", \"ee23fcc\", \"5651015\", \"225e9c7\", \"3c70619\",\n \"1222333\", \"75bdd69\", \"8994cf3\", \"642c603\", \"c25ea9a\", \"feba571\",\n \"0163087\", \"44c2666\", \"db743b0\", \"41a5cce\", \"4e1b9e9\", \"4d21549\",\n \"ff4800c\", \"2613a1b\", \"8335c8a\", \"ab20c5c\", \"9089da9\", \"8edfc82\",\n \"af5b61a\", \"ec05090\", \"75263f7\", \"f7e273a\", \"03c7d2c\", \"9ce1a71\",\n \"a735c7a\", \"44ad7f6\", \"91dc902\", \"a065841\", \"c6e9e60\", \"f94c11d\",\n \"45ddc4e\", \"1ca93b7\", \"8c0c36e\", \"6e43623\", \"47d3e73\", \"ea80245\",\n \"37bb22b\", \"9b0c2a2\", \"8d3fe28\", \"be63d66\", \"9454e30\", \"aad5a67\",\n \"d8b0ebf\", \"f0208a4\", \"42b2c82\", \"57318e1\", \"9f22d72\", \"e0353b4\",\n \"76f1549\", \"9bac910\", \"c7a43e3\", \"913d4f8\", \"c5881c5\", \"b0239cd\",\n \"78fd0c3\", \"9079e0d\", \"1658a87\", \"22b6dfa\", \"a8cd231\", \"629eddd\",\n \"64c03bb\", \"b4660b4\", \"1ac8162\", \"747df3c\", \"5ae011e\", \"f974d32\",\n \"3300ad3\", \"d708b69\");\n\nfixes['4.7']['fixed_ver'] = '4.7.5';\nfixes['4.7']['fixed_ver_display'] = '4.7.5-pre (changeset c15b8dc)';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\nfixes['4.7']['affected_changesets'] = make_list(\"640691d\", \"69dcb65\",\n \"ade3bca\", \"c64e0c1\", \"e54670f\", \"7d56ef3\", \"aac4cbe\", \"68420b4\",\n \"e09548d\", \"be261bd\", \"327a783\", \"9f08fce\", \"4a38ec2\", \"65c9e06\",\n \"84d47ac\", \"b7dae55\", \"b2b7fe1\", \"c947e1e\", \"b1ae126\", \"72450c8\",\n \"e9220b4\", \"f961688\", \"91f7e46\", \"f291c01\", \"3cf4e29\", \"8860219\",\n \"62a2624\", \"c3f8df3\", \"3877c02\", \"f0ed5f9\", \"160b53c\", \"e131309\",\n \"9ede1ac\", \"d0cfbe8\", \"d596e6a\", \"f50ea84\", \"de3bdaa\", \"766990b\",\n \"4ac0229\", \"bafd63f\", \"d5bb425\", \"003ec3e\", \"fd884d6\", \"50c68df\",\n \"1bdcc9f\", \"2914ef5\", \"62b9706\", \"624abdc\", \"d7b73ed\", \"112c49c\",\n \"a5b0fa4\", \"e19d0af\", \"e19517a\", \"9b76908\", \"46025e3\", \"0e6c6fc\",\n \"40c4410\", \"f3b76b6\", \"4c937e2\", \"2307798\", \"7089465\", \"375896d\",\n \"99474d1\", \"f407332\", \"1c58d74\", \"d02140f\", \"fae9dd5\", \"caae052\",\n \"c90b5c1\", \"5b1c9fe\", \"2e6775e\", \"f2d19fb\", \"0baeec6\", \"664433a\",\n \"b3dfadc\", \"8f14027\", \"1967ced\", \"c3ddeca\", \"b9c150e\", \"5a99156\",\n \"4f34d9f\", \"4133de7\", \"b3981ea\", \"184f259\", \"67966a9\", \"af3f585\");\n\nfixes['4.8']['fixed_ver'] = '4.8.4';\nfixes['4.8']['fixed_ver_display'] = '4.8.4-pre (changeset 141be84)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\"bb49733\", \"48faa50\",\n \"5938aa1\", \"d11783c\", \"8e1e3c7\", \"99ed786\", \"76bdfe8\", \"fee4689\",\n \"c0bfde6\", \"64c1742\", \"8615385\", \"e09a5c2\", \"ff570a3\", \"e6bcb41\",\n \"29e7171\", \"c3d195c\", \"2cd189e\", \"afdad6a\", \"532ccf4\", \"da49e51\",\n \"ca9583d\", \"479b879\", \"2eefd92\", \"60c50f2\", \"1838e21\", \"5732a8e\",\n \"987b08d\", \"eadcd83\", \"ef2464c\", \"17bfbc8\", \"499391b\", \"87cb0e2\", \"393de92\");\n\nfixes['4.9']['fixed_ver'] = '4.9.2';\nfixes['4.9']['fixed_ver_display'] = '4.9.2-pre (changeset e9bff96)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"8f42f0a\", \"aafb8ac\",\n \"88fbabc\", \"3b10e12\", \"7d5f8b3\", \"59999ae\", \"79d5197\", \"68c76d7\",\n \"bda3283\", \"a24b755\", \"13a30ba\", \"0177bf5\", \"2fdee60\", \"186c3c6\",\n \"e57d4d0\", \"1dcfd39\", \"f11cf29\", \"bd53bc8\", \"7648049\", \"602633e\",\n \"6fef46d\", \"30b9929\", \"447dce8\", \"29df8a5\", \"6403b50\", \"628b6af\",\n \"237a58b\", \"f0f7ce5\", \"d6e9725\", \"9aaa208\", \"40f9ae9\", \"ade9554\",\n \"a0ed034\", \"4d01dbc\", \"22379b6\", \"6e13ad7\", \"0d32237\", \"4ba59bd\",\n \"2997c5e\", \"751c879\", \"a2567d6\", \"9f79e8d\", \"fba48ef\", \"3790833\",\n \"50450c1\", \"2ec7ccb\", \"dc7d465\", \"1e09746\", \"87ea781\", \"96990e2\",\n \"2213ffe\", \"c3774d1\", \"f559d50\", \"f877aab\", \"0c3d524\", \"4d190d7\",\n \"a4a4abf\", \"432f715\", \"389df4f\", \"d6fe186\", \"6a39a56\", \"d9ade82\",\n \"c09e166\", \"df6db6c\", \"986fcb8\", \"da8c866\", \"47a7e3b\", \"57205c4\",\n \"09d7c30\", \"8edff60\", \"fe1147d\", \"78c61ba\", \"c9afe26\", \"4bd6306\",\n \"a20f838\", \"984bb18\", \"1b0029c\", \"32e364c\", \"d3db9e3\", \"c553285\",\n \"6260c47\", \"d1cca07\", \"0a0dcdc\", \"fb51cab\", \"61c13ed\", \"52ad651\");\n\nfixes['4.10']['fixed_ver'] = '4.10.1';\nfixes['4.10']['fixed_ver_display'] = '4.10.1-pre (changeset 16edf98)';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\nfixes['4.10']['affected_changesets'] = make_list(\"e2ceb2e\", \"1b1c059\",\n \"5e91fc4\", \"3921128\", \"cd2e143\", \"3181472\", \"5644514\", \"db12743\",\n \"bc0e599\", \"fc81946\", \"ce7d7c0\", \"a695f8d\", \"92efbe8\", \"8baba87\",\n \"79891ef\", \"641c11e\", \"05eba93\", \"a69cfdf\", \"0f4be6e\", \"0a7e6b5\",\n \"65ee6e0\", \"129880d\", \"c513244\", \"0e12c2c\", \"6aaf353\", \"32babfc\",\n \"47bbcb2\", \"8743fc2\", \"1830b20\", \"ab95cb0\", \"d02ef3d\", \"e32f814\",\n \"c534ab4\", \"be3138b\", \"79012ea\", \"bbd093c\", \"a69a8b5\", \"f167ebf\",\n \"c4c0187\", \"19ad8a7\", \"3caf32c\", \"df7be94\", \"f379b70\", \"728fadb\",\n \"9281129\", \"cae6e15\", \"d1f4283\", \"0f7a4fa\", \"b829d42\", \"7cccd6f\",\n \"234f481\", \"57dc197\", \"7209b8b\", \"910dd00\", \"50d24b9\", \"c89c622\",\n \"3b8d88d\", \"cdb1fb4\", \"a401864\", \"a87ec48\", \"9dc5eda\", \"135b67e\",\n \"682a9d8\", \"19dcd8e\", \"e5364c3\", \"e2dc7b5\", \"c8f4f45\", \"4150501\",\n \"ab7be6c\", \"f3fb667\");\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n \"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path\n);\n\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-08-19T12:32:51", "description": "The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-04-06T00:00:00", "type": "nessus", "title": "Citrix XenServer Multiple Vulnerabilities (CTX232096)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-7540", "CVE-2018-7541"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:citrix:xenserver"], "id": "CITRIX_XENSERVER_CTX232096.NASL", "href": "https://www.tenable.com/plugins/nessus/108886", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108886);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-17563\",\n \"CVE-2017-17564\",\n \"CVE-2017-17565\",\n \"CVE-2017-17566\",\n \"CVE-2018-7540\",\n \"CVE-2018-7541\"\n );\n script_bugtraq_id(\n 102167,\n 102169,\n 102172,\n 103174,\n 103177\n );\n\n script_name(english:\"Citrix XenServer Multiple Vulnerabilities (CTX232096)\");\n script_summary(english:\"Checks for patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A server virtualization platform installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Citrix XenServer running on the remote host is missing\na security hotfix. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.citrix.com/article/CTX232096\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate hotfix according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:citrix:xenserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"citrix_xenserver_version.nbin\");\n script_require_keys(\"Host/XenServer/version\", \"Host/local_checks_enabled\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp_name = \"Citrix XenServer\";\nversion = get_kb_item_or_exit(\"Host/XenServer/version\");\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\npatches = get_kb_item(\"Host/XenServer/patches\");\nvuln = FALSE;\nfix = '';\npending = \"Refer to vendor for patch/mitigation options\";\n\nif (version == \"6.0.2\")\n{\n fix = \"XS602ECC051\"; # CTX232082\n if (fix >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^6\\.2\")\n{\n fix = \"XS62ESP1067\"; # CTX232083\n if (fix >!< patches) vuln = TRUE;\n}\nelse if (version =~ \"^6\\.5($|[^0-9])\")\n{\n fix = \"XS65ESP1065\"; # CTX232084\n if (fix >!< patches) vuln = TRUE;\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app_name, version);\n\nif (vuln)\n{\n port = 0;\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Missing hotfix\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Missing hotfix\")\n );\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:40:19", "description": "This update for xen to version 4.9.2 fixes several issues. This feature was added :\n\n - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N' These security issues were fixed :\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820)\n\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822)\n\n - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152).