{"cve": [{"lastseen": "2019-05-29T18:14:40", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.", "modified": "2019-02-05T18:01:00", "id": "CVE-2015-2594", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2594", "published": "2015-07-16T10:59:00", "title": "CVE-2015-2594", "type": "cve", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:14:41", "bulletinFamily": "NVD", "description": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.\nThough the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker\u2019s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM", "modified": "2019-04-22T17:48:00", "id": "CVE-2015-3456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456", "published": "2015-05-13T18:59:00", "title": "CVE-2015-3456", "type": "cve", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2017-12-20T20:16:42", "bulletinFamily": "software", "description": "", "modified": "2016-01-09T02:11:00", "published": "2015-05-13T21:14:00", "href": "https://support.f5.com/csp/article/K16620", "id": "F5:K16620", "type": "f5", "title": "QEMU vulnerability CVE-2015-3456", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-03-19T09:01:59", "bulletinFamily": "software", "description": "1 vCMP is not available on BIG-IP versions prior to 11.0.0. \n\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable column**, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL14088: vCMP host and supported guest version matrix\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2015-10-02T00:00:00", "published": "2015-05-13T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/600/sol16620.html", "id": "SOL16620", "title": "SOL16620 - QEMU vulnerability CVE-2015-3456", "type": "f5", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:45", "bulletinFamily": "scanner", "description": "This update fixes an unspecified security\nissue in VirtualBox related to guests using bridged networking via WiFi. Oracle no\nlonger provides information on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we", "modified": "2019-03-18T00:00:00", "published": "2015-09-13T00:00:00", "id": "OPENVAS:1361412562310703359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703359", "title": "Debian Security Advisory DSA 3359-1 (virtualbox - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3359.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3359-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703359\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-2594\");\n script_name(\"Debian Security Advisory DSA 3359-1 (virtualbox - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-13 00:00:00 +0200 (Sun, 13 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3359.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"virtualbox on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 4.1.40-dfsg-1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.30-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 4.3.30-dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.3.30-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\");\n script_tag(name:\"summary\", value:\"This update fixes an unspecified security\nissue in VirtualBox related to guests using bridged networking via WiFi. Oracle no\nlonger provides information on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we've decided to\nupdate these to the respective 4.1.40 and 4.3.30 bugfix releases.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"virtualbox\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-dbg\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-fuse\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-utils\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-guest-x11\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose-dbg\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose-fuse\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-utils\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-x11\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose-qt\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-ose-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-qt\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"virtualbox-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:00", "bulletinFamily": "scanner", "description": "This update fixes an unspecified security\nissue in VirtualBox related to guests using bridged networking via WiFi. Oracle no\nlonger provides information on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we", "modified": "2017-07-07T00:00:00", "published": "2015-09-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703359", "id": "OPENVAS:703359", "title": "Debian Security Advisory DSA 3359-1 (virtualbox - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3359.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3359-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703359);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-2594\");\n script_name(\"Debian Security Advisory DSA 3359-1 (virtualbox - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-09-13 00:00:00 +0200 (Sun, 13 Sep 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3359.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"virtualbox on Debian Linux\");\n script_tag(name: \"insight\", value: \"VirtualBox is a free x86 virtualization\nsolution allowing a wide range of x86 operating systems such as Windows, DOS, BSD\nor Linux to run on a Linux system.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 4.1.40-dfsg-1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.30-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 4.3.30-dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.3.30-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\");\n script_tag(name: \"summary\", value: \"This update fixes an unspecified security\nissue in VirtualBox related to guests using bridged networking via WiFi. Oracle no\nlonger provides information on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we've decided to\nupdate these to the respective 4.1.40 and 4.3.30 bugfix releases.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"virtualbox\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dbg\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-fuse\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-utils\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-guest-x11\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-dbg\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-fuse\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-dkms\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-utils\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-guest-x11\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-qt\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-ose-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-qt\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"virtualbox-source\", ver:\"4.1.40-dfsg-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-17T14:27:50", "bulletinFamily": "scanner", "description": "The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.", "modified": "2019-07-05T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310805725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805725", "title": "Oracle Virtualbox Unspecified Vulnerability July15 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Virtualbox Unspecified Vulnerability July15 (Linux)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805725\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2015-2594\");\n script_bugtraq_id(75899);\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 10:27:00 +0530 (Tue, 21 Jul 2015)\");\n script_name(\"Oracle Virtualbox Unspecified Vulnerability July15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to have an impact on confidentiality, integrity, and availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 4.0.32,\n 4.1.40, 4.2.32, and 4.3.30 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 4.0.32, 4.1.40, 4.2.32, and 4.3.30 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/VirtualBox/Lin/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!virtualVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(virtualVer =~ \"^(4\\.