EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1223)

2017-09-11T00:00:00
ID EULEROS_SA-2017-1223.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-02-02T00:00:00

Description

According to the versions of the qemu-kvm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(103081);
  script_version("3.8");
  script_cvs_date("Date: 2018/11/14 14:36:23");

  script_cve_id(
    "CVE-2016-4020",
    "CVE-2017-10664",
    "CVE-2017-2633",
    "CVE-2017-5898"
  );

  script_name(english:"EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1223)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the qemu-kvm package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - An out-of-bounds memory access issue was found in Quick
    Emulator (QEMU) in the VNC display driver. This flaw
    could occur while refreshing the VNC display surface
    area in the 'vnc_refresh_server_surface'. A user inside
    a guest could use this flaw to crash the QEMU process.
    (CVE-2017-2633)

  - An integer overflow flaw was found in Quick Emulator
    (QEMU) in the CCID Card device support. The flaw could
    occur while passing messages via command/response
    packets to and from the host. A privileged user inside
    a guest could use this flaw to crash the QEMU process.
    (CVE-2017-5898)

  - An information exposure flaw was found in Quick
    Emulator (QEMU) in Task Priority Register (TPR)
    optimizations for 32-bit Windows guests. The flaw could
    occur while accessing TPR. A privileged user inside a
    guest could use this issue to read portions of the host
    memory. (CVE-2016-4020)

  - Quick Emulator (QEMU) built with the Network Block
    Device (NBD) Server support is vulnerable to a crash
    via a SIGPIPE signal. The crash can occur if a client
    aborts a connection due to any failure during
    negotiation or read operation. A remote user/process
    could use this flaw to crash the qemu-nbd server
    resulting in a DoS. (CVE-2017-10664)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1223
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?955dd9b8");
  script_set_attribute(attribute:"solution", value:
"Update the affected qemu-kvm packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-img");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);

flag = 0;

pkgs = ["qemu-img-1.5.3-141.1.h1"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-kvm");
}