\n\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635).\n\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing (bsc#1080635).\n\n - CVE-2018-7541: Guest OS users were able to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1 (bsc#1080662).\n\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC (bsc#1080634).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-05-10T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:1184-1) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754", "CVE-2018-10471", "CVE-2018-10472", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-debugsource", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-debuginfo", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-1184-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1184-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109677);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2017-5754\", \"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2018-8897\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVB\", value:\"2018-B-0057-S\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:1184-1) (Meltdown)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen to version 4.9.2 fixes several issues. This\nfeature was added :\n\n - Added script, udev rule and systemd service to watch for\n vcpu online/offline events in a HVM domU. They are\n triggered via 'xl vcpu-set domU N' These security issues\n were fixed :\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions\n on x86 (XSA-260, bsc#1090820)\n\n - Handle HPET timers in IO-APIC mode correctly to prevent\n malicious or buggy HVM guests from causing a hypervisor\n crash or potentially privilege escalation/information\n leaks (XSA-261, bsc#1090822)\n\n - Prevent unbounded loop, induced by qemu allowing an\n attacker to permanently keep a physical CPU core busy\n (XSA-262, bsc#1090823)\n\n - CVE-2018-10472: x86 HVM guest OS users (in certain\n configurations) were able to read arbitrary dom0 files\n via QMP live insertion of a CDROM, in conjunction with\n specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n\n - CVE-2018-10471: x86 PV guest OS users were able to cause\n a denial of service (out-of-bounds zero write and\n hypervisor crash) via unexpected INT 80 processing,\n because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n\n - CVE-2018-7540: x86 PV guest OS users were able to cause\n a denial of service (host OS CPU hang) via\n non-preemptable L3/L4 pagetable freeing (bsc#1080635).\n\n - CVE-2018-7541: Guest OS users were able to cause a\n denial of service (hypervisor crash) or gain privileges\n by triggering a grant-table transition from v2 to v1\n (bsc#1080662).\n\n - CVE-2018-7542: x86 PVH guest OS users were able to cause\n a denial of service (NULL pointer dereference and\n hypervisor crash) by leveraging the mishandling of\n configurations that lack a Local APIC (bsc#1080634).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1072834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10471/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10472/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7540/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7541/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7542/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-8897/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181184-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2b70d41\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-828=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-828=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-828=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-debuginfo-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-debugsource-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.9.2_04-3.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-4.9.2_04-3.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:42:06", "description": "This update for xen to version 4.9.2 fixes several issues.\n\nThis feature was added :\n\n - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N'\n\nThese security issues were fixed :\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820)\n\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822)\n\n - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152).\n\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635).\n\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing (bsc#1080635).\n\n - CVE-2018-7541: Guest OS users were able to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1 (bsc#1080662).\n\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC (bsc#1080634).\n\nThese non-security issues were fixed :\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep default to run xenstored as daemon in dom0\n\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) \n\n - bsc#1072834: Prevent unchecked MSR access error This update was imported from the SUSE:SLE-12-SP3:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-05-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : xen (openSUSE-2018-454) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5754", "CVE-2018-10471", "CVE-2018-10472", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-454.NASL", "href": "https://www.tenable.com/plugins/nessus/109751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-454.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109751);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2017-5754\", \"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\", \"CVE-2018-8897\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVB\", value:\"2018-B-0057-S\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2018-454) (Meltdown)\");\n script_summary(english:\"Check for the openSUSE-2018-454 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen to version 4.9.2 fixes several issues.\n\nThis feature was added :\n\n - Added script, udev rule and systemd service to watch for\n vcpu online/offline events in a HVM domU. They are\n triggered via 'xl vcpu-set domU N'\n\nThese security issues were fixed :\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions\n on x86 (XSA-260, bsc#1090820)\n\n - Handle HPET timers in IO-APIC mode correctly to prevent\n malicious or buggy HVM guests from causing a hypervisor\n crash or potentially privilege escalation/information\n leaks (XSA-261, bsc#1090822)\n\n - Prevent unbounded loop, induced by qemu allowing an\n attacker to permanently keep a physical CPU core busy\n (XSA-262, bsc#1090823)\n\n - CVE-2018-10472: x86 HVM guest OS users (in certain\n configurations) were able to read arbitrary dom0 files\n via QMP live insertion of a CDROM, in conjunction with\n specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n\n - CVE-2018-10471: x86 PV guest OS users were able to cause\n a denial of service (out-of-bounds zero write and\n hypervisor crash) via unexpected INT 80 processing,\n because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n\n - CVE-2018-7540: x86 PV guest OS users were able to cause\n a denial of service (host OS CPU hang) via\n non-preemptable L3/L4 pagetable freeing (bsc#1080635).\n\n - CVE-2018-7541: Guest OS users were able to cause a\n denial of service (hypervisor crash) or gain privileges\n by triggering a grant-table transition from v2 to v1\n (bsc#1080662).\n\n - CVE-2018-7542: x86 PVH guest OS users were able to cause\n a denial of service (NULL pointer dereference and\n hypervisor crash) by leveraging the mishandling of\n configurations that lack a Local APIC (bsc#1080634).