(0|1|2|3))\")\n{\n if(version_in_range(version:virtualVer, test_version:\"4.0.0\", test_version2:\"4.0.31\"))\n {\n fix = \"4.0.32\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.1.0\", test_version2:\"4.1.39\"))\n {\n fix = \"4.1.40\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.2.0\", test_version2:\"4.2.31\"))\n {\n fix = \"4.2.32\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.3.0\", test_version2:\"4.3.29\"))\n {\n fix = \"4.3.30\";\n VULN = TRUE;\n }\n if(VULN)\n {\n report = 'Installed version: ' + virtualVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:26:46", "bulletinFamily": "scanner", "description": "The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.", "modified": "2019-07-05T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310805724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805724", "title": "Oracle Virtualbox Unspecified Vulnerability July15 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Virtualbox Unspecified Vulnerability July15 (Mac OS X)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805724\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2015-2594\");\n script_bugtraq_id(75899);\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 10:26:43 +0530 (Tue, 21 Jul 2015)\");\n script_name(\"Oracle Virtualbox Unspecified Vulnerability July15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to have an impact on confidentiality, integrity, and availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 4.0.32,\n 4.1.40, 4.2.32, and 4.3.30 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 4.0.32, 4.1.40, 4.2.32, and 4.3.30 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_oracle_virtualbox_detect_macosx.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!virtualVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(virtualVer =~ \"^(4\\.(0|1|2|3))\")\n{\n if(version_in_range(version:virtualVer, test_version:\"4.0.0\", test_version2:\"4.0.31\"))\n {\n fix = \"4.0.32\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:virtualVer, test_version:\"4.1.0\", test_version2:\"4.1.39\"))\n {\n fix = \"4.1.40\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:virtualVer, test_version:\"4.2.0\", test_version2:\"4.2.31\"))\n {\n fix = \"4.2.32\";\n VULN = TRUE;\n }\n\n if(version_in_range(version:virtualVer, test_version:\"4.3.0\", test_version2:\"4.3.29\"))\n {\n fix = \"4.3.30\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = 'Installed version: ' + virtualVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:27:40", "bulletinFamily": "scanner", "description": "The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.", "modified": "2019-07-05T00:00:00", "published": "2015-07-21T00:00:00", "id": "OPENVAS:1361412562310805723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805723", "title": "Oracle Virtualbox Unspecified Vulnerability July15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Virtualbox Unspecified Vulnerability July15 (Windows)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:vm_virtualbox\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805723\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2015-2594\");\n script_bugtraq_id(75899);\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-07-21 10:04:16 +0530 (Tue, 21 Jul 2015)\");\n script_name(\"Oracle Virtualbox Unspecified Vulnerability July15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Oracle VM\n virtualBox and is prone to unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to unspecified errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to have an impact on confidentiality, integrity, and availability.\");\n\n script_tag(name:\"affected\", value:\"VirtualBox versions prior to 4.0.32,\n 4.1.40, 4.2.32, and 4.3.30 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Oracle VirtualBox version\n 4.0.32, 4.1.40, 4.2.32, and 4.3.30 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_sun_virtualbox_detect_win.nasl\");\n script_mandatory_keys(\"Oracle/VirtualBox/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!virtualVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(virtualVer =~ \"^(4\\.(0|1|2|3))\")\n{\n if(version_in_range(version:virtualVer, test_version:\"4.0.0\", test_version2:\"4.0.31\"))\n {\n fix = \"4.0.32\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.1.0\", test_version2:\"4.1.39\"))\n {\n fix = \"4.1.40\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.2.0\", test_version2:\"4.2.31\"))\n {\n fix = \"4.2.32\";\n VULN = TRUE;\n }\n if(version_in_range(version:virtualVer, test_version:\"4.3.0\", test_version2:\"4.3.29\"))\n {\n fix = \"4.3.30\";\n VULN = TRUE;\n }\n if(VULN)\n {\n report = 'Installed version: ' + virtualVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850789", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850789", "title": "SuSE Update for KVM SUSE-SU-2015:0889-1 (KVM)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0889_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for KVM SUSE-SU-2015:0889-1 (KVM)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850789\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 15:40:30 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2015-3456\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for KVM SUSE-SU-2015:0889-1 (KVM)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'KVM'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"KVM was updated to fix a buffer overflow in the floppy drive emulation,\n which could be used to carry out denial of service attacks or potential\n code execution against the host. This vulnerability is also known as\n VENOM. (CVE-2015-3456)\");\n\n script_tag(name:\"affected\", value:\"KVM on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0889_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~1.4.2~0.22.27.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310871361", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871361", "title": "RedHat Update for xen RHSA-2015:1002-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xen RHSA-2015:1002-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871361\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 11:00:33 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-3456\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for xen RHSA-2015:1002-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be restarted\nfor this update to take effect.\");\n script_tag(name:\"affected\", value:\"xen on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1002-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-May/msg00013.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debuginfo\", rpm:\"xen-debuginfo~3.0.3~146.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~146.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:56", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869499", "title": "Fedora Update for xen FEDORA-2015-8194", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2015-8194\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869499\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:20:29 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-3456\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2015-8194\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-8194\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158648.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.5.0~9.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1003", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123116", "title": "Oracle Linux Local Check: ELSA-2015-1003", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1003.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123116\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:33 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1003\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1003 - kvm security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1003\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1003.html\");\n script_cve_id(\"CVE-2015-3456\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~272.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~272.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~272.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~272.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~272.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "scanner", "description": "Jason Geffner discovered a buffer\noverflow in the emulated floppy disk drive, resulting in the potential\nexecution of arbitrary code. This only affects HVM guests.", "modified": "2019-03-18T00:00:00", "published": "2015-05-18T00:00:00", "id": "OPENVAS:1361412562310703262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703262", "title": "Debian Security Advisory DSA 3262-1 (xen - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3262.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3262-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703262\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-3456\");\n script_name(\"Debian Security Advisory DSA 3262-1 (xen - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-18 00:00:00 +0200 (Mon, 18 May 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3262.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"xen on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution\n(wheezy), this problem has been fixed in version 4.1.4-3+deb7u6.\n\nThe stable distribution (jessie) is already fixed through the qemu\nupdate provided as DSA-3259-1.\n\nWe recommend that you upgrade your xen packages.\");\n script_tag(name:\"summary\", value:\"Jason Geffner discovered a buffer\noverflow in the emulated floppy disk drive, resulting in the potential\nexecution of arbitrary code. This only affects HVM guests.