Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3348.NASL
HistorySep 03, 2015 - 12:00 a.m.

Debian DSA-3348-1 : qemu - security update

2015-09-0300:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

Several vulnerabilities were discovered in qemu, a fast processor emulator.

  • CVE-2015-3214 Matt Tait of Google’s Project Zero security team discovered a flaw in the QEMU i8254 PIT emulation. A privileged guest user in a guest with QEMU PIT emulation enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

  • CVE-2015-5154 Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the IDE subsystem in QEMU while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

  • CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process’s heap.

  • CVE-2015-5225 Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc discovered a buffer overflow flaw in the VNC display driver leading to heap memory corruption. A privileged guest user could use this flaw to mount a denial of service (QEMU process crash), or potentially to execute arbitrary code on the host with the privileges of the hosting QEMU process.

  • CVE-2015-5745 A buffer overflow vulnerability was discovered in the way QEMU handles the virtio-serial device. A malicious guest could use this flaw to mount a denial of service (QEMU process crash).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3348. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(85754);
  script_version("2.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-3214", "CVE-2015-5154", "CVE-2015-5165", "CVE-2015-5225", "CVE-2015-5745");
  script_xref(name:"DSA", value:"3348");

  script_name(english:"Debian DSA-3348-1 : qemu - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were discovered in qemu, a fast processor
emulator.

  - CVE-2015-3214
    Matt Tait of Google's Project Zero security team
    discovered a flaw in the QEMU i8254 PIT emulation. A
    privileged guest user in a guest with QEMU PIT emulation
    enabled could potentially use this flaw to execute
    arbitrary code on the host with the privileges of the
    hosting QEMU process.

  - CVE-2015-5154
    Kevin Wolf of Red Hat discovered a heap buffer overflow
    flaw in the IDE subsystem in QEMU while processing
    certain ATAPI commands. A privileged guest user in a
    guest with the CDROM drive enabled could potentially use
    this flaw to execute arbitrary code on the host with the
    privileges of the hosting QEMU process.

  - CVE-2015-5165
    Donghai Zhu discovered that the QEMU model of the
    RTL8139 network card did not sufficiently validate
    inputs in the C+ mode offload emulation, allowing a
    malicious guest to read uninitialized memory from the
    QEMU process's heap.

  - CVE-2015-5225
    Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from
    Alibaba Inc discovered a buffer overflow flaw in the VNC
    display driver leading to heap memory corruption. A
    privileged guest user could use this flaw to mount a
    denial of service (QEMU process crash), or potentially
    to execute arbitrary code on the host with the
    privileges of the hosting QEMU process.

  - CVE-2015-5745
    A buffer overflow vulnerability was discovered in the
    way QEMU handles the virtio-serial device. A malicious
    guest could use this flaw to mount a denial of service
    (QEMU process crash)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793811"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794610"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795087"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795461"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796465"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-3214"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5154"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5165"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5225"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5745"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5165"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5745"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/qemu"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/qemu"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3348"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the qemu packages.

For the oldstable distribution (wheezy), these problems have been
fixed in version 1.1.2+dfsg-6+deb7u9. The oldstable distribution is
only affected by CVE-2015-5165 and CVE-2015-5745.

For the stable distribution (jessie), these problems have been fixed
in version 1:2.1+dfsg-12+deb8u2."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qemu");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"qemu", reference:"1.1.2+dfsg-6+deb7u9")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-keymaps", reference:"1.1.2+dfsg-6+deb7u9")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-system", reference:"1.1.2+dfsg-6+deb7u9")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-user", reference:"1.1.2+dfsg-6+deb7u9")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-user-static", reference:"1.1.2+dfsg-6+deb7u9")) flag++;
if (deb_check(release:"7.0", prefix:"qemu-utils", reference:"1.1.2+dfsg-6+deb7u9")) flag++;
if (deb_check(release:"8.0", prefix:"qemu", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-guest-agent", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-kvm", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-arm", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-common", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-mips", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-misc", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-ppc", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-sparc", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-system-x86", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-user", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-user-binfmt", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-user-static", reference:"1:2.1+dfsg-12+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"qemu-utils", reference:"1:2.1+dfsg-12+deb8u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxqemup-cpe:/a:debian:debian_linux:qemu
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