\n\nThese non-security issues were fixed :\n\n - bsc#1087252: Update built-in defaults for xenstored in\n stubdom, keep default to run xenstored as daemon in dom0\n\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow\n processing vmcores with crash(1) \n\n - bsc#1072834: Prevent unchecked MSR access error This\n update was imported from the SUSE:SLE-12-SP3:Update\n update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1072834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1080634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1080635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1080662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090823\"\n );\n # https://features.opensuse.org/324965\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/11\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/14\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-4.9.2_04-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-debugsource-4.9.2_04-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-devel-4.9.2_04-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-doc-html-4.9.2_04-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-4.9.2_04-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-libs-debuginfo-4.9.2_04-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-4.9.2_04-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-debuginfo-4.9.2_04-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-4.9.2_04-19.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"xen-tools-domU-debuginfo-4.9.2_04-19.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-libs / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:58:40", "description": "Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.4.4lts4-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-11-13T00:00:00", "type": "nessus", "title": "Debian DLA-1577-1 : xen security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12891", "CVE-2018-12893", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxen-4.4", "p-cpe:/a:debian:debian_linux:libxen-dev", "p-cpe:/a:debian:debian_linux:libxenstore3.0", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-amd64", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-arm64", "p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-armhf", "p-cpe:/a:debian:debian_linux:xen-system-amd64", "p-cpe:/a:debian:debian_linux:xen-system-arm64", "p-cpe:/a:debian:debian_linux:xen-system-armhf", "p-cpe:/a:debian:debian_linux:xen-utils-4.4", "p-cpe:/a:debian:debian_linux:xen-utils-common", "p-cpe:/a:debian:debian_linux:xenstore-utils", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1577.NASL", "href": "https://www.tenable.com/plugins/nessus/118892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1577-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118892);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-12891\", \"CVE-2018-12893\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-8897\");\n\n script_name(english:\"Debian DLA-1577-1 : xen security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, informations leaks or\nprivilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.4.4lts4-0+deb8u1.\n\nWe recommend that you upgrade your xen packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/xen\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxen-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxenstore3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-hypervisor-4.4-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-system-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-utils-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xenstore-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxen-4.4\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxen-dev\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxenstore3.0\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-amd64\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-arm64\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-hypervisor-4.4-armhf\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-amd64\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-arm64\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-system-armhf\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-4.4\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-utils-common\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xenstore-utils\", reference:\"4.4.4lts4-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:58:39", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0271 for details.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-15T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : xen (OVMSA-2018-0271) (Foreshadow) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2021-04-09T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2018-0271.NASL", "href": "https://www.tenable.com/plugins/nessus/118962", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0271.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118962);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/09\");\n\n script_cve_id(\"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-3620\", \"CVE-2018-3639\", \"CVE-2018-3646\", \"CVE-2018-3665\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-8897\");\n\n script_name(english:\"OracleVM 3.3 : xen (OVMSA-2018-0271) (Foreshadow) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2018-0271 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-November/000905.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4bcf420f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8897\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"xen-4.3.0-55.el6.186.195\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"xen-tools-4.3.0-55.el6.186.195\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T16:00:10", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0272 for details.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-15T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : xen (OVMSA-2018-0272) (Foreshadow) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2021-04-09T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2018-0272.NASL", "href": "https://www.tenable.com/plugins/nessus/118963", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0272.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118963);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/09\");\n\n script_cve_id(\"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-3620\", \"CVE-2018-3639\", \"CVE-2018-3646\", \"CVE-2018-3665\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-8897\");\n\n script_name(english:\"OracleVM 3.2 : xen (OVMSA-2018-0272) (Foreshadow) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2018-0272 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-November/000906.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f53ac2a8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected xen / xen-devel / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8897\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-4.1.3-25.el5.223.214\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-devel-4.1.3-25.el5.223.214\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-tools-4.1.3-25.el5.223.214\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:42:36", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0218 for details.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-05-23T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : xen (OVMSA-2018-0218) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17565", "CVE-2017-17566", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0218.NASL", "href": "https://www.tenable.com/plugins/nessus/109987", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0218.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109987);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-17565\", \"CVE-2017-17566\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-8897\");\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2018-0218) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2018-0218 for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000856.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-105.0.45.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-105\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-105.0.45.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-08T14:55:23", "description": "This update for xen fixes several issues. These security issues were fixed :\n\n - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032)\n\n - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116).\n\n - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180).\n\n - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081)\n\n - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158).\n\n - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159).