Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1781.NASL
HistoryMay 10, 2019 - 12:00 a.m.

Debian DLA-1781-1 : qemu security update

2019-05-1000:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

Several vulnerabilities were found in QEMU, a fast processor emulator :

CVE-2018-11806

It was found that the SLiRP networking implementation could use a wrong size when reallocating its buffers, which can be exploited by a priviledged user on a guest to cause denial of service or possibly arbitrary code execution on the host system.

CVE-2018-18849

It was found that the LSI53C895A SCSI Host Bus Adapter emulation was susceptible to an out of bounds memory access, which could be leveraged by a malicious guest user to crash the QEMU process.

CVE-2018-20815

A heap buffer overflow was found in the load_device_tree function, which could be used by a malicious user to potentially execute arbitrary code with the priviledges of the QEMU process.

CVE-2019-9824

William Bowling discovered that the SLiRP networking implementation did not handle some messages properly, which could be triggered to leak memory via crafted messages.

For Debian 8 ‘Jessie’, these problems have been fixed in version 1:2.1+dfsg-12+deb8u11.

We recommend that you upgrade your qemu packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1781-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(124720);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2018-11806", "CVE-2018-18849", "CVE-2018-20815", "CVE-2019-9824");

  script_name(english:"Debian DLA-1781-1 : qemu security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were found in QEMU, a fast processor 
emulator :

CVE-2018-11806

It was found that the SLiRP networking implementation could use a
wrong size when reallocating its buffers, which can be exploited by a
priviledged user on a guest to cause denial of service or possibly
arbitrary code execution on the host system.

CVE-2018-18849

It was found that the LSI53C895A SCSI Host Bus Adapter emulation was
susceptible to an out of bounds memory access, which could be
leveraged by a malicious guest user to crash the QEMU process.

CVE-2018-20815

A heap buffer overflow was found in the load_device_tree function,
which could be used by a malicious user to potentially execute
arbitrary code with the priviledges of the QEMU process.

CVE-2019-9824

William Bowling discovered that the SLiRP networking implementation
did not handle some messages properly, which could be triggered to
leak memory via crafted messages.

For Debian 8 'Jessie', these problems have been fixed in version
1:2.1+dfsg-12+deb8u11.

We recommend that you upgrade your qemu packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/qemu"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-arm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-mips");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-misc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-ppc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-sparc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-system-x86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user-binfmt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-user-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"qemu", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-guest-agent", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-kvm", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-arm", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-common", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-mips", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-misc", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-ppc", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-sparc", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-x86", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-user", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-user-binfmt", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-user-static", reference:"1:2.1+dfsg-12+deb8u11")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-utils", reference:"1:2.1+dfsg-12+deb8u11")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxqemup-cpe:/a:debian:debian_linux:qemu
debiandebian_linuxqemu-guest-agentp-cpe:/a:debian:debian_linux:qemu-guest-agent
debiandebian_linuxqemu-kvmp-cpe:/a:debian:debian_linux:qemu-kvm
debiandebian_linuxqemu-systemp-cpe:/a:debian:debian_linux:qemu-system
debiandebian_linuxqemu-system-armp-cpe:/a:debian:debian_linux:qemu-system-arm
debiandebian_linuxqemu-system-commonp-cpe:/a:debian:debian_linux:qemu-system-common
debiandebian_linuxqemu-system-mipsp-cpe:/a:debian:debian_linux:qemu-system-mips
debiandebian_linuxqemu-system-miscp-cpe:/a:debian:debian_linux:qemu-system-misc
debiandebian_linuxqemu-system-ppcp-cpe:/a:debian:debian_linux:qemu-system-ppc
debiandebian_linuxqemu-system-sparcp-cpe:/a:debian:debian_linux:qemu-system-sparc
Rows per page:
1-10 of 161

