Lucene search

K
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2019-CBB732F760.NASL
HistoryDec 03, 2019 - 12:00 a.m.

Fedora 30 : xen (2019-cbb732f760)

2019-12-0300:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
232
fedora 30
xen
xsa-299
patches
cve-2018-12207
cve-2019-11135
vcpuop_initialise dos
descriptor table limit checking
restartable pv type change operations
add-to-physmap
arm
pci devices
interrupt handlers

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.017

Percentile

88.3%

add missing XSA-299 patches x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207] TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135]


VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] missing descriptor table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425] Issues with restartable PV type change operations [XSA-299, CVE-2019-18421] (#1767726) add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423] passed through PCI devices may corrupt host memory after deassignment [XSA-302, CVE-2019-18424] (#1767731) ARM: Interrupts are unconditionally unmasked in exception handlers [XSA-303, CVE-2019-18422]

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-cbb732f760.
#

include('compat.inc');

if (description)
{
  script_id(131460);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/09");

  script_cve_id(
    "CVE-2018-12207",
    "CVE-2019-11135",
    "CVE-2019-18420",
    "CVE-2019-18421",
    "CVE-2019-18422",
    "CVE-2019-18423",
    "CVE-2019-18424",
    "CVE-2019-18425"
  );
  script_xref(name:"FEDORA", value:"2019-cbb732f760");
  script_xref(name:"IAVB", value:"2019-B-0084-S");

  script_name(english:"Fedora 30 : xen (2019-cbb732f760)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"add missing XSA-299 patches x86: Machine Check Error on Page Size
Change DoS [XSA-304, CVE-2018-12207] TSX Asynchronous Abort
speculative side channel [XSA-305, CVE-2019-11135]

----

VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] missing descriptor
table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425]
Issues with restartable PV type change operations [XSA-299,
CVE-2019-18421] (#1767726) add-to-physmap can be abused to DoS Arm
hosts [XSA-301, CVE-2019-18423] passed through PCI devices may corrupt
host memory after deassignment [XSA-302, CVE-2019-18424] (#1767731)
ARM: Interrupts are unconditionally unmasked in exception handlers
[XSA-303, CVE-2019-18422]

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-cbb732f760");
  script_set_attribute(attribute:"solution", value:
"Update the affected xen package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18425");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC30", reference:"xen-4.11.2-3.fc30")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.017

Percentile

88.3%