Lucene search
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.FEDORA_2012-8604.NASLHistoryJun 08, 2012 - 12:00 a.m.
Fedora 15 : qemu-0.14.0-9.fc15 (2012-8604)
2012-06-0800:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
12
-
CVE-2011-1750 virtio-blk: heap buffer overflow (bz 698906, bz 698911)
-
CVE-2011-2527 set groups properly for -runas (bz 720773, bz 720784)
-
CVE-2012-0029 e1000 buffer overflow (bz 783984, bz 772075)
-
virtio-blk: refuse SG_IO requests with scsi=off (bz 770135)
-
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2012-8604.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(59420);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2011-1750", "CVE-2011-2527", "CVE-2012-0029");
script_bugtraq_id(47546, 48659, 51642);
script_xref(name:"FEDORA", value:"2012-8604");
script_name(english:"Fedora 15 : qemu-0.14.0-9.fc15 (2012-8604)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - CVE-2011-1750 virtio-blk: heap buffer overflow (bz
698906, bz 698911)
- CVE-2011-2527 set groups properly for -runas (bz
720773, bz 720784)
- CVE-2012-0029 e1000 buffer overflow (bz 783984, bz
772075)
- virtio-blk: refuse SG_IO requests with scsi=off (bz
770135)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=698906"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=720773"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=772075"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?059a8b74"
);
script_set_attribute(attribute:"solution", value:"Update the affected qemu package.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qemu");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/08");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC15", reference:"qemu-0.14.0-9.fc15")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | qemu | p-cpe:/a:fedoraproject:fedora:qemu |
| fedoraproject | fedora | 15 | cpe:/o:fedoraproject:fedora:15 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0029
www.nessus.org/u?059a8b74
bugzilla.redhat.com/show_bug.cgi?id=698906
bugzilla.redhat.com/show_bug.cgi?id=720773
bugzilla.redhat.com/show_bug.cgi?id=772075
Related
openvas
openvas
Fedora Update for qemu FEDORA-2012-8604
2012-06-08 00:00:00
Fedora Update for qemu FEDORA-2012-8604
2012-06-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0127-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: qemu-0.14.0-9.fc15
2012-06-07 23:07:08
[SECURITY] Fedora 16 Update: xen-4.1.2-6.fc16
2012-02-19 02:02:08
[SECURITY] Fedora 16 Update: qemu-0.15.1-5.fc16
2012-06-07 22:59:10
nessus
nessus
openSUSE Security Update : kvm (openSUSE-SU-2012:0207-1)
2014-06-13 00:00:00
SuSE 11.1 Security Update : KVM (SAT Patch Number 5655)
2012-01-30 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2011-1531)
2023-09-07 00:00:00
cve
cve
prion
prion
Heap overflow
2012-06-21 15:55:00
Design/Logic Flaw
2012-06-21 15:55:00
Heap overflow
2012-01-27 15:55:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:59:10
Privilege Escalation
2020-04-10 01:05:48
Arbitrary Code Execution
2020-04-10 01:09:16
ubuntucve
ubuntucve
redhat
redhat
(RHSA-2012:0370) Important: xen security and bug fix update
2012-03-07 00:00:00
ubuntu
ubuntu
QEMU vulnerability
2011-07-27 00:00:00
QEMU vulnerability
2012-01-23 00:00:00
QEMU vulnerabilities
2011-06-09 00:00:00
securityvulns
securityvulns
QEMU buffer overflow
2012-02-08 00:00:00
[SECURITY] [DSA 2230-1] qemu-kvm security update
2011-05-02 00:00:00
[SECURITY] [DSA 2282-1] qemu-kvm security update
2011-07-26 00:00:00
oraclelinux
oraclelinux
xen security and bug fix update
2012-03-07 00:00:00
qemu-kvm security, bug fix, and enhancement update
2011-12-14 00:00:00
qemu-kvm security, bug fix, and enhancement update
2012-01-23 00:00:00
debiancve
debiancve
CVE-2012-0029
2012-01-27 15:55:00
debian
debian
[SECURITY] [DSA 2396-1] qemu-kvm security update
2012-01-27 18:37:10
[SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update
2012-02-05 12:46:59
[SECURITY] [DSA 2230-1] qemu-kvm security update
2011-05-01 20:29:31
gentoo
gentoo
qemu-kvm: Multiple vulnerabilities
2012-10-18 00:00:00
osv
osv
qemu-kvm - several
2011-05-01 00:00:00
qemu-kvm - several
2011-07-25 00:00:00
suse
suse
Security update for qemu (important)
2012-10-09 21:08:49
centos
centos
qemu security update
2012-01-24 03:15:05
kmod, kvm security update
2012-01-24 20:53:03
Related for FEDORA_2012-8604.NASL