{"cve": [{"lastseen": "2019-02-15T12:17:59", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.", "modified": "2019-02-05T13:01:32", "published": "2015-07-16T06:59:20", "id": "CVE-2015-2594", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2594", "title": "CVE-2015-2594", "type": "cve", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-01T05:15:03", "bulletinFamily": "NVD", "description": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.", "modified": "2018-10-30T12:26:52", "published": "2015-05-13T14:59:00", "id": "CVE-2015-3456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456", "title": "CVE-2015-3456", "type": "cve", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-12-20T20:16:42", "bulletinFamily": "software", "description": "", "modified": "2016-01-09T02:11:00", "published": "2015-05-13T21:14:00", "href": "https://support.f5.com/csp/article/K16620", "id": "F5:K16620", "type": "f5", "title": "QEMU vulnerability CVE-2015-3456", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-03-19T09:01:59", "bulletinFamily": "software", "description": "1 vCMP is not available on BIG-IP versions prior to 11.0.0. \n\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable column**, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL14088: vCMP host and supported guest version matrix\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2015-10-02T00:00:00", "published": "2015-05-13T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/600/sol16620.html", "id": "SOL16620", "title": "SOL16620 - QEMU vulnerability CVE-2015-3456", "type": "f5", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:38:25", "bulletinFamily": "scanner", "description": "The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310805724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805724", "title": "Oracle Virtualbox Unspecified Vulnerability July15 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_virtualbox_unspecified_vuln_july15_macosx.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Oracle Virtualbox Unspecified Vulnerability July15 (Mac OS X)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805724\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-2594\");\n script_bugtraq_id(75899);\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 10:26:43 +0530 (Tue, 21 Jul 2015)\");\n script_name(\"Oracle Virtualbox Unspecified Vulnerability July15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to have an impact on confidentiality, integrity, and availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 4.0.32,\n 4.1.40, 4.2.32, and 4.3.30 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 4.0.32, 4.1.40, 4.2.32, and 4.3.30 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_oracle_virtualbox_detect_macosx.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"https://www.virtualbox.org\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!virtualVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(virtualVer =~ \"^(4\\.(0|1|2|3))\")\n{\n if(version_in_range(version:virtualVer, test_version:\"4.0.0\", test_version2:\"4.0.31\"))\n {\n fix = \"4.0.32\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:virtualVer, test_version:\"4.1.0\", test_version2:\"4.1.39\"))\n {\n fix = \"4.1.40\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:virtualVer, test_version:\"4.2.0\", test_version2:\"4.2.31\"))\n {\n fix = \"4.2.32\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:virtualVer, test_version:\"4.3.0\", test_version2:\"4.3.29\"))\n {\n fix = \"4.3.30\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = 'Installed version: ' + virtualVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:53:00", "bulletinFamily": "scanner", "description": "This update fixes an unspecified security\nissue in VirtualBox related to guests using bridged networking via WiFi. Oracle no\nlonger provides information on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we", "modified": "2017-07-07T00:00:00", "published": "2015-09-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703359", "id": "OPENVAS:703359", "title": "Debian Security Advisory DSA 3359-1 (virtualbox - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3359.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3359-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703359);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-2594\");\n script_name(\"Debian Security Advisory DSA 3359-1 (virtualbox - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-13 00:00:00 +0200 (Sun, 13 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3359.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"virtualbox on Debian Linux\");\n script_tag(name: \"insight\", value: \"VirtualBox is a free x86 virtualization\nsolution allowing a wide range of x86 operating systems such as Windows, DOS, BSD\nor Linux to run on a Linux system.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 4.1.40-dfsg-1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.30-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 4.3.30-dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.3.30-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\");\n script_tag(name: \"summary\", value: \"This update fixes an unspecified security\nissue in VirtualBox related to guests using bridged networking via WiFi. Oracle no\nlonger provides information on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we've decided to\nupdate these to the respective 4.1.40 and 4.3.30 bugfix releases.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"virtualbox\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dbg\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-fuse\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-utils\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-x11\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-dbg\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-fuse\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-utils\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-x11\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-qt\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-qt\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:39:42", "bulletinFamily": "scanner", "description": "The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310805723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805723", "title": "Oracle Virtualbox Unspecified Vulnerability July15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_virtualbox_unspecified_vuln_july15_win.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Oracle Virtualbox Unspecified Vulnerability July15 (Windows)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805723\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-2594\");\n script_bugtraq_id(75899);\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 10:04:16 +0530 (Tue, 21 Jul 2015)\");\n script_name(\"Oracle Virtualbox Unspecified Vulnerability July15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to have an impact on confidentiality, integrity, and availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 4.0.32,\n 4.1.40, 4.2.32, and 4.3.30 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 4.0.32, 4.1.40, 4.2.32, and 4.3.30 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_win.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/Win/Ver\");\n script_xref(name:\"URL\", value:\"https://www.virtualbox.org\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!virtualVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(virtualVer =~ \"^(4\\.(0|1|2|3))\")\n{\n if(version_in_range(version:virtualVer, test_version:\"4.0.0\", test_version2:\"4.0.31\"))\n {\n fix = \"4.0.32\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.1.0\", test_version2:\"4.1.39\"))\n {\n fix = \"4.1.40\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.2.0\", test_version2:\"4.2.31\"))\n {\n fix = \"4.2.32\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.3.0\", test_version2:\"4.3.29\"))\n {\n fix = \"4.3.30\";\n VULN = TRUE;\n }\n if(VULN)\n {\n report = 'Installed version: ' + virtualVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:39:54", "bulletinFamily": "scanner", "description": "The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310805725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805725", "title": "Oracle Virtualbox Unspecified Vulnerability July15 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_virtualbox_unspecified_vuln_july15_lin.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Oracle Virtualbox Unspecified Vulnerability July15 (Linux)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805725\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-2594\");\n script_bugtraq_id(75899);\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 10:27:00 +0530 (Tue, 21 Jul 2015)\");\n script_name(\"Oracle Virtualbox Unspecified Vulnerability July15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to have an impact on confidentiality, integrity, and availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 4.0.32,\n 4.1.40, 4.2.32, and 4.3.30 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 4.0.32, 4.1.40, 4.2.32, and 4.3.30 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/VirtualBox/Lin/Ver\");\n script_xref(name:\"URL\", value:\"https://www.virtualbox.org\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!virtualVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(virtualVer =~ \"^(4\\.(0|1|2|3))\")\n{\n if(version_in_range(version:virtualVer, test_version:\"4.0.0\", test_version2:\"4.0.31\"))\n {\n fix = \"4.0.32\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.1.0\", test_version2:\"4.1.39\"))\n {\n fix = \"4.1.40\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.2.0\", test_version2:\"4.2.31\"))\n {\n fix = \"4.2.32\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.3.0\", test_version2:\"4.3.29\"))\n {\n fix = \"4.3.30\";\n VULN = TRUE;\n }\n if(VULN)\n {\n report = 'Installed version: ' + virtualVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:45", "bulletinFamily": "scanner", "description": "This update fixes an unspecified security\nissue in VirtualBox related to guests using bridged networking via WiFi. Oracle no\nlonger provides information on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we", "modified": "2018-04-06T00:00:00", "published": "2015-09-13T00:00:00", "id": "OPENVAS:1361412562310703359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703359", "title": "Debian Security Advisory DSA 3359-1 (virtualbox - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3359.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3359-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703359\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-2594\");\n script_name(\"Debian Security Advisory DSA 3359-1 (virtualbox - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-13 00:00:00 +0200 (Sun, 13 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3359.