\n\n - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160).\n\n - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163).\n\n - Added missing intermediate preemption checks for guest requesting removal of memory. This allowed malicious guest administrator to cause denial of service due to the high cost of this operation (bsc#1080635).\n\n - Because of XEN not returning the proper error messages when transitioning grant tables from v2 to v1 a malicious guest was able to cause DoS or potentially allowed for privilege escalation as well as information leaks (bsc#1080662).\n\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1024307)\n\n - Unprivileged domains could have issued well-timed writes to xenstore which conflict with transactions to stall progress of the control domain or driver domain, possibly leading to DoS (bsc#1030144, XSA-206).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-15T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : xen (SUSE-SU-2018:0678-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11334", "CVE-2017-15595", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2017-18030", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5898", "CVE-2018-5683", "CVE-2018-7540", "CVE-2018-7541"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-doc-pdf", "p-cpe:/a:novell:suse_linux:xen-kmp-default", "p-cpe:/a:novell:suse_linux:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-domU", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0678-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0678-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108369);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11334\", \"CVE-2017-15595\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\", \"CVE-2017-17566\", \"CVE-2017-18030\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2017-5898\", \"CVE-2018-5683\", \"CVE-2018-7540\", \"CVE-2018-7541\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES11 Security Update : xen (SUSE-SU-2018:0678-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for xen fixes several issues. These security issues were\nfixed :\n\n - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent\n information leaks via side effects of speculative\n execution, aka 'Spectre' and 'Meltdown' attacks\n (bsc#1074562, bsc#1068032)\n\n - CVE-2018-5683: The vga_draw_text function allowed local\n OS guest privileged users to cause a denial of service\n (out-of-bounds read and QEMU process crash) by\n leveraging improper memory address validation\n (bsc#1076116).\n\n - CVE-2017-18030: The cirrus_invalidate_region function\n allowed local OS guest privileged users to cause a\n denial of service (out-of-bounds array access and QEMU\n process crash) via vectors related to negative pitch\n (bsc#1076180).\n\n - CVE-2017-15595: x86 PV guest OS users were able to cause\n a DoS (unbounded recursion, stack consumption, and\n hypervisor crash) or possibly gain privileges via\n crafted page-table stacking (bsc#1061081)\n\n - CVE-2017-17566: Prevent PV guest OS users to cause a\n denial of service (host OS crash) or gain host OS\n privileges in shadow mode by mapping a certain auxiliary\n page (bsc#1070158).\n\n - CVE-2017-17563: Prevent guest OS users to cause a denial\n of service (host OS crash) or gain host OS privileges by\n leveraging an incorrect mask for reference-count\n overflow checking in shadow mode (bsc#1070159).\n\n - CVE-2017-17564: Prevent guest OS users to cause a denial\n of service (host OS crash) or gain host OS privileges by\n leveraging incorrect error handling for reference\n counting in shadow mode (bsc#1070160).\n\n - CVE-2017-17565: Prevent PV guest OS users to cause a\n denial of service (host OS crash) if shadow mode and\n log-dirty mode are in place, because of an incorrect\n assertion related to M2P (bsc#1070163).\n\n - Added missing intermediate preemption checks for guest\n requesting removal of memory. This allowed malicious\n guest administrator to cause denial of service due to\n the high cost of this operation (bsc#1080635).\n\n - Because of XEN not returning the proper error messages\n when transitioning grant tables from v2 to v1 a\n malicious guest was able to cause DoS or potentially\n allowed for privilege escalation as well as information\n leaks (bsc#1080662).\n\n - CVE-2017-5898: The CCID Card device emulator support was\n vulnerable to an integer overflow flaw allowing a\n privileged user to crash the Qemu process on the host\n resulting in DoS (bsc#1024307)\n\n - Unprivileged domains could have issued well-timed writes\n to xenstore which conflict with transactions to stall\n progress of the control domain or driver domain,\n possibly leading to DoS (bsc#1030144, XSA-206).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11334/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15595/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17563/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17564/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18030/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5753/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5754/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5898/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5683/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7540/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7541/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180678-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?39d89a0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-xen-13511=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-xen-13511=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-xen-13511=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.5_21_3.0.101_0.47.106.14-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-4.2.5_21-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-domU-4.2.5_21-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-4.2.5_21-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-html-4.2.5_21-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-doc-pdf-4.2.5_21-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.2.5_21-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-tools-4.2.5_21-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.14-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-kmp-default-4.2.5_21_3.0.101_0.47.106.14-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-libs-4.2.5_21-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-tools-domU-4.2.5_21-45.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"xen-kmp-pae-4.2.5_21_3.0.101_0.47.106.14-45.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-08T15:19:20", "description": "The remote host is affected by the vulnerability described in GLSA-201810-06 (Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details.\n Impact :\n\n A local attacker could cause a Denial of Service condition or disclose sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-5244", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2022-01-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:xen", "p-cpe:/a:gentoo:linux:xen-tools", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201810-06.NASL", "href": "https://www.tenable.com/plugins/nessus/118506", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201810-06.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118506);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2018-10471\", \"CVE-2018-10472\", \"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-12891\", \"CVE-2018-12892\", \"CVE-2018-12893\", \"CVE-2018-15468\", \"CVE-2018-15469\", \"CVE-2018-15470\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-5244\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-7542\");\n script_xref(name:\"GLSA\", value:\"201810-06\");\n\n script_name(english:\"GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201810-06\n(Xen: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Xen. Please review the\n referenced CVE identifiers for details.