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxen-4.1\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-dev\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-ocaml\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxen-ocaml-dev\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxenstore3.0\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-docs-4.1\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-amd64\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-hypervisor-4.1-i386\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-amd64\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-system-i386\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-4.1\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-utils-common\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xenstore-utils\", ver:\"4.1.4-3+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:24:36", "bulletinFamily": "scanner", "description": "The remote host contains a version of Oracle VM VirtualBox that is prior to 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30. It is, therefore, affected by an unspecified vulnerability in the Core subcomponent", "modified": "2018-11-07T00:00:00", "id": "ORACLE_VIRTUALBOX_JUL_2015_CPU.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84799", "published": "2015-07-16T00:00:00", "title": "Oracle VM VirtualBox < 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30 Core Unspecified Vulnerability (July 2015 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{ \n script_id(84799);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/07 16:27:15\");\n\n script_cve_id(\"CVE-2015-2594\");\n\n script_name(english:\"Oracle VM VirtualBox < 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30 Core Unspecified Vulnerability (July 2015 CPU)\");\n script_summary(english:\"Performs a version check on VirtualBox.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by an\nunspecified vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host contains a version of Oracle VM VirtualBox that is\nprior to 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30. It is, therefore, affected\nby an unspecified vulnerability in the Core subcomponent\");\n # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d18c2a85\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.virtualbox.org/wiki/Changelog\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Oracle VM VirtualBox to 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30 or\nlater as referenced in the July 2015 Oracle Critical Patch Update\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-2594\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = NULL;\napps = make_list('Oracle VM VirtualBox', 'VirtualBox');\n\nforeach app (apps)\n{\n if (get_install_count(app_name:app)) break;\n else app = NULL;\n}\n\nif (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');\n \ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\n# Note int(null) returns '0'\nver_fields = split(ver, sep:'.', keep:FALSE);\nmajor = int(ver_fields[0]);\nminor = int(ver_fields[1]);\nrev = int(ver_fields[2]);\n\nfix = '';\n\n# Affected :\n# 4.0.x < 4.0.32\n# 4.1.x < 4.1.40\n# 4.2.x < 4.2.32\n# 4.3.x < 4.3.30\nif (major == 4 && minor == 0 && rev < 32) fix = '4.0.32';\nelse if (major == 4 && minor == 1 && rev < 40) fix = '4.1.40';\nelse if (major == 4 && minor == 2 && rev < 32) fix = '4.2.32';\nelse if (major == 4 && minor == 3 && rev < 30) fix = '4.3.30';\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n\nport = 0;\nif (app == 'Oracle VM VirtualBox')\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445; \n}\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:03", "bulletinFamily": "scanner", "description": "This update fixes an unspecified security issue in VirtualBox related to guests using bridged networking via WiFi. Oracle no longer provides information on specific security vulnerabilities in VirtualBox. To still support users of the already released Debian releases we've decided to update these to the respective 4.1.40 and 4.3.30 bugfix releases.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3359.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85915", "published": "2015-09-14T00:00:00", "title": "Debian DSA-3359-1 : virtualbox - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3359. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85915);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-2594\");\n script_xref(name:\"DSA\", value:\"3359\");\n\n script_name(english:\"Debian DSA-3359-1 : virtualbox - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an unspecified security issue in VirtualBox related\nto guests using bridged networking via WiFi. Oracle no longer provides\ninformation on specific security vulnerabilities in VirtualBox. To\nstill support users of the already released Debian releases we've\ndecided to update these to the respective 4.1.40 and 4.3.30 bugfix\nreleases.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/virtualbox\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/virtualbox\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3359\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the virtualbox packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.40-dfsg-1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.30-dfsg-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-dbg\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-dkms\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-fuse\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-guest-dkms\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-guest-source\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-guest-utils\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-guest-x11\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-dbg\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-dkms\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-fuse\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-guest-dkms\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-guest-source\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-guest-utils\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-guest-x11\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-qt\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-ose-source\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-qt\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"virtualbox-source\", reference:\"4.1.40-dfsg-1+deb7u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-dbg\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-dkms\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-guest-dkms\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-guest-source\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-guest-utils\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-guest-x11\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-qt\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"virtualbox-source\", reference:\"4.3.30-dfsg-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:07", "bulletinFamily": "scanner", "description": "Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-0998.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83425", "published": "2015-05-13T00:00:00", "title": "RHEL 6 : qemu-kvm (RHSA-2015:0998) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0998. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83425);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_xref(name:\"RHSA\", value:\"2015:0998\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"RHEL 6 : qemu-kvm (RHSA-2015:0998) (Venom)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides\nthe user-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's\nvirtual Floppy Disk Controller (FDC) handled FIFO buffer access while\nprocessing certain FDC commands. A privileged guest user could use\nthis flaw to crash the guest or, potentially, execute arbitrary code\non the host with the privileges of the host's QEMU process\ncorresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, shut down all running virtual machines. Once\nall virtual machines have shut down, start them again for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3456\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0998\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qemu-guest-agent-0.12.1.2-2.448.el6_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-guest-agent-0.12.1.2-2.448.el6_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.448.el6_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.448.el6_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.448.el6_6.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:16", "bulletinFamily": "scanner", "description": "KVM was updated to fix the following issues :\n\nCVE-2015-3456: A buffer overflow in the floppy drive emulation, which could be used to carry out denial of service attacks or potential code execution against the host. This vulnerability is also known as VENOM.