Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-369.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : libvirt (openSUSE-SU-2014:0650-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
libvirt was patched to prevent expansion of entities when parsing XML files. This vulnerability allowed malicious users to read arbitrary files or cause a denial of service (CVE-2014-0179).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-369.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75359);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-0179");
script_bugtraq_id(67289);
script_name(english:"openSUSE Security Update : libvirt (openSUSE-SU-2014:0650-1)");
script_summary(english:"Check for the openSUSE-2014-369 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"libvirt was patched to prevent expansion of entities when parsing XML
files. This vulnerability allowed malicious users to read arbitrary
files or cause a denial of service (CVE-2014-0179)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=873705"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2014-05/msg00048.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libvirt packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-python-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
script_set_attribute(attribute:"patch_publication_date", value:"2014/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-client-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-client-debuginfo-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-debuginfo-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-debugsource-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-devel-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-lock-sanlock-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-lock-sanlock-debuginfo-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-python-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libvirt-python-debuginfo-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libvirt-client-32bit-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libvirt-client-debuginfo-32bit-1.0.2-1.18.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libvirt-devel-32bit-1.0.2-1.18.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libvirt | p-cpe:/a:novell:opensuse:libvirt |
| novell | opensuse | libvirt-client | p-cpe:/a:novell:opensuse:libvirt-client |
| novell | opensuse | libvirt-client-32bit | p-cpe:/a:novell:opensuse:libvirt-client-32bit |
| novell | opensuse | libvirt-client-debuginfo | p-cpe:/a:novell:opensuse:libvirt-client-debuginfo |
| novell | opensuse | libvirt-client-debuginfo-32bit | p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit |
| novell | opensuse | libvirt-debuginfo | p-cpe:/a:novell:opensuse:libvirt-debuginfo |
| novell | opensuse | libvirt-debugsource | p-cpe:/a:novell:opensuse:libvirt-debugsource |
| novell | opensuse | libvirt-devel | p-cpe:/a:novell:opensuse:libvirt-devel |
| novell | opensuse | libvirt-devel-32bit | p-cpe:/a:novell:opensuse:libvirt-devel-32bit |
| novell | opensuse | libvirt-lock-sanlock | p-cpe:/a:novell:opensuse:libvirt-lock-sanlock |
Related
redhat
redhat
(RHSA-2014:0560) Moderate: libvirt security and bug fix update
2014-05-27 00:00:00
(RHSA-2014:0914) Moderate: libvirt security and bug fix update
2014-07-22 00:00:00
(RHSA-2014:0629) Important: rhev-hypervisor6 security update
2014-06-05 00:00:00
openvas
openvas
RedHat Update for libvirt RHSA-2014:0560-01
2014-06-02 00:00:00
Oracle: Security Advisory (ELSA-2014-0914)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2014-0560)
2015-10-06 00:00:00
nessus
nessus
Fedora 20 : libvirt-1.1.3.5-2.fc20 (2014-6586)
2014-05-26 00:00:00
Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20140527)
2014-05-28 00:00:00
openSUSE Security Update : libvirt (openSUSE-SU-2014:0674-1)
2014-06-13 00:00:00
oraclelinux
oraclelinux
libvirt security and bug fix update
2014-05-27 00:00:00
libvirt security and bug fix update
2014-07-23 00:00:00
centos
centos
libvirt security update
2014-05-28 12:52:42
libvirt security update
2014-07-23 02:24:10
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:51:56
debian
debian
[SECURITY] [DSA 3038-1] libvirt security update
2014-09-27 15:52:33
[SECURITY] [DSA 3038-1] libvirt security update
2014-09-27 15:52:51
cve
cve
CVE-2014-5177
2014-08-03 18:55:00
CVE-2014-0179
2014-08-03 18:55:00
securityvulns
securityvulns
libvirt XXE vulnerability
2014-06-02 00:00:00
[ MDVSA-2014:097 ] libvirt
2014-06-02 00:00:00
[USN-2366-1] libvirt vulnerabilities
2014-10-05 00:00:00
mageia
mageia
Updated libvirt packages fix multiple vulnerabilities
2014-05-29 11:01:13
cvelist
cvelist
CVE-2014-5177
2014-08-03 18:00:00
CVE-2014-0179
2014-08-03 18:00:00
osv
osv
libvirt - security update
2014-09-27 00:00:00
CVE-2021-3667
2022-03-02 23:15:08
CVE-2021-3559
2021-05-24 12:15:07
ubuntucve
ubuntucve
CVE-2014-0179
2014-08-03 00:00:00
CVE-2014-5177
2014-08-03 00:00:00
debiancve
debiancve
CVE-2014-5177
2014-08-03 18:55:00
CVE-2014-0179
2014-08-03 18:55:00
ubuntu
ubuntu
libvirt vulnerabilities
2014-09-30 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: libvirt-1.1.3.5-2.fc20
2014-05-24 23:24:18
[SECURITY] Fedora 20 Update: libvirt-1.1.3.8-1.fc20
2014-11-22 12:37:22
[SECURITY] Fedora 20 Update: libvirt-1.1.3.9-1.fc20
2015-02-17 08:10:35
f5
f5
SOL16117 - Multiple libvirt vulnerabilities
2015-02-12 00:00:00
K16117 : Multiple libvirt vulnerabilities
2015-02-12 00:00:00
gentoo
gentoo
libvirt: Multiple vulnerabilities
2014-12-08 00:00:00
Related for OPENSUSE-2014-369.NASL