\n \nImpact :\n\n A local attacker could cause a Denial of Service condition or disclose\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201810-06\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Xen users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/xen-4.10.1-r2'\n All Xen tools users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=app-emulation/xen-tools-4.10.1-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10982\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/xen\", unaffected:make_list(\"ge 4.10.1-r2\"), vulnerable:make_list(\"lt 4.10.1-r2\"))) flag++;\nif (qpkg_check(package:\"app-emulation/xen-tools\", unaffected:make_list(\"ge 4.10.1-r2\"), vulnerable:make_list(\"lt 4.10.1-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:50:52", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0248 for details.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-08-20T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3495", "CVE-2014-3566", "CVE-2014-3672", "CVE-2014-5146", "CVE-2014-7188", "CVE-2014-8594", "CVE-2014-8595", "CVE-2014-8866", "CVE-2014-8867", "CVE-2014-9065", "CVE-2015-0361", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2152", "CVE-2015-2751", "CVE-2015-2752", "CVE-2015-3340", "CVE-2015-4163", "CVE-2015-4164", "CVE-2015-7812", "CVE-2015-7813", "CVE-2015-7814", "CVE-2015-7835", "CVE-2015-7969", "CVE-2015-7970", "CVE-2015-7971", "CVE-2015-8550", "CVE-2016-10013", "CVE-2016-10024", "CVE-2016-1570", "CVE-2016-1571", "CVE-2016-3712", "CVE-2016-6258", "CVE-2016-7777", "CVE-2016-9603", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-14316", "CVE-2017-14317", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-15597", "CVE-2017-17044", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7228", "CVE-2017-8903", "CVE-2017-8904", "CVE-2017-8905", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2021-01-28T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0248.NASL", "href": "https://www.tenable.com/plugins/nessus/111992", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0248.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111992);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/28\");\n\n script_cve_id(\"CVE-2013-3495\", \"CVE-2014-3566\", \"CVE-2014-3672\", \"CVE-2014-5146\", \"CVE-2014-7188\", \"CVE-2014-8594\", \"CVE-2014-8595\", \"CVE-2014-8866\", \"CVE-2014-8867\", \"CVE-2014-9065\", \"CVE-2015-0361\", \"CVE-2015-2044\", \"CVE-2015-2045\", \"CVE-2015-2151\", \"CVE-2015-2152\", \"CVE-2015-2751\", \"CVE-2015-2752\", \"CVE-2015-3340\", \"CVE-2015-4163\", \"CVE-2015-4164\", \"CVE-2015-7812\", \"CVE-2015-7813\", \"CVE-2015-7814\", \"CVE-2015-7835\", \"CVE-2015-7969\", \"CVE-2015-7970\", \"CVE-2015-7971\", \"CVE-2015-8550\", \"CVE-2016-10013\", \"CVE-2016-10024\", \"CVE-2016-1570\", \"CVE-2016-1571\", \"CVE-2016-3712\", \"CVE-2016-6258\", \"CVE-2016-7777\", \"CVE-2016-9603\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-14316\", \"CVE-2017-14317\", \"CVE-2017-14319\", \"CVE-2017-15588\", \"CVE-2017-15589\", \"CVE-2017-15590\", \"CVE-2017-15592\", \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2017-15595\", \"CVE-2017-15597\", \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\", \"CVE-2017-17566\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2017-7228\", \"CVE-2017-8903\", \"CVE-2017-8904\", \"CVE-2017-8905\", \"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-3620\", \"CVE-2018-3639\", \"CVE-2018-3646\", \"CVE-2018-3665\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-8897\");\n script_bugtraq_id(61854, 69198, 70198, 70574, 71149, 71151, 71331, 71332, 71544, 71882, 72954, 72955, 73015, 73068, 73443, 73448, 74248, 75141, 75149);\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2018-0248 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-August/000884.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a675193\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-155.0.43.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-155.0.43.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-10T19:58:31", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0039 for details.", "cvss3": {"score": 10, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3495", "CVE-2014-3566", "CVE-2014-3672", "CVE-2014-5146", "CVE-2014-7188", "CVE-2014-8594", "CVE-2014-8595", "CVE-2014-8866", "CVE-2014-8867", "CVE-2014-9065", "CVE-2015-0361", "CVE-2015-2044", "CVE-2015-2045", "CVE-2015-2151", "CVE-2015-2152", "CVE-2015-2751", "CVE-2015-2752", "CVE-2015-3340", "CVE-2015-4163", "CVE-2015-4164", "CVE-2015-7812", "CVE-2015-7813", "CVE-2015-7814", "CVE-2015-7835", "CVE-2015-7969", "CVE-2015-7970", "CVE-2015-7971", "CVE-2015-8550", "CVE-2016-10013", "CVE-2016-10024", "CVE-2016-1570", "CVE-2016-1571", "CVE-2016-3712", "CVE-2016-6258", "CVE-2016-7777", "CVE-2016-9603", "CVE-2017-10912", "CVE-2017-10913", "CVE-2017-10914", "CVE-2017-10915", "CVE-2017-10917", "CVE-2017-10918", "CVE-2017-10920", "CVE-2017-10921", "CVE-2017-10922", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-14316", "CVE-2017-14317", "CVE-2017-14319", "CVE-2017-15289", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-15590", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-15597", "CVE-2017-17044", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2017-18030", "CVE-2017-2615", "CVE-2017-2620", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7228", "CVE-2017-8903", "CVE-2017-8904", "CVE-2017-8905", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-12207", "CVE-2018-15468", "CVE-2018-19961", "CVE-2018-19965", "CVE-2018-19966", "CVE-2018-19967", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-8897", "CVE-2019-11091", "CVE-2019-11135", "CVE-2019-18424", "CVE-2019-19577", "CVE-2019-19579", "CVE-2019-19583", "CVE-2020-0543", "CVE-2020-14364", "CVE-2020-15565", "CVE-2020-15567"], "modified": "2020-11-10T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0039.NASL", "href": "https://www.tenable.com/plugins/nessus/140019", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0039.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140019);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/10\");\n\n script_cve_id(\"CVE-2013-3495\", \"CVE-2014-3566\", \"CVE-2014-3672\", \"CVE-2014-5146\", \"CVE-2014-7188\", \"CVE-2014-8594\", \"CVE-2014-8595\", \"CVE-2014-8866\", \"CVE-2014-8867\", \"CVE-2014-9065\", \"CVE-2015-0361\", \"CVE-2015-2044\", \"CVE-2015-2045\", \"CVE-2015-2151\", \"CVE-2015-2152\", \"CVE-2015-2751\", \"CVE-2015-2752\", \"CVE-2015-3340\", \"CVE-2015-4163\", \"CVE-2015-4164\", \"CVE-2015-7812\", \"CVE-2015-7813\", \"CVE-2015-7814\", \"CVE-2015-7835\", \"CVE-2015-7969\", \"CVE-2015-7970\", \"CVE-2015-7971\", \"CVE-2015-8550\", \"CVE-2016-10013\", \"CVE-2016-10024\", \"CVE-2016-1570\", \"CVE-2016-1571\", \"CVE-2016-3712\", \"CVE-2016-6258\", \"CVE-2016-7777\", \"CVE-2016-9603\", \"CVE-2017-10912\", \"CVE-2017-10913\", \"CVE-2017-10914\", \"CVE-2017-10915\", \"CVE-2017-10917\", \"CVE-2017-10918\", \"CVE-2017-10920\", \"CVE-2017-10921\", \"CVE-2017-10922\", \"CVE-2017-12135\", \"CVE-2017-12136\", \"CVE-2017-12137\", \"CVE-2017-14316\", \"CVE-2017-14317\", \"CVE-2017-14319\", \"CVE-2017-15289\", \"CVE-2017-15588\", \"CVE-2017-15589\", \"CVE-2017-15590\", \"CVE-2017-15592\", \"CVE-2017-15593\", \"CVE-2017-15594\", \"CVE-2017-15595\", \"CVE-2017-15597\", \"CVE-2017-17044\", \"CVE-2017-17045\", \"CVE-2017-17563\", \"CVE-2017-17564\", \"CVE-2017-17565\", \"CVE-2017-17566\", \"CVE-2017-18030\", \"CVE-2017-2615\", \"CVE-2017-2620\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\", \"CVE-2017-7228\", \"CVE-2017-8903\", \"CVE-2017-8904\", \"CVE-2017-8905\", \"CVE-2018-10981\", \"CVE-2018-10982\", \"CVE-2018-12126\", \"CVE-2018-12127\", \"CVE-2018-12130\", \"CVE-2018-12207\", \"CVE-2018-15468\", \"CVE-2018-19961\", \"CVE-2018-19965\", \"CVE-2018-19966\", \"CVE-2018-19967\", \"CVE-2018-3620\", \"CVE-2018-3639\", \"CVE-2018-3646\", \"CVE-2018-3665\", \"CVE-2018-7540\", \"CVE-2018-7541\", \"CVE-2018-8897\", \"CVE-2019-11091\", \"CVE-2019-11135\", \"CVE-2019-18424\", \"CVE-2019-19577\", \"CVE-2019-19579\", \"CVE-2019-19583\", \"CVE-2020-0543\", \"CVE-2020-14364\", \"CVE-2020-15565\", \"CVE-2020-15567\");\n script_bugtraq_id(61854, 69198, 70198, 70574, 71149, 71151, 71331, 71332, 71544, 71882, 72954, 72955, 73015, 73068, 73443, 73448, 74248, 75141, 75149);\n\n script_name(english:\"OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2020-0039 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2020-August/000995.