References

Related

debian 4
osv 2
openvas 31
securityvulns 3
fedora 13
nessus 64
arista 1
redhat 12
centos 3
suse 13
veracode 4
oraclelinux 4
ubuntu 2
f5 4
archlinux 1
mageia 3
gentoo 1
freebsd 5
prion 5
ubuntucve 5
cve 5
debiancve 5
threatpost 1
ibm 3
xen 2
zdt 1
lenovo 1
myhack58 1
debian
debian
[SECURITY] [DSA 3348-1] qemu security update
2015-09-02 16:22:30
[SECURITY] [DSA 3348-1] qemu security update
2015-09-02 16:22:30
[SECURITY] [DSA 3349-1] qemu-kvm security update
2015-09-02 16:22:36
osv
osv
qemu - security update
2015-09-02 00:00:00
qemu-kvm - security update
2015-09-02 00:00:00
openvas
openvas
Debian Security Advisory DSA 3348-1 (qemu - security update)
2015-09-02 00:00:00
Debian Security Advisory DSA 3348-1 (qemu - security update)
2015-09-02 00:00:00
Fedora Update for qemu FEDORA-2015-13404
2015-09-02 00:00:00
securityvulns
securityvulns
libvirt / qemu multiple security vulnerabilities
2015-08-31 00:00:00
[USN-2724-1] QEMU vulnerabilities
2015-08-31 00:00:00
[USN-2692-1] QEMU vulnerabilities
2015-08-03 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: qemu-2.1.3-9.fc21
2015-09-01 07:30:01
[SECURITY] Fedora 23 Update: qemu-2.4.0-1.fc23
2015-08-23 16:43:19
[SECURITY] Fedora 22 Update: qemu-2.3.1-1.fc22
2015-08-18 05:17:10
nessus
nessus
Fedora 21 : qemu-2.1.3-9.fc21 (2015-13404)
2015-09-02 00:00:00
Debian DSA-3349-1 : qemu-kvm - security update
2015-09-03 00:00:00
SUSE SLES11 Security Update : xen (SUSE-SU-2015:1408-1)
2015-08-21 00:00:00
arista
arista
Security Advisory 0013
2015-09-04 00:00:00
redhat
redhat
(RHSA-2015:1512) Important: qemu-kvm-rhev security update
2015-07-28 00:00:00
(RHSA-2015:1508) Important: qemu-kvm-rhev security update
2015-07-27 12:44:34
(RHSA-2015:1507) Important: qemu-kvm security and bug fix update
2015-07-27 00:00:00
centos
centos
libcacard, qemu security update
2015-07-27 17:01:12
libcacard, qemu security update
2015-09-16 12:50:23
qemu security update
2015-09-22 18:40:09
suse
suse
Security update for xen (important)
2015-08-21 16:11:31
Security update for Xen (important)
2015-09-25 21:10:23
Security update for kvm (important)
2015-09-01 18:09:43
veracode
veracode
Heap-Based Buffer Overflow
2019-05-02 05:41:34
Denial Of Service (DoS)
2019-01-15 09:07:39
Information Disclosure
2019-01-15 09:07:21
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2015-07-27 00:00:00
qemu-kvm security fix update
2015-09-15 00:00:00
qemu-kvm security update
2015-09-22 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2015-08-27 00:00:00
QEMU vulnerabilities
2015-07-28 00:00:00
f5
f5
SOL17057 - QEMU vulnerabilities CVE-2015-3214, CVE-2015-5154, and CVE-2015-5158
2015-08-03 00:00:00
K17057 : QEMU vulnerabilities CVE-2015-3214, CVE-2015-5154, and CVE-2015-5158
2015-08-03 00:00:00
SOL63519101 - Multiple QEMU vulnerabilities
2016-02-16 00:00:00
archlinux
archlinux
qemu: multiple issues
2015-07-29 00:00:00
mageia
mageia
Updated qemu packages fix security vulnerabilities
2015-09-15 17:55:06
Updated qemu package fixes security vulnerability
2015-08-11 23:22:53
Updated qemu packages fix security vulnerabilities
2015-09-15 17:55:06
gentoo
gentoo
QEMU: Arbitrary code execution
2015-10-31 00:00:00
freebsd
freebsd
qemu -- buffer overflow vulnerability in VNC
2015-08-17 00:00:00
qemu, xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model
2015-08-03 00:00:00
qemu -- buffer overflow vulnerability in virtio-serial message exchanges
2015-08-06 00:00:00
prion
prion
Buffer overflow
2015-11-06 21:59:00
Design/Logic Flaw
2015-08-12 14:59:00
Heap overflow
2015-08-12 14:59:00
ubuntucve
ubuntucve
CVE-2015-5165
2015-08-12 00:00:00
CVE-2015-5225
2015-08-25 00:00:00
CVE-2015-5154
2015-07-27 00:00:00
cve
cve
CVE-2015-5225
2015-11-06 21:59:00
CVE-2015-5165
2015-08-12 14:59:00
CVE-2015-5154
2015-08-12 14:59:00
debiancve
debiancve
CVE-2015-5225
2015-11-06 21:59:00
CVE-2015-5165
2015-08-12 14:59:00
CVE-2015-5745
2020-01-23 20:15:00
threatpost
threatpost
Xen Patches VM Escape Flaw
2015-07-31 09:21:27
ibm
ibm
Security Bulletin: Vulnerability in qemu-kvm affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:30:14
Security Bulletin: Vulnerabilities in Qemu affect PowerKVM (Multiple Vulnerabilities)
2018-06-18 01:29:41
Security Bulletin: PowerKVM is affected by two Qemu vulnerabilities
2018-06-18 01:28:53
xen
xen
QEMU leak of uninitialized heap memory in rtl8139 device model
2015-08-03 12:00:00
QEMU heap overflow flaw while processing certain ATAPI commands.
2015-07-27 12:00:00
zdt
zdt
QEMU Programmable Interrupt Timer Controller Heap Overflow Exploit
2015-08-27 00:00:00
lenovo
lenovo
QEMU i8254 PIT Emulation Bug
2017-01-23 00:00:00
myhack58
myhack58
Travel to the dark of the door! Debugee in QEMU-vulnerability warning-the black bar safety net
2017-08-17 00:00:00
JSON
Related for DEBIAN_DSA-3348.NASL
debian4osv2openvas31securityvulns3fedora13nessus64arista1redhat12centos3suse13veracode4oraclelinux4ubuntu2f54archlinux1mageia3gentoo1freebsd5prion5ubuntucve5cve5debiancve5threatpost1ibm3xen2zdt1lenovo1myhack581