\n\nValidate VMDK4 version field so we don't process versions we know nothing about. (bsc#834196)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-29T00:00:00", "id": "SUSE_SU-2015-0943-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83858", "published": "2015-05-27T00:00:00", "title": "SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0943-1) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0943-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83858);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/11/29 12:03:38\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_bugtraq_id(74640);\n\n script_name(english:\"SUSE SLES11 Security Update : KVM (SUSE-SU-2015:0943-1) (Venom)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"KVM was updated to fix the following issues :\n\nCVE-2015-3456: A buffer overflow in the floppy drive emulation, which\ncould be used to carry out denial of service attacks or potential code\nexecution against the host. This vulnerability is also known as VENOM.\n\nValidate VMDK4 version field so we don't process versions we know\nnothing about. (bsc#834196)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=834196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929339\"\n );\n # https://download.suse.com/patch/finder/?keywords=8fa4cd2e0df2fbbbef8a56f2725a253f\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea899b52\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3456/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150943-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c503be06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP2 LTSS :\n\nzypper in -t patch slessp2-kvm=10682\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kvm-0.15.1-0.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kvm-0.15.1-0.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KVM\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:07", "bulletinFamily": "scanner", "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue.\n\nAll kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2015-1003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83421", "published": "2015-05-13T00:00:00", "title": "CentOS 5 : kvm (CESA-2015:1003) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1003 and \n# CentOS Errata and Security Advisory 2015:1003 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83421);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_xref(name:\"RHSA\", value:\"2015:1003\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"CentOS 5 : kvm (CESA-2015:1003) (Venom)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's\nvirtual Floppy Disk Controller (FDC) handled FIFO buffer access while\nprocessing certain FDC commands. A privileged guest user could use\nthis flaw to crash the guest or, potentially, execute arbitrary code\non the host with the privileges of the host's QEMU process\ncorresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure\nin the Solution section must be performed before this update will take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-May/021139.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?344ef23e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-272.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-272.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-83-272.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-272.el5.centos\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-tools-83-272.el5.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:07", "bulletinFamily": "scanner", "description": "Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization Hypervisor 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-1000.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83427", "published": "2015-05-13T00:00:00", "title": "RHEL 7 : qemu-kvm-rhev (RHSA-2015:1000) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1000. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83427);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_bugtraq_id(74640);\n script_xref(name:\"RHSA\", value:\"2015:1000\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"RHEL 7 : qemu-kvm-rhev (RHSA-2015:1000) (Venom)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm-rhev packages that fix one security issue are now\navailable for Red Hat Enterprise Virtualization Hypervisor 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package\nprovides the user-space component for running virtual machines using\nKVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's\nvirtual Floppy Disk Controller (FDC) handled FIFO buffer access while\nprocessing certain FDC commands. A privileged guest user could use\nthis flaw to crash the guest or, potentially, execute arbitrary code\non the host with the privileges of the host's QEMU process\ncorresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3456\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcacard-devel-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcacard-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcacard-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-common-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1000\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libcacard-devel-rhev-2.1.2-23.el7_1.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libcacard-rhev-2.1.2-23.el7_1.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libcacard-tools-rhev-2.1.2-23.el7_1.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-img-rhev-2.1.2-23.el7_1.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-common-rhev-2.1.2-23.el7_1.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-2.1.2-23.el7_1.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-2.1.2-23.el7_1.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-rhev-2.1.2-23.el7_1.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libcacard-devel-rhev / libcacard-rhev / libcacard-tools-rhev / etc\");\n }\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:09", "bulletinFamily": "scanner", "description": "Jason Geffner, CrowdStrike Senior Security Researcher reports :\n\nVENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host's local network and adjacent systems.", "modified": "2018-12-19T00:00:00", "id": "FREEBSD_PKG_2780E442FC5911E4B18B6805CA1D3BB1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83510", "published": "2015-05-18T00:00:00", "title": "FreeBSD : qemu, xen and VirtualBox OSE -- possible VM escape and code execution ('VENOM') (2780e442-fc59-11e4-b18b-6805ca1d3bb1) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83510);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"FreeBSD : qemu, xen and VirtualBox OSE -- possible VM escape and code execution ('VENOM') (2780e442-fc59-11e4-b18b-6805ca1d3bb1) (Venom)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jason Geffner, CrowdStrike Senior Security Researcher reports :\n\nVENOM, CVE-2015-3456, is a security vulnerability in the virtual\nfloppy drive code used by many computer virtualization platforms. This\nvulnerability may allow an attacker to escape from the confines of an\naffected virtual machine (VM) guest and potentially obtain\ncode-execution access to the host. Absent mitigation, this VM escape\ncould open access to the host system and all other VMs running on that\nhost, potentially giving adversaries significant elevated access to\nthe host's local network and adjacent systems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200257\"\n );\n # http://venom.crowdstrike.com/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://venom.crowdstrike.com\"\n );\n # http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2bd5df81\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://xenbits.xen.org/xsa/advisory-133.html\"\n );\n # https://vuxml.freebsd.org/freebsd/2780e442-fc59-11e4-b18b-6805ca1d3bb1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28097437\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:qemu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:qemu-sbruno\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:virtualbox-ose\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"qemu<0.11.1_19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"qemu>=0.12<2.3.0_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"qemu-devel<0.11.1_19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"qemu-devel>=0.12<2.3.0_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"qemu-sbruno<2.3.50.g20150501_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"virtualbox-ose<4.3.28\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"xen-tools>=4.5.0<4.5.0_5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:09", "bulletinFamily": "scanner", "description": "- CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer memory access (bz #1221152)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-23T00:00:00", "id": "FEDORA_2015-8249.