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4372e41a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected xen / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10921\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(rpm:\"xen-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-4.4.4-155.0.90.el6\")) flag++;\nif (rpm_exists(rpm:\"xen-tools-4.4.4-155\", release:\"OVS3.4\") && rpm_check(release:\"OVS3.4\", reference:\"xen-tools-4.4.4-155.0.90.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-tools\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "citrix": [{"lastseen": "2020-12-24T11:42:53", "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"DescriptionofProblem\"> Description of Problem</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host.</p>\n<p>The following vulnerabilities have been addressed:</p>\n<ul>\n<li>CVE-2016-2074: openvswitch: MPLS buffer overflow vulnerability</li>\n<li>CVE-2018-7540: DoS via non-preemptable L3/L4 pagetable freeing</li>\n<li>CVE-2018-7541: grant table v2 -> v1 transition may crash Xen</li>\n</ul>\n<p>The host compromise issue (CVE-2016-2074) affects Citrix XenServer versions 7.0 and 7.1 CU1 only.<br/> The denial of service issues affect all supported versions of Citrix XenServer prior to version 7.4.<br/> </p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"MitigatingFactors\"> Mitigating Factors</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Customers using the \u201cLinux bridge\u201d networking mode are unaffected by the host compromise issue.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCustomersShouldDo\"> What Customers Should Do</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<p>Hotfixes have been released to address these issues. Citrix strongly recommends that affected customers install these hotfixes as soon as possible. The hotfixes can be downloaded from the following locations:</p>\n<p>Citrix XenServer 7.3: CTX233368 \u2013 <a href=\"https://support.citrix.com/article/CTX233368\">https://support.citrix.com/article/CTX233368</a></p>\n<p>Citrix XenServer 7.2: CTX233366 \u2013 <a href=\"https://support.citrix.com/article/CTX233366\">https://support.citrix.com/article/CTX233366</a></p>\n<p>Citrix XenServer 7.1 LTSR CU1: CTX233363 \u2013 <a href=\"https://support.citrix.com/article/CTX233363\">https://support.citrix.com/article/CTX233363</a> and CTX233365 \u2013 <a href=\"https://support.citrix.com/article/CTX233365\">https://support.citrix.com/article/CTX233365</a></p>\n<p>Citrix XenServer 7.0: CTX233362 \u2013 <a href=\"https://support.citrix.com/article/CTX233362\">https://support.citrix.com/article/CTX233362</a> and CTX233364 \u2013 <a href=\"https://support.citrix.com/article/CTX233364\">https://support.citrix.com/article/CTX233364</a></p>\n<p>These hotfixes are not livepatchable.</p>\n<p>Citrix is actively working on remediating the denial of service issues for releases that are End of Maintenance but not yet End of Life.</p>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"WhatCitrixIsDoing\"> What Citrix Is Doing</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at <u> <a href=\"http://support.citrix.com/\">http://support.citrix.com/</a></u>.</p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ObtainingSupportonThisIssue\"> Obtaining Support on This Issue</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"https://www.citrix.com/support/open-a-support-case.html\">https://www.citrix.com/support/open-a-support-case.html</a></u>. </p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"ReportingSecurityVulnerabilities\"> Reporting Security Vulnerabilities</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<div>\n<div>\n<p>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"http://support.citrix.com/article/CTX081743\">Reporting Security Issues to Citrix</a></p>\n</div>\n</div>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n<div>\n<!--googleoff: all-->\n<h2 id=\"Changelog\"> Changelog</h2>\n<!--googleon: all-->\n<div>\n<div>\n<div>\n<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" width=\"100%\">\n<tbody>\n<tr>\n<td>Date </td>\n<td>Change</td>\n</tr>\n<tr>\n<td>21st March 2018</td>\n<td>Initial publication</td>\n</tr>\n</tbody>\n</table>\n</div>\n</div>\n</div>\n<!--googleoff: all-->\n<hr/>\n</div>\n</div></div>\n</section>", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-21T04:00:00", "type": "citrix", "title": "Citrix XenServer Multiple Security Updates", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2074", "CVE-2018-7540", "CVE-2018-7541"], "modified": "2018-03-21T04:00:00", "id": "CTX232655", "href": "https://support.citrix.com/article/CTX232655", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-03-06T17:36:32", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.1-5.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2018-03-06T17:36:32", "id": "FEDORA:520A96076F57", "href": "", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-03-20T17:37:29", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.3-3.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2018-03-20T17:37:29", "id": "FEDORA:977BB60A6180", "href": "", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-05-01T13:42:16", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-2.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10471", "CVE-2018-10472", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2018-05-01T13:42:16", "id": "FEDORA:698AD6087A96", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-05-16T13:46:18", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-3.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "modified": "2018-05-16T13:46:18", "id": "FEDORA:BCAE760875D9", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-06-07T11:50:56", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-4.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-3639", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "modified": "2018-06-07T11:50:56", "id": "FEDORA:EAC7F6435E1F", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-07-13T16:38:02", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-6.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-3639", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "modified": "2018-07-13T16:38:02", "id": "FEDORA:73C6F628E99A", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-05-12T18:27:24", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.3-4.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11334", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-13672", "CVE-2017-13673", "CVE-2017-14316", "CVE-2017-14317", "CVE-2017-14318", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17046", "CVE-2017-5579", "CVE-2017-7718", "CVE-2017-8309", "CVE-2017-8379", "CVE-2018-10471", "CVE-2018-10472", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2018-05-12T18:27:24", "id": "FEDORA:6315F608DDDD", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T18:41:37", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-11-11T02:40:40", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.3-2.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-18883", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "modified": "2018-11-11T02:40:40", "id": "FEDORA:2C89F6167407", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T18:41:37", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-08-31T20:04:39", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.2-7.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "modified": "2018-08-31T20:04:39", "id": "FEDORA:D5F726042B1F", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T18:41:37", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-11-25T02:03:43", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: xen-4.9.3-3.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17563", "CVE-2017-17564", "CVE-2017-17565", "CVE-2017-17566", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-18883", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "modified": "2018-11-25T02:03:43", "id": "FEDORA:728DA604CD72", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-05-27T19:19:06", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: xen-4.8.3-5.