MiracleLinux 3 : xen-3.0.3-41.7AXS3 (AXSA:2008-256:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2008-256:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(283946);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2007-1321",
    "CVE-2007-3919",
    "CVE-2007-4993",
    "CVE-2007-5730",
    "CVE-2008-0928",
    "CVE-2008-2004"
  );

  script_name(english:"MiracleLinux 3 : xen-3.0.3-41.7AXS3 (AXSA:2008-256:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2008-256:01 advisory.

    This package contains the Xen tools and management daemons needed to run virtual machines on x86, x86_64,
    and ia64 systems.
    Information on how to use Xen can be found at the Xen project pages.
    The Xen system also requires the Xen hypervisor and domain-0 kernel, which can be found in the kernel-xen*
    package.
    Virtualization can be used to run multiple operating systems on one physical system, for purposes of
    hardware consolidation, hardware abstraction, or to test untrusted applications in a sandboxed
    environment.
    - rebuild for Asianux 3.0 SP1
    - add patch700 to use functions for service script xendomains by default
    - modify redhat string to asianux (#2837, Patch701)
    - Disable QEMU image format auto-detection CVE-2008-2004
    - Fix PVFB to validate frame buffer description
    - Fix PVFB to cope with bogus update requests
    - Fix QEMU buffer overflow CVE-2007-5730
    - Fix QEMU block device extents checking CVE-2008-0928
    - Fix FV O_DIRECT flushing
    - Fixed xenbaked tmpfile flaw (CVE-2007-3919
    - QEmu NE2000 overflow check - CVE-2007-1321
    - Pygrub guest escape - CVE-2007-4993
    - Rewrite locking in hotplug scripts to fix timeouts
    - Require xen-hypervisor-abi = 3.1 to pull in neccessary kernel
    - Fixed memory ballooning for HVM restore
    - Avoid bogus VNC password prompts after migrate/restore
    - Fix UUID normalization when no UUID is present
    - Fix handling of 'keymap' param in config files
    - Don't destroy guest after shutdown timeout
    - Ensure PVFB daemon terminates promptly on domain shutdown
    - Fix rtl8139 checksums for VISTA
    - Update package description to better reflect reality
    - Fix more VNC threading problems
    - Fix save/restore edge case
    - Fix legacy PVFB for 32-on-64
    - Fixed booting guests with legacy native ABI device protocol
    - Fix more VNC keycode/keysym mappings issues
    - Fix potential QEMU crash when VNC client disconnects
    - Add NVRAM support for ia64 guests
    - Normalize UUID to avoid loosing guest name upon restarts
    - fix ethernet bonding in balanced-rr mode
    - Fix vncport type cast for HVM guests
    - Ignore failures in dump core
    - Rate limit console messages from guest
    - Use -r flag to losetup for readonly block devices
    - Mark /etc/sysconfig/xend as a config file
    - Fix address test in network-bridge
    - Permissions of xend-debug.log
    - Hotplug scripts error reporting
    - Disable network-bridge if running on Dom0 with nfs/iscsi root device
    - Fix a race in the pvfb startup
    - Loadable pvfb keymap
    - Fix pvfb save/restore broken in 3.0.3-27.el5
    - Fixed 32-bit core dumps with HVM
    - Add persistent logging of guest & hypervisor console
    - Fix destroyDevice() args
    - Check file exists in blktap hotplug scripts
    - Make SXPR server in XenD multi-threaded
    - Fixed xm man page about block device modes
    - Update low level (non-XenD) userspace to work with 3.1.0 hypervisor
    - Patch XenD to use 'domid' instead of 'dom' with libxc
    - Patch XenD to use new HVM domain creation process
    - Remove unused i18n stuff from Makefile
    - Fix pygrub, blktapctrl paths to return to original settings
    - Back-port 3.1.0 HVM save/restore changes to XenD
    - Move HVM save/restore files from /tmp to /var/lib/xen
    - Ensure pvfb backend terminates when frontend vanishes early
    - Save vncpasswd in xenstore along with the other pvfb configuration
    - Fix allocation of fixed VNC ports for pvfb
    - Don't start a xen-vncfb process for HVM
    - disable qemu monitor mode, for security reasons
    - fix IA64 shadow page table mode

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/353");
  script_set_attribute(attribute:"solution", value:
"Update the affected xen, xen-devel and / or xen-libs packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-5730");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/09/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:xen-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'xen-3.0.3-41.7AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'xen-devel-3.0.3-41.7AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'xen-libs-3.0.3-41.7AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen / xen-devel / xen-libs');
}