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83506", "published": "2015-05-18T00:00:00", "title": "Fedora 21 : qemu-2.1.3-7.fc21 (2015-8249) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-8249.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83506);\n script_version(\"$Revision: 2.9 $\");\n script_cvs_date(\"$Date: 2015/10/23 04:39:30 $\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_xref(name:\"FEDORA\", value:\"2015-8249\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"Fedora 21 : qemu-2.1.3-7.fc21 (2015-8249) (Venom)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2015-3456: (VENOM) fdc: out-of-bounds fifo buffer\n memory access (bz #1221152)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1218611\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2eaac898\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"qemu-2.1.3-7.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:15", "bulletinFamily": "scanner", "description": "An out-of-bounds memory access flaw, also known as 'VENOM,' was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.", "modified": "2019-01-04T00:00:00", "id": "F5_BIGIP_SOL16620.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83749", "published": "2015-05-21T00:00:00", "title": "F5 Networks BIG-IP : QEMU vulnerability (SOL16620) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL16620.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83749);\n script_version(\"2.25\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_bugtraq_id(74640);\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"F5 Networks BIG-IP : QEMU vulnerability (SOL16620) (Venom)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An out-of-bounds memory access flaw, also known as 'VENOM,' was found\nin the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO\nbuffer access while processing certain FDC commands. A privileged\nguest user could use this flaw to crash the guest or, potentially,\nexecute arbitrary code on the host with the privileges of the host's\nQEMU process corresponding to the guest.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16620\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL16620.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL16620\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.5.1HF9\",\"11.4.1HF9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.6.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.5.1HF9\",\"11.4.1HF9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.5.1HF9\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.5.1HF9\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.5.1HF9\",\"11.4.1HF9\",\"11.2.1HF15\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0HF5\",\"11.5.3HF2\",\"11.5.1HF9\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.5.1HF9\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.5.1HF9\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.6.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF5\",\"11.5.3HF2\",\"11.5.1HF9\",\"11.4.1HF9\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.1HF9\",\"10.1.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:24:07", "bulletinFamily": "scanner", "description": "Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization 3.5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-1001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83428", "published": "2015-05-13T00:00:00", "title": "RHEL 6 : qemu-kvm-rhev (RHSA-2015:1001) (Venom)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1001. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83428);\n script_version(\"2.19\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2015-3456\");\n script_bugtraq_id(74640);\n script_xref(name:\"RHSA\", value:\"2015:1001\");\n script_xref(name:\"IAVA\", value:\"2015-A-0115\");\n\n script_name(english:\"RHEL 6 : qemu-kvm-rhev (RHSA-2015:1001) (Venom)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm-rhev packages that fix one security issue are now\navailable for Red Hat Enterprise Virtualization 3.5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package\nprovides the user-space component for running virtual machines using\nKVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's\nvirtual Floppy Disk Controller (FDC) handled FIFO buffer access while\nprocessing certain FDC commands. A privileged guest user could use\nthis flaw to crash the guest or, potentially, execute arbitrary code\non the host with the privileges of the host's QEMU process\ncorresponding to the guest. (CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3456\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-rhev-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1001\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-rhev-0.12.1.2-2.448.el6_6.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-0.12.1.2-2.448.el6_6.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-debuginfo-0.12.1.2-2.448.el6_6.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-rhev-tools-0.12.1.2-2.448.el6_6.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-img-rhev / qemu-kvm-rhev / qemu-kvm-rhev-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-08-22T02:24:21", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3359-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 13, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : virtualbox\nCVE ID : CVE-2015-2594\n\nThis update fixes an unspecified security issue in VirtualBox related to\nguests using bridged networking via WiFi. Oracle no longer provides\ninformation on specific security vulnerabilities in VirtualBox. To still\nsupport users of the already released Debian releases we've decided to\nupdate these to the respective 4.1.40 and 4.3.30 bugfix releases. \n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.40-dfsg-1+deb7u1.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 4.3.30-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 4.3.30-dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.3.30-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-09-13T19:47:52", "published": "2015-09-13T19:47:52", "id": "DEBIAN:DSA-3359-1:EB718", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00258.html", "title": "[SECURITY] [DSA 3359-1] virtualbox security update", "type": "debian", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:32", "bulletinFamily": "unix", "description": "Package : qemu-kvm\nVersion : 0.12.5+dfsg-5+squeeze11\nCVE ID : CVE-2015-3456\n\nA vulnerability was discovered in the qemu virtualisation solution:\n\nCVE-2015-3456\n\n Jason Geffner discovered a buffer overflow in the emulated floppy\n disk drive, resulting in the potential execution of arbitrary code.\n\nDespite the end-of-life of qemu-kvm support in the old-oldstable\ndistribution (squeeze-lts), this problem has been fixed in version\n0.12.5+dfsg-5+squeeze11 of the qemu-kvm source package due to its\nseverity (the so-called VENOM vulnerability).\n\nFurther problems may still be present in the qemu-kvm package in the\nold-oldstable distribution (squeeze-lts) and users who need to rely on\nqemu-kvm are encouraged to upgrade to a newer version of Debian.\n\nWe recommend that you upgrade your qemu-kvm packages.\n", "modified": "2015-06-19T15:22:55", "published": "2015-06-19T15:22:55", "id": "DEBIAN:DLA-249-1:E55C5", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00015.html", "title": "[SECURITY] [DLA 249-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:57", "bulletinFamily": "unix", "description": "Package : qemu\nVersion : 0.12.5+dfsg-3squeeze4\nCVE ID : CVE-2015-3456\n\nA vulnerability was discovered in the qemu virtualisation solution:\n\nCVE-2015-3456\n\n Jason Geffner discovered a buffer overflow in the emulated floppy\n disk drive, resulting in the potential execution of arbitrary code.\n\nDespite the end-of-life of qemu support in the old-oldstable\ndistribution (squeeze-lts), this problem has been fixed in version\n0.12.5+dfsg-3squeeze4 of the qemu source package due to its severity\n(the so-called VENOM vulnerability).\n\nFurther problems may still be present in the qemu package in the\nold-oldstable distribution (squeeze-lts) and users who need to rely on\nqemu are encouraged to upgrade to a newer version of Debian.\n\nWe recommend that you upgrade your qemu packages.\n", "modified": "2015-06-19T15:08:40", "published": "2015-06-19T15:08:40", "id": "DEBIAN:DLA-248-1:043FE", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201506/msg00014.html", "title": "[SECURITY] [DLA 248-1] qemu security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:31", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.