Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-2515.NASLHistoryOct 09, 2022 - 12:00 a.m.
EulerOS Virtualization 3.0.6.6 : libvirt (EulerOS-SA-2022-2515)
2022-10-0900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
-
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
(CVE-2021-3631) -
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). (CVE-2022-0897)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(165896);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/10");
script_cve_id("CVE-2021-3631", "CVE-2022-0897");
script_name(english:"EulerOS Virtualization 3.0.6.6 : libvirt (EulerOS-SA-2022-2515)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :
- A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This
flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out
of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
(CVE-2021-3631)
- A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to
acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no
protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw
allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to
crash the network filter management daemon (libvirtd/virtnwfilterd). (CVE-2022-0897)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2515
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ad72db3");
script_set_attribute(attribute:"solution", value:
"Update the affected libvirt packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3631");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/09");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-admin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-disk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-gluster");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-logical");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-mpath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-scsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-python");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.6");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.6") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.6");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"libvirt-3.2.0-551",
"libvirt-admin-3.2.0-551",
"libvirt-client-3.2.0-551",
"libvirt-daemon-3.2.0-551",
"libvirt-daemon-config-network-3.2.0-551",
"libvirt-daemon-config-nwfilter-3.2.0-551",
"libvirt-daemon-driver-interface-3.2.0-551",
"libvirt-daemon-driver-network-3.2.0-551",
"libvirt-daemon-driver-nodedev-3.2.0-551",
"libvirt-daemon-driver-nwfilter-3.2.0-551",
"libvirt-daemon-driver-qemu-3.2.0-551",
"libvirt-daemon-driver-secret-3.2.0-551",
"libvirt-daemon-driver-storage-3.2.0-551",
"libvirt-daemon-driver-storage-core-3.2.0-551",
"libvirt-daemon-driver-storage-disk-3.2.0-551",
"libvirt-daemon-driver-storage-gluster-3.2.0-551",
"libvirt-daemon-driver-storage-iscsi-3.2.0-551",
"libvirt-daemon-driver-storage-logical-3.2.0-551",
"libvirt-daemon-driver-storage-mpath-3.2.0-551",
"libvirt-daemon-driver-storage-rbd-3.2.0-551",
"libvirt-daemon-driver-storage-scsi-3.2.0-551",
"libvirt-daemon-kvm-3.2.0-551",
"libvirt-devel-3.2.0-551",
"libvirt-docs-3.2.0-551",
"libvirt-libs-3.2.0-551",
"libvirt-python-3.2.0-105"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | libvirt | p-cpe:/a:huawei:euleros:libvirt |
| huawei | euleros | libvirt-admin | p-cpe:/a:huawei:euleros:libvirt-admin |
| huawei | euleros | libvirt-client | p-cpe:/a:huawei:euleros:libvirt-client |
| huawei | euleros | libvirt-daemon | p-cpe:/a:huawei:euleros:libvirt-daemon |
| huawei | euleros | libvirt-daemon-config-network | p-cpe:/a:huawei:euleros:libvirt-daemon-config-network |
| huawei | euleros | libvirt-daemon-config-nwfilter | p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter |
| huawei | euleros | libvirt-daemon-driver-interface | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface |
| huawei | euleros | libvirt-daemon-driver-network | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network |
| huawei | euleros | libvirt-daemon-driver-nodedev | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev |
| huawei | euleros | libvirt-daemon-driver-nwfilter | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2022-2515)
2022-10-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2471-1)
2021-07-28 00:00:00
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2021-2847)
2021-12-30 00:00:00
redos
redos
ROS-20240329-20
2024-03-29 00:00:00
nessus
nessus
GLSA-202210-06 : libvirt: Multiple Vulnerabilities
2022-10-16 00:00:00
openSUSE 15 Security Update : libvirt (openSUSE-SU-2021:1119-1)
2021-08-11 00:00:00
EulerOS Virtualization 3.0.2.0 : libvirt (EulerOS-SA-2021-2847)
2021-12-29 00:00:00
gentoo
gentoo
libvirt: Multiple Vulnerabilities
2022-10-16 00:00:00
suse
suse
Security update for libvirt (moderate)
2021-08-10 00:00:00
Security update for libvirt (moderate)
2022-05-05 00:00:00
Security update for libvirt (moderate)
2021-08-23 00:00:00
prion
prion
Design/Logic Flaw
2022-03-02 23:15:00
Design/Logic Flaw
2022-03-25 19:15:00
oraclelinux
oraclelinux
virt:kvm_utils security update
2022-12-17 00:00:00
libvirt security update
2022-12-06 00:00:00
libvirt libvirt-python security update
2022-05-26 00:00:00
veracode
veracode
Information Disclosure
2021-07-06 00:02:27
Denial Of Service (DoS)
2022-03-28 07:06:18
mageia
mageia
Updated libvirt packages fix security vulnerability
2021-08-14 17:00:09
ubuntucve
ubuntucve
CVE-2021-3631
2022-03-02 00:00:00
CVE-2022-0897
2022-03-25 00:00:00
debiancve
debiancve
CVE-2021-3631
2022-03-02 23:15:00
CVE-2022-0897
2022-03-25 19:15:00
fedora
fedora
[SECURITY] Fedora 34 Update: libvirt-7.0.0-6.fc34
2021-07-13 01:15:12
cve
cve
CVE-2021-3631
2022-03-02 23:15:00
CVE-2022-0897
2022-03-25 19:15:00
redhatcve
redhatcve
CVE-2021-3631
2021-07-01 17:23:03
CVE-2022-0897
2022-03-25 10:09:05
cbl_mariner
cbl_mariner
CVE-2021-3631 affecting package libvirt 6.1.0-6
2022-04-07 06:04:02
alpinelinux
alpinelinux
CVE-2021-3631
2022-03-02 23:15:00
almalinux
almalinux
Low: libvirt security, bug fix, and enhancement update
2022-11-15 00:00:00
rocky
rocky
libvirt security, bug fix, and enhancement update
2022-11-15 06:13:06
virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2022-11-08 06:20:26
virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
2021-11-09 08:35:34
osv
osv
Low: libvirt security, bug fix, and enhancement update
2022-11-15 06:13:06
Low: libvirt security, bug fix, and enhancement update
2022-11-15 00:00:00
libvirt vulnerabilities
2022-05-02 17:01:25
redhat
redhat
ubuntu
ubuntu
libvirt vulnerabilities
2022-05-02 00:00:00
libvirt vulnerabilities
2023-05-31 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0424
2022-07-23 00:00:00
Moderate Photon OS Security Update - PHSA-2022-0497
2022-07-20 00:00:00
Moderate Photon OS Security Update - PHSA-2022-3.0-0424
2022-07-23 00:00:00
debian
debian
[SECURITY] [DLA 3778-1] libvirt security update
2024-04-01 12:19:02
Related for EULEROS_SA-2022-2515.NASL