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"virtualbox on Debian Linux\");\n script_tag(name: \"insight\", value: \"VirtualBox is a free x86 virtualization\nsolution allowing a wide range of x86 operating systems such as Windows, DOS, BSD\nor Linux to run on a Linux system.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 4.1.40-dfsg-1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.30-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 4.3.30-dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.3.30-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\");\n script_tag(name: \"summary\", value: \"This update fixes an unspecified security\nissue in VirtualBox related to guests using bridged networking via WiFi. Oracle no\nlonger provides information on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we've decided to\nupdate these to the respective 4.1.40 and 4.3.30 bugfix releases.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"virtualbox\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dbg\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-fuse\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-utils\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-x11\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-dbg\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-fuse\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-utils\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-x11\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-qt\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-qt\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:58", "bulletinFamily": "scanner", "description": "Check the version of qemu", "modified": "2017-07-10T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869638", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869638", "title": "Fedora Update for qemu FEDORA-2015-8220", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2015-8220\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869638\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:31:00 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3456\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qemu FEDORA-2015-8220\");\n script_tag(name: \"summary\", value: \"Check the version of qemu\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"QEMU is a generic and open source processor\nemulator which achieves a good emulation speed by using dynamic translation.\nQEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherials. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n\nAs QEMU requires no host kernel patches to run, it is safe and easy to use.\n\");\n script_tag(name: \"affected\", value: \"qemu on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-8220\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158621.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.3.0~4.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:30", "bulletinFamily": "scanner", "description": "Jason Geffner discovered a buffer\noverflow in the emulated floppy disk drive, resulting in the potential\nexecution of arbitrary code. This only affects HVM guests.", "modified": "2018-04-06T00:00:00", "published": "2015-05-18T00:00:00", "id": "OPENVAS:1361412562310703262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703262", "title": "Debian Security Advisory DSA 3262-1 (xen - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3262.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3262-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703262\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-3456\");\n script_name(\"Debian Security Advisory DSA 3262-1 (xen - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-05-18 00:00:00 +0200 (Mon, 18 May 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3262.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"xen on Debian Linux\");\n script_tag(name: \"insight\", value: \"Xen is a hypervisor providing services\nthat allow multiple computer operating systems to execute on the same computer\nhardware concurrently.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n(wheezy), this problem has been fixed in version 4.1.4-3+deb7u6.\n\nThe stable distribution (jessie) is already fixed through the qemu\nupdate provided as DSA-3259-1.\n\nWe recommend that you upgrade your xen packages.\");\n script_tag(name: \"summary\", value: \"Jason Geffner discovered a buffer\noverflow in the emulated floppy disk drive, resulting in the potential\nexecution of arbitrary code. This only affects HVM guests.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.4-3+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:01:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-09-18T00:00:00", "id": "OPENVAS:1361412562310850680", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850680", "title": "SuSE Update for qemu openSUSE-SU-2015:0893-1 (qemu)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0893_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for qemu openSUSE-SU-2015:0893-1 (qemu)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850680\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 10:37:38 +0200 (Fri, 18 Sep 2015)\");\n script_cve_id(\"CVE-2015-3456\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for qemu openSUSE-SU-2015:0893-1 (qemu)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Qemu was updated to v2.1.3: See <a rel='nofollow' href='http://wiki.qemu-project.org/ChangeLog/2.1'>http://wiki.qemu-project.org/ChangeLog/2.1\n for more information.\n\n This update includes a security fix:\n\n * CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation,\n which could be used to denial of service attacks or potential code\n execution against the host.\");\n script_tag(name:\"affected\", value:\"qemu on openSUSE 13.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:0893_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libcacard-debugsource\", rpm:\"libcacard-debugsource~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcacard-devel\", rpm:\"libcacard-devel~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcacard0\", rpm:\"libcacard0~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libcacard0-debuginfo\", rpm:\"libcacard0-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-arm\", rpm:\"qemu-arm~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-arm-debuginfo\", rpm:\"qemu-arm-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl\", rpm:\"qemu-block-curl~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-block-curl-debuginfo\", rpm:\"qemu-block-curl-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-extra\", rpm:\"qemu-extra~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-extra-debuginfo\", rpm:\"qemu-extra-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent-debuginfo\", rpm:\"qemu-guest-agent-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ksm\", rpm:\"qemu-ksm~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-lang\", rpm:\"qemu-lang~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-linux-user\", rpm:\"qemu-linux-user~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-linux-user-debuginfo\", rpm:\"qemu-linux-user-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-linux-user-debugsource\", rpm:\"qemu-linux-user-debugsource~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ppc\", rpm:\"qemu-ppc~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ppc-debuginfo\", rpm:\"qemu-ppc-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-s390\", rpm:\"qemu-s390~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-s390-debuginfo\", rpm:\"qemu-s390-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools\", rpm:\"qemu-tools~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-tools-debuginfo\", rpm:\"qemu-tools-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86\", rpm:\"qemu-x86~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-x86-debuginfo\", rpm:\"qemu-x86-debuginfo~2.1.3~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-ipxe\", rpm:\"qemu-ipxe~1.0.0~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-seabios\", rpm:\"qemu-seabios~1.7.5~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-sgabios-8\", rpm:\"qemu-sgabios-8~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-vgabios\", rpm:\"qemu-vgabios~1.7.5~4.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:26:00", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1002", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123115", "title": "Oracle Linux Local Check: ELSA-2015-1002", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1002.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123115\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:33 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1002\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1002 - xen security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1002\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1002.html\");\n script_cve_id(\"CVE-2015-3456\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~146.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~146.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~146.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:45", "bulletinFamily": "scanner", "description": "Jason Geffner discovered a buffer\noverflow in the emulated floppy disk drive, resulting in potential privilege\nescalation.", "modified": "2018-04-06T00:00:00", "published": "2015-05-28T00:00:00", "id": "OPENVAS:1361412562310703274", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703274", "title": "Debian Security Advisory DSA 3274-1 (virtualbox - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3274.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3274-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703274\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-3456\");\n script_name(\"Debian Security Advisory DSA 3274-1 (virtualbox - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-05-28 00:00:00 +0200 (Thu, 28 May 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3274.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"virtualbox on Debian Linux\");\n script_tag(name: \"insight\", value: \"VirtualBox is a free x86 virtualization\nsolution allowing a wide range of x86 operating systems such as Windows, DOS,\nBSD or Linux to run on a Linux system.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n(wheezy), this problem has been fixed in version 4.1.18-dfsg-2+deb7u5.