Related

debian 3
osv 9
openvas 41
gentoo 1
nessus 75
oraclelinux 8
suse 5
amazon 6
ubuntucve 4
prion 4
debiancve 4
redhat 14
cve 4
veracode 4
redhatcve 4
centos 3
ibm 1
f5 2
zdi 1
ubuntu 2
fedora 2
rocky 1
almalinux 1
debian
debian
[SECURITY] [DLA 1781-1] qemu security update
2019-05-09 18:42:13
[SECURITY] [DSA 4454-1] qemu security update
2019-05-30 18:06:19
[SECURITY] [DSA 4506-1] qemu security update
2019-08-24 09:55:59
osv
osv
qemu - security update
2019-05-09 00:00:00
CVE-2018-20815
2019-05-31 22:29:00
CVE-2018-18849
2019-03-21 16:00:29
openvas
openvas
Debian: Security Advisory (DLA-1781-1)
2019-05-10 00:00:00
openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1274-1)
2019-04-26 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2020-1029)
2020-01-23 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2019-04-24 00:00:00
nessus
nessus
GLSA-201904-25 : QEMU: Multiple vulnerabilities
2019-04-25 00:00:00
Fedora 30 : 2:qemu (2019-52a8f5468e)
2019-07-09 00:00:00
openSUSE Security Update : qemu (openSUSE-2019-1274)
2019-04-26 00:00:00
oraclelinux
oraclelinux
qemu security update
2019-05-14 00:00:00
qemu-kvm security update
2019-07-02 00:00:00
qemu-kvm security and bug fix update
2018-08-16 00:00:00
suse
suse
Security update for qemu (important)
2019-04-25 00:00:00
Security update for qemu (important)
2019-05-17 00:00:00
Security update for qemu (moderate)
2018-08-17 12:15:11
amazon
amazon
Important: qemu
2019-07-18 17:45:00
Important: qemu
2020-07-21 16:34:00
Important: qemu-kvm
2018-09-05 19:33:00
ubuntucve
ubuntucve
CVE-2018-18849
2018-11-02 00:00:00
CVE-2018-20815
2018-12-31 00:00:00
CVE-2019-9824
2019-03-19 00:00:00
prion
prion
Buffer overflow
2019-05-31 22:29:00
Design/Logic Flaw
2019-03-21 16:00:00
Information disclosure
2019-06-03 21:29:00
debiancve
debiancve
CVE-2018-20815
2019-05-31 22:29:00
CVE-2018-18849
2019-03-21 16:00:00
CVE-2019-9824
2019-06-03 21:29:00
redhat
redhat
(RHSA-2019:2507) Important: qemu-kvm-rhev security update
2019-08-15 14:01:18
(RHSA-2019:1667) Important: qemu-kvm-rhev security update
2019-07-02 16:16:14
(RHSA-2019:1743) Important: qemu-kvm-rhev security update
2019-07-10 12:09:28
cve
cve
CVE-2018-20815
2019-05-31 22:29:00
CVE-2018-18849
2019-03-21 16:00:00
CVE-2019-9824
2019-06-03 21:29:00
veracode
veracode
Buffer Overflow
2019-07-08 00:07:31
Out Of Bound Access
2020-09-21 06:21:22
Information Disclosure
2019-07-08 00:07:09
redhatcve
redhatcve
CVE-2018-20815
2019-10-10 05:41:46
CVE-2018-18849
2020-04-08 21:04:48
CVE-2019-9824
2020-03-31 20:00:57
centos
centos
qemu security update
2019-07-03 17:01:43
qemu security update
2019-08-30 04:04:53
qemu security update
2018-08-21 01:08:04
ibm
ibm
Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Open Source vulnerabilities
2020-01-10 08:06:20
f5
f5
K29103455 : QEMU 3.0.0 vulnerability CVE-2019-9824
2020-12-19 00:00:00
K51428664 : QEMU vulnerability CVE-2018-11806
2020-12-31 00:00:00
zdi
zdi
Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
2018-06-07 00:00:00
ubuntu
ubuntu
QEMU update
2019-05-14 00:00:00
QEMU vulnerabilities
2018-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: qemu-3.1.0-9.fc30
2019-07-09 00:56:39
[SECURITY] Fedora 28 Update: qemu-2.11.2-2.fc28
2018-08-24 08:06:03
rocky
rocky
virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
almalinux
almalinux
Low: virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
JSON
Related for DEBIAN_DLA-1781.NASL
debian3osv9openvas41gentoo1nessus75oraclelinux8suse5amazon6ubuntucve4prion4debiancve4redhat14cve4veracode4redhatcve4centos3ibm1f52zdi1ubuntu2fedora2rocky1almalinux1