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11334", "CVE-2017-12135", "CVE-2017-12136", "CVE-2017-12137", "CVE-2017-12855", "CVE-2017-13672", "CVE-2017-13673", "CVE-2017-14316", "CVE-2017-14317", "CVE-2017-14318", "CVE-2017-14319", "CVE-2017-15588", "CVE-2017-15589", "CVE-2017-1559", "CVE-2017-15590", "CVE-2017-15591", "CVE-2017-15592", "CVE-2017-15593", "CVE-2017-15594", "CVE-2017-15595", "CVE-2017-17045", "CVE-2017-17046", "CVE-2017-5579", "CVE-2017-7718", "CVE-2017-8309", "CVE-2017-8379", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542", "CVE-2018-8897"], "modified": "2018-05-27T19:19:06", "id": "FEDORA:E655260321A8", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2021-06-08T18:44:10", "description": "This update for xen fixes the following issues:\n\n Update to Xen 4.7.5 bug fix only release (bsc#1027519)\n\n Security issues fixed:\n\n - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing\n (XSA-252) (bsc#1080635)\n - CVE-2018-7541: A grant table v2 -> v1 transition may crash Xen (XSA-255)\n (bsc#1080662)\n - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed information leaks via\n side effects of speculative execution (XSA-254). Includes Spectre v2\n mitigation. (bsc#1074562)\n\n\n - Preserve xen-syms from xen-dbg.gz to allow processing vmcores with\n crash(1) (bsc#1087251)\n - Xen HVM: Fixed unchecked MSR access error (bsc#1072834)\n - Add script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU They are triggered via xl vcpu-set\n domU N (fate#324965)\n - Make sure tools and tools-domU require libs from the very same build\n\n", "cvss3": {}, "published": "2018-04-10T18:07:40", "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715", "CVE-2018-7541"], "modified": "2018-04-10T18:07:40", "id": "SUSE-SU-2018:0909-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00009.html", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:44:10", "description": "This update for xen to version 4.9.2 fixes several issues.\n\n This feature was added:\n\n - Added script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU. They are triggered via 'xl vcpu-set\n domU N'\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of\n service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing\n (bsc#1080635).\n - CVE-2018-7541: Guest OS users were able to cause a denial of service\n (hypervisor crash) or gain privileges by triggering a grant-table\n transition from v2 to v1 (bsc#1080662).\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of\n service (NULL pointer dereference and hypervisor crash) by leveraging\n the mishandling\n of configurations that lack a Local APIC (bsc#1080634).\n\n These non-security issues were fixed:\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep\n default to run xenstored as daemon in dom0\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1)\n - bsc#1072834: Prevent unchecked MSR access error\n\n", "cvss3": {}, "published": "2018-05-09T21:09:32", "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-7542", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2018-05-09T21:09:32", "id": "SUSE-SU-2018:1184-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00013.html", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:44:11", "description": "This update for xen to version 4.9.2 fixes several issues.\n\n This feature was added:\n\n - Added script, udev rule and systemd service to watch for vcpu\n online/offline events in a HVM domU. They are triggered via 'xl vcpu-set\n domU N'\n\n These security issues were fixed:\n\n - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260,\n bsc#1090820)\n - Handle HPET timers in IO-APIC mode correctly to prevent malicious or\n buggy HVM guests from causing a hypervisor crash or potentially\n privilege escalation/information leaks (XSA-261, bsc#1090822)\n - Prevent unbounded loop, induced by qemu allowing an attacker to\n permanently keep a physical CPU core busy (XSA-262, bsc#1090823)\n - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were\n able to read arbitrary dom0 files via QMP live insertion of a CDROM, in\n conjunction with specifying the target file as the backing file of a\n snapshot (bsc#1089152).\n - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of\n service (out-of-bounds zero write and hypervisor crash) via unexpected\n INT 80 processing, because of an incorrect fix for CVE-2017-5754\n (bsc#1089635).\n - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of\n service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing\n (bsc#1080635).\n - CVE-2018-7541: Guest OS users were able to cause a denial of service\n (hypervisor crash) or gain privileges by triggering a grant-table\n transition from v2 to v1 (bsc#1080662).\n - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of\n service (NULL pointer dereference and hypervisor crash) by leveraging\n the mishandling\n of configurations that lack a Local APIC (bsc#1080634).\n\n These non-security issues were fixed:\n\n - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep\n default to run xenstored as daemon in dom0\n - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing\n vmcores with crash(1)\n - bsc#1072834: Prevent unchecked MSR access error\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "cvss3": {}, "published": "2018-05-12T00:37:01", "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-10471", "CVE-2018-7540", "CVE-2017-5754", "CVE-2018-10472", "CVE-2018-7542", "CVE-2018-7541", "CVE-2018-8897"], "modified": "2018-05-12T00:37:01", "id": "OPENSUSE-SU-2018:1274-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-05/msg00059.html", "cvss": {"score": 6.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:44:10", "description": "This update for xen fixes several issues.\n\n These security issues were fixed:\n\n - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks\n via side effects of speculative execution, aka "Spectre" and "Meltdown"\n attacks (bsc#1074562, bsc#1068032)\n - CVE-2018-5683: The vga_draw_text function allowed local OS guest\n privileged users to cause a denial of service (out-of-bounds read and\n QEMU process crash) by leveraging improper memory address validation\n (bsc#1076116).\n - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS\n guest privileged users to cause a denial of service (out-of-bounds array\n access and QEMU process crash) via vectors related to negative pitch\n (bsc#1076180).\n - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS\n (unbounded recursion, stack consumption, and hypervisor crash) or\n possibly gain privileges via crafted page-table stacking (bsc#1061081)\n - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service\n (host OS crash) or gain host OS privileges in shadow mode by mapping a\n certain auxiliary page (bsc#1070158).\n - CVE-2017-17563: Prevent guest OS users to cause a denial of service\n (host OS crash) or gain host OS privileges by leveraging an incorrect\n mask for reference-count overflow checking in shadow mode (bsc#1070159).\n - CVE-2017-17564: Prevent guest OS users to cause a denial of service\n (host OS crash) or gain host OS privileges by leveraging incorrect error\n handling for reference counting in shadow mode (bsc#1070160).\n - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service\n (host OS crash) if shadow mode and log-dirty mode are in place, because\n of an incorrect assertion related to M2P (bsc#1070163).\n - Added missing intermediate preemption checks for guest requesting\n removal of memory. This allowed malicious guest administrator to cause\n denial of service due to the high cost of this operation (bsc#1080635).\n - Because of XEN not returning the proper error messages when\n transitioning grant tables from v2 to v1 a malicious guest was able to\n cause DoS or potentially allowed for privilege escalation as well as\n information leaks (bsc#1080662).\n - CVE-2017-5898: The CCID Card device emulator support was vulnerable to\n an integer overflow flaw allowing a privileged user to crash the Qemu\n process on the host resulting in DoS (bsc#1024307)\n - Unprivileged domains could have issued well-timed writes to xenstore\n which conflict with transactions to stall progress of the control domain\n or driver domain, possibly leading to DoS (bsc#1030144, XSA-206).