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.18-dfsg-3+deb8u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.3.28-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\");\n script_tag(name: \"summary\", value: \"Jason Geffner discovered a buffer\noverflow in the emulated floppy disk drive, resulting in potential privilege\nescalation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"virtualbox\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dbg\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dkms\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-fuse\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-dkms\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-source\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-utils\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-x11\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-dbg\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-dkms\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-fuse\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-dkms\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-source\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-utils\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-x11\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-qt\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-source\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-qt\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-source\", ver:\"4.1.18-dfsg-2+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:48:29", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3359-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 13, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : virtualbox\nCVE ID : CVE-2015-2594\n\nThis update fixes an unspecified security issue in VirtualBox related to\nguests using bridged networking via WiFi. Oracle no longer provides\ninformation on specific security vulnerabilities in VirtualBox. To still\nsupport users of the already released Debian releases we've decided to\nupdate these to the respective 4.1.40 and 4.3.30 bugfix releases. \n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.40-dfsg-1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.30-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 4.3.30-dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.3.30-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-09-13T19:47:52", "published": "2015-09-13T19:47:52", "id": "DEBIAN:DSA-3359-1:EB718", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00258.html", "title": "[SECURITY] [DSA 3359-1] virtualbox security update", "type": "debian", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:48:42", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3274-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 28, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : virtualbox\nCVE ID : CVE-2015-3456\n\nJason Geffner discovered a buffer overflow in the emulated floppy\ndisk drive, resulting in the potential privilege escalation.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.18-dfsg-2+deb7u5.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.18-dfsg-3+deb8u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.3.28-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-05-28T21:18:01", "published": "2015-05-28T21:18:01", "id": "DEBIAN:DSA-3274-1:67FDF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00167.html", "title": "[SECURITY] [DSA 3274-1] virtualbox security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T13:49:41", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3262-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 18, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2015-3456\n\nJason Geffner discovered a buffer overflow in the emulated floppy\ndisk drive, resulting in the potential execution of arbitrary code.\nThis only affects HVM guests.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.4-3+deb7u6.\n\nThe stable distribution (jessie) is already fixed through the qemu\nupdate provided as DSA-3259-1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-05-18T21:29:52", "published": "2015-05-18T21:29:52", "id": "DEBIAN:DSA-3262-1:B4CE0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00151.html", "title": "[SECURITY] [DSA 3262-1] xen security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:16", "bulletinFamily": "unix", "description": "Package : qemu-kvm\nVersion : 0.12.5+dfsg-5+squeeze11\nCVE ID : CVE-2015-3456\n\nA vulnerability was discovered in the qemu virtualisation solution:\n\nCVE-2015-3456\n\n Jason Geffner discovered a buffer overflow in the emulated floppy\n disk drive, resulting in the potential execution of arbitrary code.\n\nDespite the end-of-life of qemu-kvm support in the old-oldstable\ndistribution (squeeze-lts), this problem has been fixed in version\n0.12.5+dfsg-5+squeeze11 of the qemu-kvm source package due to its\nseverity (the so-called VENOM vulnerability).\n\nFurther problems may still be present in the qemu-kvm package in the\nold-oldstable distribution (squeeze-lts) and users who need to rely on\nqemu-kvm are encouraged to upgrade to a newer version of Debian.\n\nWe recommend that you upgrade your qemu-kvm packages.\n", "modified": "2015-06-19T15:22:55", "published": "2015-06-19T15:22:55", "id": "DEBIAN:DLA-249-1:E55C5", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00015.html", "title": "[SECURITY] [DLA 249-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:45", "bulletinFamily": "unix", "description": "Package : qemu\nVersion : 0.12.5+dfsg-3squeeze4\nCVE ID : CVE-2015-3456\n\nA vulnerability was discovered in the qemu virtualisation solution:\n\nCVE-2015-3456\n\n Jason Geffner discovered a buffer overflow in the emulated floppy\n disk drive, resulting in the potential execution of arbitrary code.\n\nDespite the end-of-life of qemu support in the old-oldstable\ndistribution (squeeze-lts), this problem has been fixed in version\n0.12.5+dfsg-3squeeze4 of the qemu source package due to its severity\n(the so-called VENOM vulnerability).\n\nFurther problems may still be present in the qemu package in the\nold-oldstable distribution (squeeze-lts) and users who need to rely on\nqemu are encouraged to upgrade to a newer version of Debian.\n\nWe recommend that you upgrade your qemu packages.\n", "modified": "2015-06-19T15:08:40", "published": "2015-06-19T15:08:40", "id": "DEBIAN:DLA-248-1:043FE", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00014.html", "title": "[SECURITY] [DLA 248-1] qemu security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:24:36", "bulletinFamily": "scanner", "description": "The remote host contains a version of Oracle VM VirtualBox that is prior to 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30. It is, therefore, affected by an unspecified vulnerability in the Core subcomponent", "modified": "2018-11-07T00:00:00", "id": "ORACLE_VIRTUALBOX_JUL_2015_CPU.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84799", "published": "2015-07-16T00:00:00", "title": "Oracle VM VirtualBox < 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30 Core Unspecified Vulnerability (July 2015 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{ \n script_id(84799);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/07 16:27:15\");\n\n script_cve_id(\"CVE-2015-2594\");\n\n script_name(english:\"Oracle VM VirtualBox < 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30 Core Unspecified Vulnerability (July 2015 CPU)\");\n script_summary(english:\"Performs a version check on VirtualBox.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by an\nunspecified vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host contains a version of Oracle VM VirtualBox that is\nprior to 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30. It is, therefore, affected\nby an unspecified vulnerability in the Core subcomponent\");\n # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d18c2a85\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.virtualbox.org/wiki/Changelog\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Oracle VM VirtualBox to 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30 or\nlater as referenced in the July 2015 Oracle Critical Patch Update\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2594\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = NULL;\napps = make_list('Oracle VM VirtualBox', 'VirtualBox');\n\nforeach app (apps)\n{\n if (get_install_count(app_name:app)) break;\n else app = NULL;\n}\n\nif (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');\n \ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\n# Note int(null) returns '0'\nver_fields = split(ver, sep:'.', keep:FALSE);\nmajor = int(ver_fields[0]);\nminor = int(ver_fields[1]);\nrev = int(ver_fields[2]);\n\nfix = '';\n\n# Affected :\n# 4.0.x < 4.0.32\n# 4.1.x < 4.1.40\n# 4.2.x < 4.2.32\n# 4.3.x < 4.3.30\nif (major == 4 && minor == 0 && rev < 32) fix = '4.0.32';\nelse if (major == 4 && minor == 1 && rev < 40) fix = '4.1.40';\nelse if (major == 4 && minor == 2 && rev < 32) fix = '4.2.32';\nelse if (major == 4 && minor == 3 && rev < 30) fix = '4.3.30';\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n\nport = 0;\nif (app == 'Oracle VM VirtualBox')\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445; \n}\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:03", "bulletinFamily": "scanner", "description": "This update fixes an unspecified security issue in VirtualBox related to guests using bridged networking via WiFi. Oracle no longer provides information on specific security vulnerabilities in VirtualBox. To still support users of the already released Debian releases we've decided to update these to the respective 4.1.40 and 4.3.30 bugfix releases.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3359.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85915", "published": "2015-09-14T00:00:00", "title": "Debian DSA-3359-1 : virtualbox - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3359. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85915);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-2594\");\n script_xref(name:\"DSA\", value:\"3359\");\n\n script_name(english:\"Debian DSA-3359-1 : virtualbox - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an unspecified security issue in VirtualBox related\nto guests using bridged networking via WiFi. Oracle no longer provides\ninformation on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we've\ndecided to update these to the respective 4.1.40 and 4.3.30 bugfix\nreleases.