\n", "modified": "2018-06-07T08:59:40", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:1001", "href": "https://access.redhat.com/errata/RHSA-2015:1001", "type": "redhat", "title": "(RHSA-2015:1001) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:08", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.", "modified": "2018-04-25T17:05:55", "published": "2015-05-13T14:57:32", "id": "RHSA-2015:1000", "href": "https://access.redhat.com/errata/RHSA-2015:1000", "type": "redhat", "title": "(RHSA-2015:1000) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:05", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the\nuser-space component for running virtual machines using KVM in environments\nmanaged by Red Hat Enterprise Linux OpenStack Platform.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm-rhev users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take effect.\n", "modified": "2018-06-07T02:47:59", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:1004", "href": "https://access.redhat.com/errata/RHSA-2015:1004", "type": "redhat", "title": "(RHSA-2015:1004) Important: qemu-kvm-rhev security update", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:15", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect.\n", "modified": "2017-09-08T12:04:45", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:1003", "href": "https://access.redhat.com/errata/RHSA-2015:1003", "type": "redhat", "title": "(RHSA-2015:1003) Important: kvm security update", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:40", "bulletinFamily": "unix", "description": "The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package.\n", "modified": "2018-06-07T08:59:44", "published": "2015-05-15T04:00:00", "id": "RHSA-2015:1011", "href": "https://access.redhat.com/errata/RHSA-2015:1011", "type": "redhat", "title": "(RHSA-2015:1011) Important: rhev-hypervisor security update", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:45", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-06-06T20:24:19", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:0998", "href": "https://access.redhat.com/errata/RHSA-2015:0998", "type": "redhat", "title": "(RHSA-2015:0998) Important: qemu-kvm security update", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:50", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-04-12T03:32:47", "published": "2015-05-13T04:00:00", "id": "RHSA-2015:0999", "href": "https://access.redhat.com/errata/RHSA-2015:0999", "type": "redhat", "title": "(RHSA-2015:0999) Important: qemu-kvm security update", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:52", "bulletinFamily": "info", "description": "Oracle, whose virtualization software VirtualBox is among those affected by the [VENOM vulnerability](<https://threatpost.com/venom-flaw-in-virtualization-software-could-lead-to-vm-escapes-data-theft/112772>), on Saturday joined the litany of VM providers that have [patched](<http://www.oracle.com/technetwork/topics/security/venom-cve-2015-3456-2542653.html>) the bug.\n\nOracle was one of the first vendors notified by [Crowdstrike](<http://venom.crowdstrike.com/>), whose researcher Jason Geffner found the bug and disclosed it privately April 30 to the Oracle security mailing list, the QEMU and Xen security mailing lists, as well as the Operating System Distribution Security list. Yet Oracle is last among those to provide a fix.\n\nVENOM, which is short for Virtualized Environment Neglected Operations Manipulation, was disclosed last Wednesday. The vulnerability can be exploited in targeted attacks against virtual machines to [escape guest virtual instances and attack the host](<https://threatpost.com/several-factors-mitigate-venoms-utility-for-attackers/112841>). Experts have said that since the vulnerability would require an attacker to be authenticated to a virtual machine in order to carry out an exploit, serious risks are mitigated. The bug, for example, cannot be attacked at any kind of scale, and as of today, there has been only [one publicly reported exploit](<http://www.openwall.com/lists/oss-security/2015/05/13/29>), developed by researcher Marcus Meissner of SUSE Linux.\n\nAlso mitigating the risk is the fact that [VMware](<http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2117469>), Microsoft and Bochs hypervisors are immune to VENOM; KVM and Xen, both of which have been patched, were the highest profile hypervisors vulnerable to the flaw.\n\nVENOM lives in the virtual floppy disk controller component of QEMU, an open-source virtualization package. XEN, KVM and other virtualization platforms run QEMU, and hosting providers who run on these platforms were advised to patch quickly. The FDC inside of QEMU contains a buffer overflow issue that Meissner\u2019s exploit uses to crash an unpatched instance of the software. While it\u2019s possible to gain remote code execution, Meissner and others said this would be challenging for an attacker.\n\n\u201cTo trigger the condition of the exploit is easy, however the attacker needs to have root-level privileges on the guest machine,\u201d Meissner said. \u201cFrom this to gaining code execution needs knowledge of the memory layout of the QEMU process running. Without address space randomization this could be more or less easy, but I have not researched this.\u201d\n\nOracle said VirtualBox 3.2, 4.0, 4.1, 4.2, and 4.3 prior to 4.3.28 are affected by VENOM, as are Oracle VM 2.2, 3.2 and 3.3, and Oracle Linux 5, 6 and 7.\n\nAs for Oracle Cloud, the company said it continues to investigate and develop patches for affected services. Oracle provides several contacts for customers of its respective services in its advisory.\n\n\u201cThe Oracle Cloud teams are evaluating these fixes as they become available and will be applying the relevant patches in accordance with applicable change management processes,\u201d Oracle said in its advisory.\n\nIn a separate [notice](<http://www.oracle.com/technetwork/topics/security/venom-cve-2015-3456-2542653.html>) from last week, Oracle said Oracle Database Appliance, Oracle Exadata Database Machine, Oracle Exalogic Elastic Cloud and Oracle Exalytics In-Memory Machine all run QEMU and are potentially vulnerable to VENOM. None, however, were patched in this round of fixes.\n", "modified": "2015-05-19T18:47:12", "published": "2015-05-18T10:49:00", "id": "THREATPOST:5EDDCDBEF4B9D7627ECE4678092415C6", "href": "https://threatpost.com/oracle-patches-venom-vulnerability/112868/", "type": "threatpost", "title": "Oracle Patches VENOM Vulnerability", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "unix", "description": "[kvm-83-272.0.1.el5]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[kvm-83.272.el5]\n- kvm-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch [bz#1219266]\n- Resolves: bz#1219266\n (kvm: qemu: floppy disk controller flaw [rhel-5.11.z])", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-1003", "href": "http://linux.oracle.com/errata/ELSA-2015-1003.html", "title": "kvm security update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:42", "bulletinFamily": "unix", "description": "[3.0.3-146.el5]\n- xen-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch\n- xen-FDC-Fix-buffer-overflow-Herv-Poussineau.patch\n- Resolves: bz#1219333\n (xen: qemu: floppy disk controller flaw [rhel-5.11.z])\n[3.0.3-144.el5]\n- xm: Fix vcpu-pin complain for CPU number out of range (rhbz 955656)\n- libxc: Support set affinity for more than 64 CPUS (rhbz 955656)\n- libxc: Fixes for 'support affinity for more than 64 CPUS' (rhbz 955656)\n- xend: Fix bug of a cpu affinity vcpu-pin under ia32pa (rhbz 955656)\n- libxc: Fix cpu number overflow for vcpu-pin (rhbz 955656)\n[3.0.3-143.el5]\n- libxc: move error checking next to the function which returned the error (rhbz 870413)\n- libxc: builder: limit maximum size of kernel/ramdisk (rhbz 870413)\n- e1000: discard packets that are too long if !SBP and !LPE (rhbz 910844)\n- e1000: discard oversized packets based on SBP|LPE (rhbz 910844)", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-1002", "href": "http://linux.oracle.com/errata/ELSA-2015-1002.html", "title": "xen security update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:12", "bulletinFamily": "unix", "description": "[0.12.1.2-2.448.el6_6.3]\n- kvm-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch [bz#1219267]\n- Resolves: bz#1219267\n (EMBARGOED CVE-2015-3456 qemu-kvm: qemu: floppy disk controller flaw [rhel-6.6.z])", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-0998", "href": "http://linux.oracle.com/errata/ELSA-2015-0998.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:48", "bulletinFamily": "unix", "description": "[1.5.3-86.el7_1.2]\n- kvm-fdc-force-the-fifo-access-to-be-in-bounds-of-the-all.patch [bz#1219269]\n- Resolves: bz#1219269\n (EMBARGOED CVE-2015-3456 qemu-kvm: qemu: floppy disk controller flaw [rhel-7.1.z])", "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "ELSA-2015-0999", "href": "http://linux.oracle.com/errata/ELSA-2015-0999.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:30:36", "bulletinFamily": "unix", "description": "qemu was updated to fix a security issue:\n\n * CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation,\n which could be used to denial of service attacks or potential code\n execution against the host.