Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3041.NASL
HistoryOct 02, 2014 - 12:00 a.m.

Debian DSA-3041-1 : xen - security update

2014-10-0200:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3041. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(78027);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-2072", "CVE-2014-7154", "CVE-2014-7155", "CVE-2014-7156", "CVE-2014-7188");
  script_bugtraq_id(59982, 70055, 70057, 70062, 70198);
  script_xref(name:"DSA", value:"3041");

  script_name(english:"Debian DSA-3041-1 : xen - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues have been discovered in the Xen
virtualisation solution which may result in denial of service,
information disclosure or privilege escalation."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/xen"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2014/dsa-3041"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the xen packages.

For the stable distribution (wheezy), these problems have been fixed
in version 4.1.4-3+deb7u3."
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"libxen-4.1", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libxen-dev", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libxen-ocaml", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libxen-ocaml-dev", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"libxenstore3.0", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"xen-docs-4.1", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-amd64", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"xen-hypervisor-4.1-i386", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"xen-system-amd64", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"xen-system-i386", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"xen-utils-4.1", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"xen-utils-common", reference:"4.1.4-3+deb7u3")) flag++;
if (deb_check(release:"7.0", prefix:"xenstore-utils", reference:"4.1.4-3+deb7u3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxxenp-cpe:/a:debian:debian_linux:xen
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

Related

debian 1
openvas 63
securityvulns 2
osv 1
nessus 25
gentoo 1
fedora 35
suse 4
ubuntucve 5
debiancve 5
prion 5
cvelist 5
cve 5
xen 5
mageia 1
debian
debian
[SECURITY] [DSA 3041-1] xen security update
2014-10-01 12:22:28
openvas
openvas
Debian Security Advisory DSA 3041-1 (xen - security update)
2014-10-01 00:00:00
Debian: Security Advisory (DSA-3041-1)
2014-09-30 00:00:00
Gentoo Security Advisory GLSA 201412-42
2015-09-29 00:00:00
securityvulns
securityvulns
Xen multiple security vulnerabilities
2014-10-14 00:00:00
[SECURITY] [DSA 3041-1] xen security update
2014-10-14 00:00:00
osv
osv
xen - security update
2014-10-01 00:00:00
nessus
nessus
Fedora 19 : xen-4.2.5-3.fc19 (2014-12000)
2014-10-12 00:00:00
Fedora 20 : xen-4.3.3-3.fc20 (2014-12036)
2014-10-12 00:00:00
GLSA-201412-42 : Xen: Denial of Service
2014-12-29 00:00:00
gentoo
gentoo
Xen: Denial of service
2014-12-26 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: xen-4.4.1-4.fc21
2014-09-29 03:54:01
[SECURITY] Fedora 21 Update: xen-4.4.1-6.fc21
2014-10-08 19:08:52
[SECURITY] Fedora 19 Update: xen-4.2.2-5.fc19
2013-05-27 03:26:42
suse
suse
xen: security and bugfix update (important)
2014-10-09 13:09:07
xen: security and bugfix update (important)
2014-10-09 13:04:44
Security update for Xen (important)
2013-06-25 19:04:17
ubuntucve
ubuntucve
CVE-2014-7155
2014-10-02 00:00:00
CVE-2014-7156
2014-10-02 00:00:00
CVE-2014-7154
2014-10-02 00:00:00
debiancve
debiancve
CVE-2014-7155
2014-10-02 14:55:00
CVE-2014-7154
2014-10-02 14:55:00
CVE-2013-2072
2013-08-28 21:55:00
prion
prion
Information disclosure
2014-10-02 14:55:00
Race condition
2014-10-02 14:55:00
Design/Logic Flaw
2014-10-02 14:55:00
cvelist
cvelist
CVE-2014-7155
2014-10-02 14:00:00
CVE-2014-7154
2014-10-02 14:00:00
CVE-2014-7156
2014-10-02 14:00:00
cve
cve
CVE-2014-7155
2014-10-02 14:55:00
CVE-2014-7154
2014-10-02 14:55:00
CVE-2014-7156
2014-10-02 14:55:00
xen
xen
Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation
2014-09-23 12:00:00
Improper MSR range used for x2APIC emulation
2014-10-01 12:00:00
Race condition in HVMOP_track_dirty_vram
2014-09-23 12:00:00
mageia
mageia
Updated xen package fixes security issues
2013-07-01 23:17:22
JSON
Related for DEBIAN_DSA-3041.NASL
debian1openvas63securityvulns2osv1nessus25gentoo1fedora35suse4ubuntucve5debiancve5prion5cvelist5cve5xen5mageia1