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/virtualbox\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/virtualbox\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3359\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the virtualbox packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.40-dfsg-1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.30-dfsg-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-dbg\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-dkms\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-fuse\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-guest-dkms\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-guest-source\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-guest-utils\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-guest-x11\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-dbg\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-dkms\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-fuse\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-guest-dkms\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-guest-source\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-guest-utils\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-guest-x11\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-qt\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-source\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-qt\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-source\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-dbg\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-dkms\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-guest-dkms\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-guest-source\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-guest-utils\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-guest-x11\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-qt\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-source\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:09", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - force the fifo access to be in bounds of the allocated buffer This is XSA-133. [bug 21078975] (CVE-2015-3456)", "modified": "2018-07-24T00:00:00", "id": "ORACLEVM_OVMSA-2015-0059.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83484", "published": "2015-05-15T00:00:00", "title": "OracleVM 2.2 : xen (OVMSA-2015-0059) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0059.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83484);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2018/07/24 18:56:11\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_bugtraq_id(74640);\n script_xref(name:\"IAVA\", value:\"2015-A-0112\");\n\n script_name(english:\"OracleVM 2.2 : xen (OVMSA-2015-0059) (Venom)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - force the fifo access to be in bounds of the allocated\n buffer This is XSA-133. [bug 21078975] (CVE-2015-3456)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-May/000310.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-pvhvm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-3.4.0-0.2.23.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-64-3.4.0-0.2.23.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-debugger-3.4.0-0.2.23.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-devel-3.4.0-0.2.23.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-pvhvm-devel-3.4.0-0.2.23.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-tools-3.4.0-0.2.23.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:16", "bulletinFamily": "scanner", "description": "Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-22T00:00:00", "id": "FEDORA_2015-8270.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83834", "published": "2015-05-27T00:00:00", "title": "Fedora 21 : xen-4.4.2-4.fc21 (2015-8270) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8270.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83834);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2015/10/22 14:14:59 $\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_xref(name:\"FEDORA\", value:\"2015-8270\");\n\n script_name(english:\"Fedora 21 : xen-4.4.2-4.fc21 (2015-8270) (Venom)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Privilege escalation via emulated floppy disk drive [XSA-133,\nCVE-2015-3456] (#1221153)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1218611\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158434.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?211a96d2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"xen-4.4.2-4.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:07", "bulletinFamily": "scanner", "description": "Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization 3.5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-1001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83428", "published": "2015-05-13T00:00:00", "title": "RHEL 6 : qemu-kvm-rhev (RHSA-2015:1001) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1001. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83428);\n script_version(\"2.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_bugtraq_id(74640);\n script_xref(name:\"RHSA\", value:\"2015:1001\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"RHEL 6 : qemu-kvm-rhev (RHSA-2015:1001) (Venom)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm-rhev packages that fix one security issue are now\navailable for Red Hat Enterprise Virtualization 3.5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package\nprovides the user-space component for running virtual machines using\nKVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's\nvirtual Floppy Disk Controller (FDC) handled FIFO buffer access while\nprocessing certain FDC commands. A privileged guest user could use\nthis flaw to crash the guest or, potentially, execute arbitrary code\non the host with the privileges of the host's QEMU process\ncorresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3456\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1001\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-rhev-0.12.1.2-2.448.el6_6.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-0.12.1.2-2.448.el6_6.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-rhev / qemu-kvm-rhev-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:23", "bulletinFamily": "scanner", "description": "A vulnerability was discovered in the qemu virtualisation solution :\n\nCVE-2015-3456\n\nJason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code.\n\nDespite the end-of-life of qemu support in the old-oldstable distribution (squeeze-lts), this problem has been fixed in version 0.12.5+dfsg-3squeeze4 of the qemu source package due to its severity (the so-called VENOM vulnerability).\n\nFurther problems may still be present in the qemu package in the old-oldstable distribution (squeeze-lts) and users who need to rely on qemu are encouraged to upgrade to a newer version of Debian.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-06T00:00:00", "id": "DEBIAN_DLA-248.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84294", "published": "2015-06-22T00:00:00", "title": "Debian DLA-248-1 : qemu security update (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-248-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84294);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_bugtraq_id(74640);\n\n script_name(english:\"Debian DLA-248-1 : qemu security update (Venom)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in the qemu virtualisation solution :\n\nCVE-2015-3456\n\nJason Geffner discovered a buffer overflow in the emulated floppy disk\ndrive, resulting in the potential execution of arbitrary code.\n\nDespite the end-of-life of qemu support in the old-oldstable\ndistribution (squeeze-lts), this problem has been fixed in version\n0.12.5+dfsg-3squeeze4 of the qemu source package due to its severity\n(the so-called VENOM vulnerability).\n\nFurther problems may still be present in the qemu package in the\nold-oldstable distribution (squeeze-lts) and users who need to rely on\nqemu are encouraged to upgrade to a newer version of Debian.\n\nWe recommend that you upgrade your qemu packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/06/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/qemu\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libqemu-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-keymaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-system\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-user-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libqemu-dev\", reference:\"0.12.5+dfsg-3squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qemu\", reference:\"0.12.5+dfsg-3squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qemu-keymaps\", reference:\"0.12.5+dfsg-3squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qemu-system\", reference:\"0.12.5+dfsg-3squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qemu-user\", reference:\"0.12.5+dfsg-3squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qemu-user-static\", reference:\"0.12.5+dfsg-3squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qemu-utils\", reference:\"0.12.5+dfsg-3squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:08", "bulletinFamily": "scanner", "description": "An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456)\n\nNote: The following procedure must be performed before this update will take effect :\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using 'modprobe -r [module]') and reload (using 'modprobe [module]') all of the following modules which are currently running (determined using 'lsmod'): kvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.", "modified": "2018-12-28T00:00:00", "id": "SL_20150513_KVM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83457", "published": "2015-05-14T00:00:00", "title": "Scientific Linux Security Update : kvm on SL5.x x86_64 (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83457);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"Scientific Linux Security Update : kvm on SL5.x x86_64 (Venom)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds memory access flaw was found in the way QEMU's\nvirtual Floppy Disk Controller (FDC) handled FIFO buffer access while\nprocessing certain FDC commands. A privileged guest user could use\nthis flaw to crash the guest or, potentially, execute arbitrary code\non the host with the privileges of the host's QEMU process\ncorresponding to the guest. (CVE-2015-3456)\n\nNote: The following procedure must be performed before this update\nwill take effect :\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove\n(using 'modprobe -r [module]') and reload (using 'modprobe [module]')\nall of the following modules which are currently running (determined\nusing 'lsmod'): kvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1505&L=scientific-linux-errata&T=0&P=758\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2829f909\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-272.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-272.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-83-272.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-272.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-272.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-272.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:09", "bulletinFamily": "scanner", "description": "qemu was updated to fix a security issue :\n\n - CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host.", "modified": "2015-10-23T00:00:00", "id": "OPENSUSE-2015-363.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83533", "published": "2015-05-19T00:00:00", "title": "openSUSE Security Update : qemu (openSUSE-2015-363) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-363.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83533);\n script_version(\"$Revision: 2.7 $\");\n script_cvs_date(\"$Date: 2015/10/23 04:40:16 $\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"openSUSE Security Update : qemu (openSUSE-2015-363) (Venom)\");\n script_summary(english:\"Check for the openSUSE-2015-363 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"qemu was updated to fix a security issue :\n\n - CVE-2015-3456: Fixed a buffer overflow in the floppy\n drive emulation, which could be used to denial of\n service attacks or potential code execution against the\n host.