\n\n", "modified": "2015-05-18T14:05:11", "published": "2015-05-18T14:05:11", "id": "OPENSUSE-SU-2015:0894-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:43:03", "bulletinFamily": "unix", "description": "Xen was updated to fix a buffer overflow in the floppy drive emulation,\n which could be used to carry out denial of service attacks or potential\n code execution against the host. This vulnerability is also known as\n VENOM. (CVE-2015-3456)\n\n Security Issues:\n\n * CVE-2015-3456\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456</a>>\n\n\n", "modified": "2015-05-26T14:06:51", "published": "2015-05-26T14:06:51", "id": "SUSE-SU-2015:0889-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00023.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:39:29", "bulletinFamily": "unix", "description": "Qemu was updated to v2.1.3: See <a rel=\"nofollow\" href=\"http://wiki.qemu-project.org/ChangeLog/2.1\">http://wiki.qemu-project.org/ChangeLog/2.1</a>\n for more information.\n\n This update includes a security fix:\n * CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation,\n which could be used to denial of service attacks or potential code\n execution against the host.\n\n", "modified": "2015-05-18T14:04:51", "published": "2015-05-18T14:04:51", "id": "OPENSUSE-SU-2015:0893-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html", "type": "suse", "title": "Security update for qemu (important)", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:39", "bulletinFamily": "unix", "description": "KVM was updated to fix the following issues:\n\n * CVE-2015-3456: A buffer overflow in the floppy drive emulation,\n which could be used to carry out denial of service attacks or\n potential code execution against the host. This vulnerability is\n also known as VENOM.\n * Validate VMDK4 version field so we don't process versions we know\n nothing about. (bsc#834196)\n\n Security Issues:\n\n * CVE-2015-3456\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456</a>>\n\n", "modified": "2015-05-26T14:07:13", "published": "2015-05-26T14:07:13", "id": "SUSE-SU-2015:0943-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00024.html", "type": "suse", "title": "Security update for KVM (important)", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-05-29T18:33:49", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0998\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-May/021136.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0998.html", "modified": "2015-05-13T15:37:07", "published": "2015-05-13T15:37:07", "href": "http://lists.centos.org/pipermail/centos-announce/2015-May/021136.html", "id": "CESA-2015:0998", "title": "qemu security update", "type": "centos", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1002\n\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, all running fully-virtualized guests must be restarted\nfor this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-May/021135.html\n\n**Affected packages:**\nxen\nxen-devel\nxen-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1002.html", "modified": "2015-05-13T15:16:55", "published": "2015-05-13T15:16:55", "href": "http://lists.centos.org/pipermail/centos-announce/2015-May/021135.html", "id": "CESA-2015:1002", "title": "xen security update", "type": "centos", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:15", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0999\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM.\n\nAn out-of-bounds memory access flaw was found in the way QEMU's virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest.\n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue.\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-May/021137.html\n\n**Affected packages:**\nlibcacard\nlibcacard-devel\nlibcacard-tools\nqemu-img\nqemu-kvm\nqemu-kvm-common\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0999.html", "modified": "2015-05-13T16:57:36", "published": "2015-05-13T16:57:36", "href": "http://lists.centos.org/pipermail/centos-announce/2015-May/021137.html", "id": "CESA-2015:0999", "title": "libcacard, qemu security update", "type": "centos", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "huawei": [{"lastseen": "2019-02-01T18:01:50", "bulletinFamily": "software", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "modified": "2015-06-29T00:00:00", "published": "2015-06-09T00:00:00", "id": "HUAWEI-SA-20150609-01-VENOM", "href": "https://www.huawei.com/en/psirt/security-advisories/2015/hw-438937", "title": "Security Advisory - VENOM Vulnerability in Huawei Products", "type": "huawei", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "xen": [{"lastseen": "2016-04-01T21:57:16", "bulletinFamily": "software", "description": "#### ISSUE DESCRIPTION\nThe code in qemu which emulates a floppy disk controller did not correctly bounds check accesses to an array and therefore was vulnerable to a buffer overflow attack.\n#### IMPACT\nA guest which has access to an emulated floppy device can exploit this vulnerability to take over the qemu process elevating its privilege to that of the qemu process.\n#### VULNERABLE SYSTEMS\nAll Xen systems running x86 HVM guests without stubdomains are vulnerable to this depending on the specific guest configuration. The default configuration is vulnerable.\nGuests using either the traditional "qemu-xen" or upstream qemu device models are vulnerable.\nGuests using a qemu-dm stubdomain to run the device model are only vulnerable to takeover of that service domain.\nSystems running only x86 PV guests are not vulnerable.\nARM systems are not vulnerable.\n", "modified": "2015-05-13T11:15:00", "published": "2015-05-13T11:15:00", "id": "XSA-133", "href": "http://xenbits.xen.org/xsa/advisory-133.html", "type": "xen", "title": "Privilege escalation via emulated floppy disk drive", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T09:17:29", "bulletinFamily": "info", "description": "[](<https://4.bp.blogspot.com/-v6lXMdGjJrM/VVS9GudB5vI/AAAAAAAAi7Y/6L81WEvdn0k/s1600/venom-virtualisation-vulnerability.jpg>)\n\nJust after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords.\n\n \n\n\nBut don\u2019t panic. Though the recent vulnerability has a more terrific name than **[HeartBleed](<https://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html>)**, it is not going to cause as much danger as HeartBleed did.\n\n \n\n\nDubbed **_[VENOM](<http://venom.crowdstrike.com/>)_**, stands for **_Virtualized Environment Neglected Operations Manipulation_**, is a virtual machine security flaw uncovered by security firm CrowdStrike that could expose most of the data centers to malware attacks, but in theory.\n\n \n\n\nYes, the risk of Venom vulnerability is theoretical as there is no real-time exploitation seen yet, while, on the other hand, last year\u2019s HeartBleed bug was practically exploited by hackers unknown number of times, leading to the theft of critical personal information.\n\n \n\n\n### Now let\u2019s know more about Venom:\n\n \n\n\nVenom (**_CVE-2015-3456_**) resides in the virtual floppy drive code used by a several number of computer virtualization platforms that if exploited\u2026\n\n \n\n\n...could allow an attacker to escape from a guest 'virtual machine' (VM) and gain full control of the operating system hosting them, as well as any other guest VMs running on the same host machine.\n\n \n\n\nAccording to CrowdStrike, this roughly decade-old bug was discovered in the open-source virtualization package QEMU, affecting its Virtual Floppy Disk Controller (FDC) that is being used in many modern virtualization platforms and appliances, including Xen, KVM, Oracle's VirtualBox, and the native QEMU client.\n\n \n\n\nJason Geffner, a senior security researcher at CrowdStrike who discovered the flaw, warned that the vulnerability affects all the versions of QEMU dated back to 2004, when the virtual floppy controller was introduced at the very first.\n\n \n\n\nHowever, Geffner also added that so far, there is no known exploit that could successfully exploit the vulnerability. Venom is critical and disturbing enough to be considered a high-priority bug.\n\n \n\n\n### **Successful exploitation of Venom required:**\n\nFor successful exploitation, an attacker sitting on the guest virtual machine would need sufficient permissions to get access to the floppy disk controller I/O ports.\n\n \n\n\nWhen considering on Linux guest machine, an attacker would need to have either root access or elevated privilege. However on Windows guest, practically anyone would have sufficient permissions to access the FDC.\n\n \n\n\nHowever, comparing Venom with Heartbleed is something of no comparison. Where HeartBleed allowed hackers to probe Millions of systems, Venom bug simply would not be exploitable at the same scale.\n\n \n\n\nFlaws like Venom are typically used in a highly targeted attack such as corporate espionage, cyber warfare or other targeted attacks of these kinds.