Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3044.NASLHistoryOct 06, 2014 - 12:00 a.m.
Debian DSA-3044-1 : qemu-kvm - security update
2014-10-0600:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware :
-
Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code.
-
A NULL pointer dereference in SLIRP may result in denial of service
-
An information leak was discovered in the VGA emulation
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-3044. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(78045);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2014-0142", "CVE-2014-0143", "CVE-2014-0144", "CVE-2014-0145", "CVE-2014-0146", "CVE-2014-0147", "CVE-2014-0222", "CVE-2014-0223", "CVE-2014-3615", "CVE-2014-3640");
script_bugtraq_id(66464, 66472, 66481, 66483, 66484, 66486, 67357, 67391, 69654);
script_xref(name:"DSA", value:"3044");
script_name(english:"Debian DSA-3044-1 : qemu-kvm - security update");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware :
- Various security issues have been found in the block
qemu drivers. Malformed disk images might result in the
execution of arbitrary code.
- A NULL pointer dereference in SLIRP may result in denial
of service
- An information leak was discovered in the VGA emulation"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/qemu-kvm"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2014/dsa-3044"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the qemu-kvm packages.
For the stable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6+deb7u4."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/01");
script_set_attribute(attribute:"patch_publication_date", value:"2014/10/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/06");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"kvm", reference:"1.1.2+dfsg-6+deb7u4")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-kvm", reference:"1.1.2+dfsg-6+deb7u4")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-kvm-dbg", reference:"1.1.2+dfsg-6+deb7u4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | qemu-kvm | p-cpe:/a:debian:debian_linux:qemu-kvm |
| debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0146
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640
packages.debian.org/source/wheezy/qemu-kvm
www.debian.org/security/2014/dsa-3044
Related
openvas
openvas
Debian Security Advisory DSA 3045-1 (qemu - security update)
2014-10-04 00:00:00
Debian: Security Advisory (DSA-3044-1)
2014-10-03 00:00:00
Debian Security Advisory DSA 3044-1 (qemu-kvm - security update)
2014-10-04 00:00:00
nessus
nessus
Debian DSA-3045-1 : qemu - security update
2014-10-06 00:00:00
CentOS 6 : qemu-kvm (CESA-2014:0420)
2014-04-23 00:00:00
RHEL 6 : qemu-kvm (RHSA-2014:0420)
2014-04-23 00:00:00
debian
debian
[SECURITY] [DSA 3044-1] qemu-kvm security update
2014-10-04 19:27:21
[SECURITY] [DSA 3045-1] qemu security update
2014-10-04 19:28:01
securityvulns
securityvulns
[SECURITY] [DSA 3045-1] qemu security update
2014-10-13 00:00:00
qemu multiple security vulnerabilities
2014-12-08 00:00:00
[oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size
2014-05-15 00:00:00
redhat
redhat
(RHSA-2014:0421) Moderate: qemu-kvm-rhev security update
2014-04-22 00:00:00
(RHSA-2014:0434) Moderate: qemu-kvm-rhev security update
2014-04-24 00:00:00
(RHSA-2014:0435) Moderate: qemu-kvm-rhev security update
2014-04-24 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2014-04-22 00:00:00
qemu-kvm security and bug fix update
2014-08-19 00:00:00
qemu-kvm security and bug fix update
2014-10-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:57:36
Denial Of Service (DoS)
2019-05-02 04:57:36
Denial Of Service (DoS)
2019-05-02 04:57:36
centos
centos
qemu security update
2014-04-22 19:33:34
qemu security update
2014-08-19 10:00:56
libcacard, qemu security update
2014-10-21 17:21:12
suse
suse
Security update for kvm (important)
2014-05-08 19:04:16
Security update for KVM (important)
2015-05-22 00:08:52
Security update for xen (important)
2015-11-10 18:10:12
fedora
fedora
[SECURITY] Fedora 20 Update: qemu-1.6.2-4.fc20
2014-05-01 22:27:28
[SECURITY] Fedora 20 Update: qemu-1.6.2-9.fc20
2014-10-08 19:01:39
[SECURITY] Fedora 20 Update: qemu-1.6.2-10.fc20
2014-11-10 06:48:10
gentoo
gentoo
QEMU: Multiple vulnerabilities
2014-08-30 00:00:00
QEMU: Multiple Vulnerabilities
2014-12-08 00:00:00
ibm
ibm
mageia
mageia
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
debiancve
debiancve
prion
prion
Denial of service
2017-08-10 15:29:00
Buffer overflow
2017-08-10 15:29:00
Integer overflow
2017-08-10 15:29:00
cve
cve
ubuntucve
ubuntucve
seebug
seebug
QEMU ε€δΈͺηΌε²εΊζΊ’εΊζΌζ΄
2014-03-31 00:00:00
QEMUε€δΈͺζ¬ε°ζη»ζε‘ζΌζ΄
2014-03-31 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2014-09-08 00:00:00
QEMU vulnerabilities
2014-11-13 00:00:00
Related for DEBIAN_DSA-3044.NASL