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=929339\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ipxe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-seabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-sgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-vgabios\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-debuginfo-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-debugsource-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-guest-agent-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-guest-agent-debuginfo-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-ipxe-1.0.0-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-lang-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-linux-user-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-linux-user-debuginfo-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-linux-user-debugsource-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-seabios-1.7.2.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-sgabios-8-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-tools-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-tools-debuginfo-1.6.2-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qemu-vgabios-0.6c-4.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-linux-user / qemu-linux-user-debuginfo / etc\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:16", "bulletinFamily": "scanner", "description": "Privilege escalation via emulated floppy disk drive [XSA-133, CVE-2015-3456] (#1221153)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-22T00:00:00", "id": "FEDORA_2015-8194.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83828", "published": "2015-05-27T00:00:00", "title": "Fedora 22 : xen-4.5.0-9.fc22 (2015-8194) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8194.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83828);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2015/10/22 14:14:59 $\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_xref(name:\"FEDORA\", value:\"2015-8194\");\n\n script_name(english:\"Fedora 22 : xen-4.5.0-9.fc22 (2015-8194) (Venom)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Privilege escalation via emulated floppy disk drive [XSA-133,\nCVE-2015-3456] (#1221153)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1218611\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158648.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d82eb7a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"xen-4.5.0-9.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:09", "bulletinFamily": "scanner", "description": "Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3262.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83532", "published": "2015-05-19T00:00:00", "title": "Debian DSA-3262-1 : xen - security update (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3262. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83532);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_bugtraq_id(74640);\n script_xref(name:\"DSA\", value:\"3262\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"Debian DSA-3262-1 : xen - security update (Venom)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jason Geffner discovered a buffer overflow in the emulated floppy disk\ndrive, resulting in the potential execution of arbitrary code. This\nonly affects HVM guests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3262\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.4-3+deb7u6.\n\nThe stable distribution (jessie) is already fixed through the qemu\nupdate provided as DSA-3259-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxen-4.1\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-dev\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxen-ocaml-dev\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxenstore3.0\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-docs-4.1\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-amd64\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-hypervisor-4.1-i386\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-amd64\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-system-i386\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-4.1\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-utils-common\", reference:\"4.1.4-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xenstore-utils\", reference:\"4.1.4-3+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:55", "bulletinFamily": "unix", "description": "The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package.\n", "modified": "2018-06-07T08:59:44", "published": "2015-05-15T04:00:00", "id": "RHSA-2015:1011", "href": "https://access.redhat.com/errata/RHSA-2015:1011", "type": "redhat", "title": "(RHSA-2015:1011) Important: rhev-hypervisor security update", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:09", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.", "modified": "2018-04-25T17:05:55", "published": "2015-05-13T14:57:32", "id": "RHSA-2015:1000", "href": "https://access.redhat.com/errata/RHSA-2015:1000", "type": "redhat", "title": "(RHSA-2015:1000) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:44", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2016-09-04T02:14:20", "published": "2015-05-27T04:00:00", "id": "RHSA-2015:1031", "href": "https://access.redhat.com/errata/RHSA-2015:1031", "type": "redhat", "title": "(RHSA-2015:1031) Important: qemu-kvm security update", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:52", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect.\n", "modified": "2017-09-08T12:04:45", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:1003", "href": "https://access.redhat.com/errata/RHSA-2015:1003", "type": "redhat", "title": "(RHSA-2015:1003) Important: kvm security update", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:34", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-04-12T03:32:47", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:0999", "href": "https://access.redhat.com/errata/RHSA-2015:0999", "type": "redhat", "title": "(RHSA-2015:0999) Important: qemu-kvm security update", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:23", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.\n", "modified": "2018-06-07T08:59:40", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:1001", "href": "https://access.redhat.com/errata/RHSA-2015:1001", "type": "redhat", "title": "(RHSA-2015:1001) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:40:51", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-06-06T20:24:19", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:0998", "href": "https://access.redhat.com/errata/RHSA-2015:0998", "type": "redhat", "title": "(RHSA-2015:0998) Important: qemu-kvm security update", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:12", "bulletinFamily": "unix", "description": "The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be restarted\nfor this update to take effect.\n", "modified": "2017-09-08T12:18:45", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:1002", "href": "https://access.redhat.com/errata/RHSA-2015:1002", "type": "redhat", "title": "(RHSA-2015:1002) Important: xen security update", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:10", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM in environments\nmanaged by Red Hat Enterprise Linux OpenStack Platform.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.\n", "modified": "2018-06-07T02:47:59", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:1004", "href": "https://access.redhat.com/errata/RHSA-2015:1004", "type": "redhat", "title": "(RHSA-2015:1004) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "xen": [{"lastseen": "2016-04-01T21:57:16", "bulletinFamily": "software", "description": "#### ISSUE DESCRIPTION\nThe code in qemu which emulates a floppy disk controller did not correctly bounds check accesses to an array and therefore was vulnerable to a buffer overflow attack.\n#### IMPACT\nA guest which has access to an emulated floppy device can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.\n#### VULNERABLE SYSTEMS\nAll Xen systems running x86 HVM guests without stubdomains are vulnerable to this depending on the specific guest configuration. The default configuration is vulnerable.\nGuests using either the traditional "qemu-xen" or upstream qemu device models are vulnerable.\nGuests using a qemu-dm stubdomain to run the device model are only vulnerable to takeover of that service domain.\nSystems running only x86 PV guests are not vulnerable.\nARM systems are not vulnerable.\n", "modified": "2015-05-13T11:15:00", "published": "2015-05-13T11:15:00", "id": "XSA-133", "href": "http://xenbits.xen.org/xsa/advisory-133.html", "type": "xen", "title": "Privilege escalation via emulated floppy disk drive", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:25", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1002\n\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be restarted\nfor this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-May/021135.html\n\n**Affected packages:**\nxen\nxen-devel\nxen-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1002.html", "modified": "2015-05-13T15:16:55", "published": "2015-05-13T15:16:55", "href": "http://lists.centos.org/pipermail/centos-announce/2015-May/021135.html", "id": "CESA-2015:1002", "title": "xen security update", "type": "centos", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:31", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1003\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-May/021139.html\n\n**Affected packages:**\nkmod-kvm\nkmod-kvm-debug\nkvm\nkvm-qemu-img\nkvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1003.html", "modified": "2015-05-13T18:37:00", "published": "2015-05-13T18:37:00", "href": "http://lists.centos.org/pipermail/centos-announce/2015-May/021139.html", "id": "CESA-2015:1003", "title": "kmod, kvm security update", "type": "centos", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:00", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0998\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-May/021136.