\n\n \n\n\n### Did venom poison Clouds Services?\n\n \n\n\nPotentially more concerning are most of the large cloud providers, including Amazon, Oracle, Citrix, and Rackspace, which rely heavily on QEMU-based virtualization are vulnerable to Venom.\n\n \n\n\nHowever, the good news is that most of them have resolved the issue, assuring that their customers needn't worry.\n\n> \"_There is no risk to AWS customer data or instances_,\" Amazon Web Services said in a [statement](<https://aws.amazon.com/security/security-bulletins/XSA_Security_Advisory_CVE_2015_3456/>).\n\nRackspace also said the flaw does affect a portion of its Cloud Servers, but assured its customers that it has \"_applied the appropriate patch to our infrastructure and are working with customers to remediate fully this vulnerability._\"\n\n \n\n\nAzure cloud service by Microsoft, on the other hand, uses its homemade virtualization hypervisor technology, and, therefore, its customers are not affected by Venom bug.\n\n \n\n\nMeanwhile, Google also assured that its Cloud Service Platform does not use the vulnerable software, thus was never vulnerable to Venom.\n\n \n\n\n### **Patch Now! Prevent yourself**\n\n \n\n\nBoth Xen and QEMU have rolled out [patches for Venom](<http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c>). If you're running an earlier version of Xen or QEMU, [upgrade and apply the patch](<https://xenbits.xen.org/xsa/advisory-133.html>).\n\n \n\n\nNote: All versions of [Red Hat Enterprise Linux](<https://access.redhat.com/articles/1444903>), which includes QEMU, are vulnerable to Venom. Red Hat recommend its users to update their system using the commands, \"_yum update_\" or \"_yum update qemu-kvm._\"\n\n \n\n\nOnce done, you must \"power off\" all your guests Virtual Machines for the update to take place, and then restart it to be on the safer side. But remember, only restarting without power off the guest operating system is not enough for the administrators because it would still use the old QEMU binary.\n", "modified": "2015-05-14T16:32:59", "published": "2015-05-14T05:32:00", "id": "THN:7BD85D2AA21CA4E7244B437A1836EBFC", "href": "https://thehackernews.com/2015/05/venom-vulnerability.html", "type": "thn", "title": "Venom Vulnerability Exposes Most Data Centers to Cyber Attacks", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "myhack58": [{"lastseen": "2016-10-28T18:37:31", "bulletinFamily": "info", "description": "! [](/Article/UploadPic/2015-5/201551503620824.jpg) \nCrowdStrike, the company security researchers said that a named\u201cvenom\uff08VENOM\u201dQEMU could allow millions of virtual machines in a cyber-attack risk, the vulnerability can cause the virtual machine to escape, the threat to the world's largest cloud service provider's data security. QEMU is an instruction-level simulator of free software, is widely used in various GNU/Linux distributions. \nThe vulnerability principle \nThis is called the venom\uff08VENOM, numbered CVE-2 0 1 5-3 4 5 6 security vulnerability threatens entire security industry, can cause the virtual machine to escape. QEMU is an instruction-level simulator of free software, is widely used in various GNU/Linux distributions, including Debian, Gentoo, SUSE, RedHat, CentOS, etc. \nVENOM vulnerability by CrowdStrike senior security researcher Jason Geffner found, he explained that an attacker can use the vulnerability to hazards of the data center network of any one machine, and millions of virtual machines are vulnerable to exploitation of this vulnerability. Geffner in a blog post said: \n\u201cVENOM\uff08CVE-2 0 1 5-3 4 5 6 a present in the virtual floppy drives the FDC code for the security vulnerability, the code exists in many computer virtualization platform. The vulnerability may allow an attacker from the infected virtual machine to get a guest limit, and it is possible to get the host code execution permissions. In addition, an attacker also can use it to access the host system and running on the host all virtual machines, and be able to enhance the important access, so that the attacker can access the host in the local network and the neighbor system.\u201d \nClient[operating system](<http://www.myhack58.com/Article/48/Article_048_1.htm>)by the wanted to FDC input and output port to send to search, read, write, format and other instructions with the FDC to communicate. QEMU virtual FDC using a fixed-size buffer to store the instruction and its associated data parameters. FDC track and is expected of each instruction how much data, in the instruction of all the expected data reception is completed, the FDC will execute the next instruction and clear the buffer for the next instruction. \nAfter processing all of the FDC instruction in addition to the two defined command, it will immediately reset the buffer. The attacker can be from the client system sends these instructions and elaborate the parameters of the data to the FDC, so that overflow of the data buffer, and the host of the monitoring program the process environment in the execution of arbitrary code. \n! [](/Article/UploadPic/2015-5/2 0 1 5 5 1 5 0 3 6 2 3 1 3 7. png) \nVulnerability \nVENOM is a\u201cvirtual environment is the neglect of the business operations\u201dof the abbreviation, which is capable of affecting QEMU floppy disk controller driver vulnerabilities, QEMU is used to manage the virtual machine open-source PC simulator. The attacker can be from the client system to send commands and crafting of the parameter data to the floppy disk controller, in order to cause the data to a buffer overflow, and in the host management program the process environment in the execution of arbitrary code. \nVENOM is very dangerous, because if to be able to exploit the vulnerability, it will affect the world within the scope of a large number of virtualization platform, and its running condition is very simple, need only in the default configuration of the virtual machine can be, the most important is, it can execute arbitrary code. The expert explained that the VENOM will be able to impact thousands of institutions and millions of end users. The attacker can make the monitoring program to crash, and be able to get the target machine and on which all the virtual machines running control. \nGeffner explains: \n\u201cThe use of VENOM vulnerabilities can expose corporate intellectual property access, in addition to sensitive data and personal identity information, may also affect thousands of relevant agencies and millions of end-users, these organizations and users rely on the affected virtual machine to allocate shared computing resources, connectivity, storage, security and privacy services.\u201d \nThe vulnerability exists in the QEMU virtual floppy Controller FDC, and FDC codes used in many virtualization platforms and devices, especially Xen, KVM as well as the local QEMU client. However, VMware, Microsoft hyper-V and Bochs management program is not affected by the vulnerability. \n! [](/Article/UploadPic/2015-5/201551503623457.jpg) \nVulnerability POC \n#include /io. h> \n#define FIFO 0x3f5 \nint main() { \nint i; \niopl(3); \noutb(0x0a,0x3f5); /* READ ID */ \nfor (i=0;i \nSafety recommendations \nIf you manage a run Xen, KVM or a local QEMU client system, we recommend that you review and apply the latest vulnerability patches. \nIf you're using a provider's service or equipment affected by this vulnerability, it is recommended that you as soon as possible contact the supplier of the support group and consult the product whether it has fixed this vulnerability or whether the release of vulnerability patches. \nReference: published patch the provider \nQEMU: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c \nXen Project: http://xenbits.xen.org/xsa/advisory-133.html \nRed Hat: https://access.redhat.com/articles/1444903 \nCitrix: http://support.citrix.com/Article/CTX201078 \nFireEye: https://www.fireeye.com/content/dam/fireeye-www/support/pdfs/fireeye-venom-vulnerability.pdf \nLinode: https://blog.linode.com/2015/05/13/venom-cve-2015-3456-vulnerability-and-linode/ \nRackspace: https://community.rackspace.com/general/f/53/t/5187 \nUbuntu: http://www.ubuntu.com/usn/usn-2608-1/ \nDebian: https://security-tracker.debian.org/tracker/CVE-2015-3456 \nSuse: https://www.suse.com/support/kb/doc.php?id=7016497 \nDigitalOcean: https://www.digitalocean.com/company/blog/update-on-CVE-2015-3456/ \nf5: https://support.f5.com/kb/en-us/solutions/public/16000/600/sol16620.html \n\n", "modified": "2015-05-15T00:00:00", "published": "2015-05-15T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2015/62439.htm", "id": "MYHACK58:62201562439", "type": "myhack58", "title": "Vulnerability warning:\u201cvenom\uff08VENOM\u201dthe vulnerability affects millions worldwide virtual machine security-vulnerability warning-the black bar safety net", "cvss": {"score": 7.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