\n\n", "cvss3": {}, "published": "2018-03-15T00:08:50", "type": "suse", "title": "Security update for xen (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-5683", "CVE-2018-7540", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-17564", "CVE-2017-11334", "CVE-2017-17565", "CVE-2017-17563", "CVE-2017-5715", "CVE-2017-18030", "CVE-2017-5898", "CVE-2018-7541", "CVE-2017-17566", "CVE-2017-15595"], "modified": "2018-03-15T00:08:50", "id": "SUSE-SU-2018:0678-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "xen": [{"lastseen": "2022-02-09T20:38:41", "description": "#### ISSUE DESCRIPTION\nGuests have the ability to request removal of memory from themselves. This operation is intended to be requested for normal read/write pages, but is also permitted to be used on other types of pages. So far this in particular included pages pinned to their current type, with the necessary unpinning happening implicitly. The unpinning of higher level page tables can, however, take a significant amount of time, and hence is generally expected to be carried out with intermediate preemption checks. Such checks were missing from the code path involved here.\n#### IMPACT\nA malicious guest administrator can cause a Denial of Service (DoS). Specifically, prevent use of a physical CPU for a significant period of time.\n#### VULNERABLE SYSTEMS\nAll Xen versions are vulnerable.\nOnly x86 systems are affected. ARM systems are not affected.\nOnly PV guests can leverage this vulnerability. HVM guests cannot leverage this vulnerability.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-02-27T11:57:00", "type": "xen", "title": "DoS via non-preemptable L3/L4 pagetable freeing", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540"], "modified": "2018-03-01T13:15:00", "id": "XSA-252", "href": "http://xenbits.xen.org/xsa/advisory-252.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-09T20:38:41", "description": "#### ISSUE DESCRIPTION\nGrant tables come in two flavors (versions), and domains are permitted to freely change between them (subject to certain constraints). For the guest to use the facility, both the \"normal\" shared pages (applicable to v1 and v2) and the \"status\" pages (applicable to v2 only) need to be mapped by the guest into its address space.\nWhen transitioning from v2 to v1, the status pages become unnecessary and are therefore freed by Xen. That means Xen needs to check that there are no mappings of those pages by the domain. However, that check was mistakenly implemented as a bug check, rather than returning an error to the guest.\n#### IMPACT\nA malicious or buggy guest may cause a hypervisor crash, resulting in a Denial of Service (DoS) affecting the entire host. Privilege escalation as well as information leaks cannot be ruled out for HVM, PVH (both x86), and ARM guests.\nThe impact is more severe for Xen versions 4.0.x, 4.1.0 ... 4.1.3, and 4.2 in that the pages are freed without any checking, thus allowing their re-use for another domain, or by Xen itself, while there still are active mappings (see XSA-26).\n#### VULNERABLE SYSTEMS\nXen versions 4.0 and newer are vulnerable.\nBoth x86 and ARM systems are vulnerable.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-02-27T11:57:00", "type": "xen", "title": "grant table v2 -> v1 transition may crash Xen", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7541"], "modified": "2018-03-01T13:15:00", "id": "XSA-255", "href": "http://xenbits.xen.org/xsa/advisory-255.html", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}], "redhatcve": [{"lastseen": "2021-09-02T22:45:49", "description": "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-02-28T06:48:52", "type": "redhatcve", "title": "CVE-2018-7540", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540"], "modified": "2019-10-12T02:42:40", "id": "RH:CVE-2018-7540", "href": "https://access.redhat.com/security/cve/cve-2018-7540", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-02T22:45:49", "description": "An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-02-28T06:49:14", "type": "redhatcve", "title": "CVE-2018-7541", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7541"], "modified": "2019-10-12T02:42:25", "id": "RH:CVE-2018-7541", "href": "https://access.redhat.com/security/cve/cve-2018-7541", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}], "debiancve": [{"lastseen": "2022-05-15T12:52:13", "description": "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-02-27T19:29:00", "type": "debiancve", "title": "CVE-2018-7540", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540"], "modified": "2018-02-27T19:29:00", "id": "DEBIANCVE:CVE-2018-7540", "href": "https://security-tracker.debian.org/tracker/CVE-2018-7540", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-05-15T12:52:13", "description": "An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-02-27T19:29:00", "type": "debiancve", "title": "CVE-2018-7541", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7541"], "modified": "2018-02-27T19:29:00", "id": "DEBIANCVE:CVE-2018-7541", "href": "https://security-tracker.debian.org/tracker/CVE-2018-7541", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}], "ubuntucve": [{"lastseen": "2022-01-23T11:56:47", "description": "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS\nusers to cause a denial of service (host OS CPU hang) via non-preemptable\nL3/L4 pagetable freeing.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2018-02-27T00:00:00", "type": "ubuntucve", "title": "CVE-2018-7540", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540"], "modified": "2018-02-27T00:00:00", "id": "UB:CVE-2018-7540", "href": "https://ubuntu.com/security/CVE-2018-7540", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-22T21:37:09", "description": "An issue was discovered in Xen through 4.10.x allowing guest OS users to\ncause a denial of service (hypervisor crash) or gain privileges by\ntriggering a grant-table transition from v2 to v1.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-02-27T00:00:00", "type": "ubuntucve", "title": "CVE-2018-7541", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7541"], "modified": "2018-02-27T00:00:00", "id": "UB:CVE-2018-7541", "href": "https://ubuntu.com/security/CVE-2018-7541", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}], "cve": [{"lastseen": "2022-03-23T18:38:07", "description": "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2018-02-27T19:29:00", "type": "cve", "title": "CVE-2018-7540", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7540"], "modified": "2018-11-13T11:29:00", "cpe": ["cpe:/o:xen:xen:4.10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-7540", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7540", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:38:08", "description": "An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-02-27T19:29:00", "type": "cve", "title": "CVE-2018-7541", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 6.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7541"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:xen:xen:4.10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-7541", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7541", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:4.10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2022-01-17T19:04:11", "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA local attacker could cause a Denial of Service condition or disclose sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.10.1-r2\"\n \n\nAll Xen tools users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/xen-tools-4.10.1-r2\"", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-10-30T00:00:00", "type": "gentoo", "title": "Xen: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-10471", "CVE-2018-10472", "CVE-2018-10981", "CVE-2018-10982", "CVE-2018-12891", "CVE-2018-12892", "CVE-2018-12893", "CVE-2018-15468", "CVE-2018-15469", "CVE-2018-15470", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-5244", "CVE-2018-7540", "CVE-2018-7541", "CVE-2018-7542"], "modified": "2018-10-30T00:00:00", "id": "GLSA-201810-06", "href": "https://security.gentoo.org/glsa/201810-06", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}