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0998.html", "modified": "2015-05-13T15:37:07", "published": "2015-05-13T15:37:07", "href": "http://lists.centos.org/pipermail/centos-announce/2015-May/021136.html", "id": "CESA-2015:0998", "title": "qemu security update", "type": "centos", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0999\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-May/021137.html\n\n**Affected packages:**\nlibcacard\nlibcacard-devel\nlibcacard-tools\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0999.html", "modified": "2015-05-13T16:57:36", "published": "2015-05-13T16:57:36", "href": "http://lists.centos.org/pipermail/centos-announce/2015-May/021137.html", "id": "CESA-2015:0999", "title": "libcacard, qemu security update", "type": "centos", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:17", "bulletinFamily": "unix", "description": "[3.0.3-146.el5]\n- xen-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch\n- xen-FDC-Fix-buffer-overflow-Herv-Poussineau.patch\n- Resolves: bz#1219333\n (xen: qemu: floppy disk controller flaw [rhel-5.11.z])\n[3.0.3-144.el5]\n- xm: Fix vcpu-pin complain for CPU number out of range (rhbz 955656)\n- libxc: Support set affinity for more than 64 CPUS (rhbz 955656)\n- libxc: Fixes for 'support affinity for more than 64 CPUS' (rhbz 955656)\n- xend: Fix bug of a cpu affinity vcpu-pin under ia32pa (rhbz 955656)\n- libxc: Fix cpu number overflow for vcpu-pin (rhbz 955656)\n[3.0.3-143.el5]\n- libxc: move error checking next to the function which returned the error (rhbz 870413)\n- libxc: builder: limit maximum size of kernel/ramdisk (rhbz 870413)\n- e1000: discard packets that are too long if !SBP and !LPE (rhbz 910844)\n- e1000: discard oversized packets based on SBP|LPE (rhbz 910844)", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-1002", "href": "http://linux.oracle.com/errata/ELSA-2015-1002.html", "title": "xen security update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:20", "bulletinFamily": "unix", "description": "[0.12.1.2-2.448.el6_6.3]\n- kvm-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch [bz#1219267]\n- Resolves: bz#1219267\n (EMBARGOED CVE-2015-3456 qemu-kvm: qemu: floppy disk controller flaw [rhel-6.6.z])", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-0998", "href": "http://linux.oracle.com/errata/ELSA-2015-0998.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:38:36", "bulletinFamily": "unix", "description": "[1.5.3-86.el7_1.2]\n- kvm-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch [bz#1219269]\n- Resolves: bz#1219269\n (EMBARGOED CVE-2015-3456 qemu-kvm: qemu: floppy disk controller flaw [rhel-7.1.z])", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-0999", "href": "http://linux.oracle.com/errata/ELSA-2015-0999.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:42:37", "bulletinFamily": "unix", "description": "[kvm-83-272.0.1.el5]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[kvm-83.272.el5]\n- kvm-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch [bz#1219266]\n- Resolves: bz#1219266\n (kvm: qemu: floppy disk controller flaw [rhel-5.11.z])", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-1003", "href": "http://linux.oracle.com/errata/ELSA-2015-1003.html", "title": "kvm security update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:52", "bulletinFamily": "info", "description": "Oracle, whose virtualization software VirtualBox is among those affected by the [VENOM vulnerability](<https://threatpost.com/venom-flaw-in-virtualization-software-could-lead-to-vm-escapes-data-theft/112772>), on Saturday joined the litany of VM providers that have [patched](<http://www.oracle.com/technetwork/topics/security/venom-cve-2015-3456-2542653.html>) the bug.\n\nOracle was one of the first vendors notified by [Crowdstrike](<http://venom.crowdstrike.com/>), whose researcher Jason Geffner found the bug and disclosed it privately April 30 to the Oracle security mailing list, the QEMU and Xen security mailing lists, as well as the Operating System Distribution Security list. Yet Oracle is last among those to provide a fix.\n\nVENOM, which is short for Virtualized Environment Neglected Operations Manipulation, was disclosed last Wednesday. The vulnerability can be exploited in targeted attacks against virtual machines to [escape guest virtual instances and attack the host](<https://threatpost.com/several-factors-mitigate-venoms-utility-for-attackers/112841>). Experts have said that since the vulnerability would require an attacker to be authenticated to a virtual machine in order to carry out an exploit, serious risks are mitigated. The bug, for example, cannot be attacked at any kind of scale, and as of today, there has been only [one publicly reported exploit](<http://www.openwall.com/lists/oss-security/2015/05/13/29>), developed by researcher Marcus Meissner of SUSE Linux.\n\nAlso mitigating the risk is the fact that [VMware](<http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2117469>), Microsoft and Bochs hypervisors are immune to VENOM; KVM and Xen, both of which have been patched, were the highest profile hypervisors vulnerable to the flaw.\n\nVENOM lives in the virtual floppy disk controller component of QEMU, an open-source virtualization package. XEN, KVM and other virtualization platforms run QEMU, and hosting providers who run on these platforms were advised to patch quickly. The FDC inside of QEMU contains a buffer overflow issue that Meissner\u2019s exploit uses to crash an unpatched instance of the software. While it\u2019s possible to gain remote code execution, Meissner and others said this would be challenging for an attacker.\n\n\u201cTo trigger the condition of the exploit is easy, however the attacker needs to have root-level privileges on the guest machine,\u201d Meissner said. \u201cFrom this to gaining code execution needs knowledge of the memory layout of the QEMU process running. Without address space randomization this could be more or less easy, but I have not researched this.\u201d\n\nOracle said VirtualBox 3.2, 4.0, 4.1, 4.2, and 4.3 prior to 4.3.28 are affected by VENOM, as are Oracle VM 2.2, 3.2 and 3.3, and Oracle Linux 5, 6 and 7.\n\nAs for Oracle Cloud, the company said it continues to investigate and develop patches for affected services. Oracle provides several contacts for customers of its respective services in its advisory.\n\n\u201cThe Oracle Cloud teams are evaluating these fixes as they become available and will be applying the relevant patches in accordance with applicable change management processes,\u201d Oracle said in its advisory.\n\nIn a separate [notice](<http://www.oracle.com/technetwork/topics/security/venom-cve-2015-3456-2542653.html>) from last week, Oracle said Oracle Database Appliance, Oracle Exadata Database Machine, Oracle Exalogic Elastic Cloud and Oracle Exalytics In-Memory Machine all run QEMU and are potentially vulnerable to VENOM. None, however, were patched in this round of fixes.\n", "modified": "2015-05-19T18:47:12", "published": "2015-05-18T10:49:00", "id": "THREATPOST:5EDDCDBEF4B9D7627ECE4678092415C6", "href": "https://threatpost.com/oracle-patches-venom-vulnerability/112868/", "type": "threatpost", "title": "Oracle Patches VENOM Vulnerability", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:56:53", "bulletinFamily": "info", "description": "Researchers have uncovered a vulnerability in an obscure component of many virtualization platforms that they say can allow an attacker to escape from a guest virtual machine and gain code execution on the host, as well as any other VMs operating on that machine. Experts say the bug affects a wide variety of virtualization software running on all major operating systems.\n\nThe simple route to exploiting this vulnerability is for an attacker to buy space on a cloud hosting provider. From there, he can use the vulnerability to escape the VM he\u2019s running and move laterally among the other VMs on that host. The attacker may then be able to access the local network running the host and get to sensitive data stored there. The bug was discovered by Jason Geffner, a senior security researcher at CrowdStrike.\n\nThe vulnerability itself lies in the virtual floppy disk controller component of QEMU, an open-source virtualization package. The component is included in a number of virtualization platforms, including Xen and KVM, and the largest target base for attackers would be hosting providers who run these platforms, experts say. With so many enterprises moving their resources to cloud providers, the danger from the decade-old vulnerability is high.\n\n\u201cThere is a cost to this move, which is that attackers who once needed to find an exploit may get some degree of local privilege using money. There\u2019s a lot riding on the code that isolates VM\u2019s, but like all code there\u2019s a risk of bugs. Many cloud providers offer enhanced isolation of hardware, such that at minimum you\u2019re only exposed to other VM\u2019s from your own organization. When feasible it\u2019s worth outbidding attackers to acquire this isolation,\u201d said researcher Dan Kaminsky, co-founder of White Ops. \n\nAlthough floppy drives are hopelessly obsolete, the FDC code that\u2019s at the heart of this vulnerability is present in many places.\n\n\u201cFor many of the affected virtualization products, a virtual floppy drive is added to new virtual machines by default. And on Xen and QEMU, even if the administrator explicitly disables the virtual floppy drive, an unrelated bug causes the vulnerable FDC code to remain active and exploitable by attackers,\u201d the FAQ on the vulnerability says.\n\nThe bug is being called [VENOM](<http://venom.crowdstrike.com>), for virtualized environment neglected operations manipulation, and CrowdStrike\u2019s Geffner discovered it during an audit of virtual machine hypervisors. The bug has existed since 2004, when the virtual FDC code was added to QEMU. Both Xen and QEMU have produced patches for the vulnerability and most of the large cloud providers have addressed the bug. But Kaminsky, who worked with CrowdStrike to produce a fix for the VENOM flaw, said the threat from attackers is still real.\n\n\u201cWe are increasingly using sandboxes on the network to analyze traffic. Nothing is without cost; these sorts of VM escapes (this one being particularly special, it being so inherited across the ecosystem) do create the threat of attackers with global visibility across your network. If nothing else, sandboxing architecture can\u2019t be patched like normal network equipment. If you\u2019ve got it, fire drill it, because even unlike a domain controller attackers can make it run stuff by design,\u201d Kaminsky said.\n\nThe Xen Project has released an [advisory](<http://xenbits.xen.org/xsa/advisory-133.html>) on the vulnerability.\n\n\u201cAll Xen systems running x86 HVM guests without stubdomains are vulnerable to this depending on the specific guest configuration. The default configuration is vulnerable. Guests using either the traditional \u2018qemu-xen\u2019 or upstream qemu device models are vulnerable. Guests using a qemu-dm stubdomain to run the device model are only vulnerable to takeover of that service domain,\u201d the advisory says.\n\nAmazon, one of the larger cloud services providers, said that its systems are not vulnerable to the VENOM bug.\n\n\u201cWe are aware of the QEMU security issue assigned CVE-2015-3456, also known as \u2018VENOM,\u2019 which impacts various virtualized platforms. There is no risk to AWS customer data or instances,\u201d Amazon [said](<https://aws.amazon.com/security/security-bulletins/XSA_Security_Advisory_CVE_2015_3456/>).\n\nThough the vulnerable code has been in QEMU for 11 years, it wasn\u2019t known until now, and [knowing is half the battle](<https://www.youtube.com/watch?v=pele5vptVgc>).\n", "modified": "2015-05-14T15:34:40", "published": "2015-05-13T09:34:43", "id": "THREATPOST:7E75302C84F4806564B9E039965B768C", "href": "https://threatpost.com/venom-flaw-in-virtualization-software-could-lead-to-vm-escapes-data-theft/112772/", "type": "threatpost", "title": "Flaw in Virtualization Software Could Lead to VM Escapes, Data Theft", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-04T04:58:35", "bulletinFamily": "exploit", "description": "VENOM, Xen 4.5.x, QEMU. CVE-2015-3456. Dos exploits for multiple platform", "modified": "2015-05-18T00:00:00", "published": "2015-05-18T00:00:00", "id": "EDB-ID:37053", "href": "https://www.exploit-db.com/exploits/37053/", "type": "exploitdb", "title": "QEMU - Floppy Disk Controller FDC PoC", "sourceData": "// Source: https://marc.info/?l=oss-security&m=143155206320935&w=2\r\n\r\n#include <sys/io.h>\r\n\r\n#define FIFO 0x3f5\r\n\r\nint main() {\r\n int i;\r\n iopl(3);\r\n\r\n outb(0x0a,0x3f5); /* READ ID */\r\n for (i=0;i<10000000;i++)\r\n outb(0x42,0x3f5); /* push */\r\n}", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37053/"}], "freebsd": [{"lastseen": "2018-08-31T01:14:41", "bulletinFamily": "unix", "description": "\nJason Geffner, CrowdStrike Senior Security Researcher reports:\n\nVENOM, CVE-2015-3456, is a security vulnerability in\n\t the virtual floppy drive code used by many computer\n\t virtualization platforms. This vulnerability may allow\n\t an attacker to escape from the confines of an affected\n\t virtual machine (VM) guest and potentially obtain\n\t code-execution access to the host. Absent mitigation,\n\t this VM escape could open access to the host system and\n\t all other VMs running on that host, potentially giving\n\t adversaries significant elevated access to the host's\n\t local network and adjacent systems.\n\n", "modified": "2015-09-28T00:00:00", "published": "2015-04-29T00:00:00", "id": "2780E442-FC59-11E4-B18B-6805CA1D3BB1", "href": "https://vuxml.freebsd.org/freebsd/2780e442-fc59-11e4-b18b-6805ca1d3bb1.html", "title": "qemu, xen and VirtualBox OSE -- possible VM escape and code execution (\"VENOM\")", "type": "freebsd", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T09:17:29", "bulletinFamily": "info", "description": "[](<https://4.bp.blogspot.com/-v6lXMdGjJrM/VVS9GudB5vI/AAAAAAAAi7Y/6L81WEvdn0k/s1600/venom-virtualisation-vulnerability.jpg>)\n\nJust after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords.\n\n \n\n\nBut don\u2019t panic. Though the recent vulnerability has a more terrific name than **[HeartBleed](<https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html>)**, it is not going to cause as much danger as HeartBleed did.\n\n \n\n\nDubbed **_[VENOM](<http://venom.crowdstrike.com/>)_**, stands for **_Virtualized Environment Neglected Operations Manipulation_**, is a virtual machine security flaw uncovered by security firm CrowdStrike that could expose most of the data centers to malware attacks, but in theory.\n\n \n\n\nYes, the risk of Venom vulnerability is theoretical as there is no real-time exploitation seen yet, while, on the other hand, last year\u2019s HeartBleed bug was practically exploited by hackers unknown number of times, leading to the theft of critical personal information.\n\n \n\n\n### Now let\u2019s know more about Venom:\n\n \n\n\nVenom (**_CVE-2015-3456_**) resides in the virtual floppy drive code used by a several number of computer virtualization platforms that if exploited\u2026\n\n \n\n\n...could allow an attacker to escape from a guest 'virtual machine' (VM) and gain full control of the operating system hosting them, as well as any other guest VMs running on the same host machine.\n\n \n\n\nAccording to CrowdStrike, this roughly decade-old bug was discovered in the open-source virtualization package QEMU, affecting its Virtual Floppy Disk Controller (FDC) that is being used in many modern virtualization platforms and appliances, including Xen, KVM, Oracle's VirtualBox, and the native QEMU client.\n\n \n\n\nJason Geffner, a senior security researcher at CrowdStrike who discovered the flaw, warned that the vulnerability affects all the versions of QEMU dated back to 2004, when the virtual floppy controller was introduced at the very first.\n\n \n\n\nHowever, Geffner also added that so far, there is no known exploit that could successfully exploit the vulnerability. Venom is critical and disturbing enough to be considered a high-priority bug.\n\n \n\n\n### **Successful exploitation of Venom required:**\n\nFor successful exploitation, an attacker sitting on the guest virtual machine would need sufficient permissions to get access to the floppy disk controller I/O ports.\n\n \n\n\nWhen considering on Linux guest machine, an attacker would need to have either root access or elevated privilege. However on Windows guest, practically anyone would have sufficient permissions to access the FDC.\n\n \n\n\nHowever, comparing Venom with Heartbleed is something of no comparison. Where HeartBleed allowed hackers to probe Millions of systems, Venom bug simply would not be exploitable at the same scale.\n\n \n\n\nFlaws like Venom are typically used in a highly targeted attack such as corporate espionage, cyber warfare or other targeted attacks of these kinds.\n\n \n\n\n### Did venom poison Clouds Services?\n\n \n\n\nPotentially more concerning are most of the large cloud providers, including Amazon, Oracle, Citrix, and Rackspace, which rely heavily on QEMU-based virtualization are vulnerable to Venom.\n\n \n\n\nHowever, the good news is that most of them have resolved the issue, assuring that their customers needn't worry.\n\n> \"_There is no risk to AWS customer data or instances_,\" Amazon Web Services said in a [statement](<https://aws.amazon.com/security/security-bulletins/XSA_Security_Advisory_CVE_2015_3456/>).\n\nRackspace also said the flaw does affect a portion of its Cloud Servers, but assured its customers that it has \"_applied the appropriate patch to our infrastructure and are working with customers to remediate fully this vulnerability._\"\n\n \n\n\nAzure cloud service by Microsoft, on the other hand, uses its homemade virtualization hypervisor technology, and, therefore, its customers are not affected by Venom bug.\n\n \n\n\nMeanwhile, Google also assured that its Cloud Service Platform does not use the vulnerable software, thus was never vulnerable to Venom.\n\n \n\n\n### **Patch Now! Prevent yourself**\n\n \n\n\nBoth Xen and QEMU have rolled out [patches for Venom](<http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c>). If you're running an earlier version of Xen or QEMU, [upgrade and apply the patch](<https://xenbits.xen.org/xsa/advisory-133.html>).\n\n \n\n\nNote: All versions of [Red Hat Enterprise Linux](<https://access.redhat.com/articles/1444903>), which includes QEMU, are vulnerable to Venom. Red Hat recommend its users to update their system using the commands, \"_yum update_\" or \"_yum update qemu-kvm._\"\n\n \n\n\nOnce done, you must \"power off\" all your guests Virtual Machines for the update to take place, and then restart it to be on the safer side. But remember, only restarting without power off the guest operating system is not enough for the administrators because it would still use the old QEMU binary.\n", "modified": "2015-05-14T16:32:59", "published": "2015-05-14T05:32:00", "id": "THN:7BD85D2AA21CA4E7244B437A1836EBFC", "href": "https://thehackernews.com/2015/05/venom-vulnerability.html", "type": "thn", "title": "Venom Vulnerability Exposes Most Data Centers to Cyber Attacks", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:41", "bulletinFamily": "unix", "description": "The guest operating system communicates with the FDC by sending commands\nsuch as seek, read, write, format, etc. to the FDC’s input/output port.\nQEMU’s virtual FDC uses a fixed-size buffer for storing these commands\nand their associated data parameters. The FDC keeps track of how much\ndata to expect for each command and, after all expected data for a given\ncommand is received from the guest system, the FDC executes the command\nand clears the buffer for the next command.\n\nThis buffer reset is performed immediately at the completion of\nprocessing for all FDC commands, except for two of the defined commands.\nAn attacker can send these commands and specially crafted parameter data\nfrom the guest system to the FDC to overflow the data buffer and execute\narbitrary code in the context of the host’s hypervisor process.", "modified": "2015-05-14T00:00:00", "published": "2015-05-14T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html", "id": "ASA-201505-9", "title": "qemu: arbitrary code execution", "type": "archlinux", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:43:03", "bulletinFamily": "unix", "description": "Xen was updated to fix a buffer overflow in the floppy drive emulation,\n which could be used to carry out denial of service attacks or potential\n code execution against the host. This vulnerability is also known as\n VENOM. (CVE-2015-3456)\n\n Security Issues:\n\n * CVE-2015-3456\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456</a>>\n\n\n", "modified": "2015-05-26T14:06:51", "published": "2015-05-26T14:06:51", "id": "SUSE-SU-2015:0889-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00023.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:51:21", "bulletinFamily": "unix", "description": "KVM was updated to fix a buffer overflow in the floppy drive emulation,\n which could be used to carry out denial of service attacks or potential\n code execution against the host. This vulnerability is also known as\n VENOM. (CVE-2015-3456)\n\n Security Issues:\n\n * CVE-2015-3456\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456</a>>\n\n", "modified": "2015-05-16T00:04:49", "published": "2015-05-16T00:04:49", "id": "SUSE-SU-2015:0889-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html", "type": "suse", "title": "Security update for KVM (important)", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:39:29", "bulletinFamily": "unix", "description": "Qemu was updated to v2.1.3: See <a rel=\"nofollow\" href=\"http://wiki.qemu-project.org/ChangeLog/2.1\">http://wiki.qemu-project.org/ChangeLog/2.1</a>\n for more information.\n\n This update includes a security fix:\n * CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation,\n which could be used to denial of service attacks or potential code\n execution against the host.\n\n", "modified": "2015-05-18T14:04:51", "published": "2015-05-18T14:04:51", "id": "OPENSUSE-SU-2015:0893-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html", "type": "suse", "title": "Security update for qemu (important)", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:39", "bulletinFamily": "unix", "description": "KVM was updated to fix the following issues:\n\n * CVE-2015-3456: A buffer overflow in the floppy drive emulation,\n which could be used to carry out denial of service attacks or\n potential code execution against the host. This vulnerability is\n also known as VENOM.\n * Validate VMDK4 version field so we don't process versions we know\n nothing about. (bsc#834196)\n\n Security Issues:\n\n * CVE-2015-3456\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456</a>>\n\n", "modified": "2015-05-26T14:07:13", "published": "2015-05-26T14:07:13", "id": "SUSE-SU-2015:0943-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00024.html", "type": "suse", "title": "Security update for KVM (important)", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:30:36", "bulletinFamily": "unix", "description": "qemu was updated to fix a security issue:\n\n * CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation,\n which could be used to denial of service attacks or potential code\n execution against the host.\n\n", "modified": "2015-05-18T14:05:11", "published": "2015-05-18T14:05:11", "id": "OPENSUSE-SU-2015:0894-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "lenovo": [{"lastseen": "2018-02-21T17:02:21", "bulletinFamily": "info", "description": "**Lenovo Security Advisory:** LEN-2015-046 \n**Potential Impact:** Escalation of Privileges \n****Severity****: High \n \n**Summary:** \nA buffer overflow vulnerability affecting the Floppy Disk Controller (FDC) emulation implemented in the QEMU component has been identified in the KVM/QEMU and Xen hypervisors. This vulnerability has been assigned CVE-2015-3456 and is being referred to as VENOM. \n \n**Description:** \nQEMU is a generic and open source machine emulator and virtualizer and is used as a foundation and hardware emulation layer for running virtual machines under the Xen and KVM/QEMU hypervisors. \n \nA privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. It needs to be noted that even if a guest does not explicitly have a virtual floppy disk configured and attached, this issue is exploitable. The problem exists in the Floppy Disk Controller, which is initialized for every x86 and x86_64 guest regardless of the configuration and cannot be removed or disabled. \n \nThere is currently no known exploit that would make use of this vulnerability, but it is recommended that customers update to the latest code versions.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):** \nUpdate your product to the latest levels using the steps below:\n\n \n**Product Impact:** \nPlease apply the latest versions of the following software updates:\n\n**Product Affected** | **Fix Version** | **Update Instructions** | **Software fix location: ** \n---|---|---|--- \nLenovoEMC px12-400r IVX application | Version 1.0.10.33264 and later | See <http://download.lenovo.com/nasupdate/help/lifeline/4.1a/px12-400r/en_US/Content/software_update.html> for instructions on updating to the latest software version | \n\n[http://lifelineapps.com/?user_lang=en&device=px12450r&version=&category=&sort=1&redirect_url=](<http://lifelineapps.com/?user_lang=en&device=px12450r&version=&category=&sort=1&redirect_url=>) \n \nLenovoEMC px12-450r IVX application | Version 1.0.10.33264 and later | See <http://download.lenovo.com/nasupdate/help/lifeline/4.1a/px12-450r/en_US/Content/software_update.html> for instructions on updating to the latest software version | [http://lifelineapps.com/?user_lang=en&device=px12450r&version=&category=&sort=1&redirect_url=](<http://lifelineapps.com/?user_lang=en&device=px12450r&version=&category=&sort=1&redirect_url=>) \n \n \n**Other information and references:**\n\n * <https://access.redhat.com/articles/1444903>\n \n**Revision History:**\n\n****Revision****\n\n| \n\n****Date****\n\n| \n\n****Description**** \n \n---|---|--- \n** 1.0** | ** 20 Jul 2015** | ** Initial release**\n", "modified": "2017-01-23T00:00:00", "published": "2017-01-23T00:00:00", "id": "LENOVO:PS500033-NOSID", "href": "https://support.lenovo.com/us/en/product_security/venom", "type": "lenovo", "title": "Venom", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "huawei": [{"lastseen": "2019-02-01T18:01:50", "bulletinFamily": "software", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "modified": "2015-06-29T00:00:00", "published": "2015-06-09T00:00:00", "id": "HUAWEI-SA-20150609-01-VENOM", "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-438937", "title": "Security Advisory - VENOM Vulnerability in Huawei Products", "type": "huawei", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "myhack58": [{"lastseen": "2016-10-28T18:37:31", "bulletinFamily": "info", "description": "! [](/Article/UploadPic/2015-5/201551503620824.jpg) \nCrowdStrike, the company security researchers said that a named\u201cvenom\uff08VENOM\u201dQEMU could allow millions of virtual machines in a cyber-attack risk, the vulnerability can cause the virtual machine to escape, the threat to the world's largest cloud service provider's data security. QEMU is an instruction-level simulator of free software, is widely used in various GNU/Linux distributions. \nThe vulnerability principle \nThis is called the venom\uff08VENOM, numbered CVE-2 0 1 5-3 4 5 6 security vulnerability threatens entire security industry, can cause the virtual machine to escape. QEMU is an instruction-level simulator of free software, is widely used in various GNU/Linux distributions, including Debian, Gentoo, SUSE, RedHat, CentOS, etc. \nVENOM vulnerability by CrowdStrike senior security researcher Jason Geffner found, he explained that an attacker can use the vulnerability to hazards of the data center network of any one machine, and millions of virtual machines are vulnerable to exploitation of this vulnerability. Geffner in a blog post said: \n\u201cVENOM\uff08CVE-2 0 1 5-3 4 5 6 a present in the virtual floppy drives the FDC code for the security vulnerability, the code exists in many computer virtualization platform. The vulnerability may allow an attacker from the infected virtual machine to get a guest limit, and it is possible to get the host code execution permissions. In addition, an attacker also can use it to access the host system and running on the host all virtual machines, and be able to enhance the important access, so that the attacker can access the host in the local network and the neighbor system.\u201d \nClient[operating system](<http://www.myhack58.com/Article/48/Article_048_1.htm>)by the wanted to FDC input and output port to send to search, read, write, format and other instructions with the FDC to communicate. QEMU virtual FDC using a fixed-size buffer to store the instruction and its associated data parameters. FDC track and is expected of each instruction how much data, in the instruction of all the expected data reception is completed, the FDC will execute the next instruction and clear the buffer for the next instruction. \nAfter processing all of the FDC instruction in addition to the two defined command, it will immediately reset the buffer. The attacker can be from the client system sends these instructions and elaborate the parameters of the data to the FDC, so that overflow of the data buffer, and the host of the monitoring program the process environment in the execution of arbitrary code. \n! [](/Article/UploadPic/2015-5/2 0 1 5 5 1 5 0 3 6 2 3 1 3 7. png) \nVulnerability \nVENOM is a\u201cvirtual environment is the neglect of the business operations\u201dof the abbreviation, which is capable of affecting QEMU floppy disk controller driver vulnerabilities, QEMU is used to manage the virtual machine open-source PC simulator. The attacker can be from the client system to send commands and crafting of the parameter data to the floppy disk controller, in order to cause the data to a buffer overflow, and in the host management program the process environment in the execution of arbitrary code. \nVENOM is very dangerous, because if to be able to exploit the vulnerability, it will affect the world within the scope of a large number of virtualization platform, and its running condition is very simple, need only in the default configuration of the virtual machine can be, the most important is, it can execute arbitrary code. The expert explained that the VENOM will be able to impact thousands of institutions and millions of end users. The attacker can make the monitoring program to crash, and be able to get the target machine and on which all the virtual machines running control. \nGeffner explains: \n\u201cThe use of VENOM vulnerabilities can expose corporate intellectual property access, in addition to sensitive data and personal identity information, may also affect thousands of relevant agencies and millions of end-users, these organizations and users rely on the affected virtual machine to allocate shared computing resources, connectivity, storage, security and privacy services.\u201d \nThe vulnerability exists in the QEMU virtual floppy Controller FDC, and FDC codes used in many virtualization platforms and devices, especially Xen, KVM as well as the local QEMU client. However, VMware, Microsoft hyper-V and Bochs management program is not affected by the vulnerability. \n! [](/Article/UploadPic/2015-5/201551503623457.jpg) \nVulnerability POC \n#include /io. h> \n#define FIFO 0x3f5 \nint main() { \nint i; \niopl(3); \noutb(0x0a,0x3f5); /* READ ID */ \nfor (i=0;i \nSafety recommendations \nIf you manage a run Xen, KVM or a local QEMU client system, we recommend that you review and apply the latest vulnerability patches. \nIf you're using a provider's service or equipment affected by this vulnerability, it is recommended that you as soon as possible contact the supplier of the support group and consult the product whether it has fixed this vulnerability or whether the release of vulnerability patches. \nReference: published patch the provider \nQEMU: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c \nXen Project: http://xenbits.xen.org/xsa/advisory-133.html \nRed Hat: https://access.redhat.com/articles/1444903 \nCitrix: http://support.citrix.com/Article/CTX201078 \nFireEye: https://www.fireeye.com/content/dam/fireeye-www/support/pdfs/fireeye-venom-vulnerability.pdf \nLinode: https://blog.linode.com/2015/05/13/venom-cve-2015-3456-vulnerability-and-linode/ \nRackspace: https://community.rackspace.com/general/f/53/t/5187 \nUbuntu: http://www.ubuntu.com/usn/usn-2608-1/ \nDebian: https://security-tracker.debian.org/tracker/CVE-2015-3456 \nSuse: https://www.suse.com/support/kb/doc.php?id=7016497 \nDigitalOcean: https://www.digitalocean.com/company/blog/update-on-CVE-2015-3456/ \nf5: https://support.f5.com/kb/en-us/solutions/public/16000/600/sol16620.html \n\n", "modified": "2015-05-15T00:00:00", "published": "2015-05-15T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2015/62439.htm", "id": "MYHACK58:62201562439", "type": "myhack58", "title": "Vulnerability warning:\u201cvenom\uff08VENOM\u201dthe vulnerability affects millions worldwide virtual machine security-vulnerability warning-the black bar safety net", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
