Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2019-4520.NASL
HistorySep 07, 2023 - 12:00 a.m.

Oracle Linux 7 : qemu (ELSA-2019-4520)

2023-09-0700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
JSON

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4520 advisory.

  • In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. (CVE-2018-18849)

  • An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
    (CVE-2018-16847)

  • hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. (CVE-2018-19364)

  • v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. (CVE-2018-19489)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-4520.
##

include('compat.inc');

if (description)
{
  script_id(180717);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");

  script_cve_id(
    "CVE-2018-16847",
    "CVE-2018-18849",
    "CVE-2018-19364",
    "CVE-2018-19489"
  );

  script_name(english:"Oracle Linux 7 : qemu (ELSA-2019-4520)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2019-4520 advisory.

  - In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid
    msg_len value. (CVE-2018-18849)

  - An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could
    occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU
    process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
    (CVE-2018-16847)

  - hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second
    thread, leading to (for example) a use-after-free outcome. (CVE-2018-19364)

  - v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a
    race condition during file renaming. (CVE-2018-19489)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2019-4520.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16847");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-block-gluster");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-block-iscsi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-block-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-img");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-kvm-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-system-x86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-system-x86-core");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
if ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);

var pkgs = [
    {'reference':'qemu-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'},
    {'reference':'qemu-block-gluster-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'},
    {'reference':'qemu-block-iscsi-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'},
    {'reference':'qemu-block-rbd-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'},
    {'reference':'qemu-common-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'},
    {'reference':'qemu-img-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'},
    {'reference':'qemu-kvm-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'},
    {'reference':'qemu-kvm-core-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'},
    {'reference':'qemu-system-x86-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'},
    {'reference':'qemu-system-x86-core-2.9.0-19.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'12'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release) {
    if (exists_check) {
        if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu / qemu-block-gluster / qemu-block-iscsi / etc');
}
VendorProductVersionCPE
oraclelinux7cpe:/o:oracle:linux:7
oraclelinuxqemup-cpe:/a:oracle:linux:qemu
oraclelinuxqemu-block-glusterp-cpe:/a:oracle:linux:qemu-block-gluster
oraclelinuxqemu-block-iscsip-cpe:/a:oracle:linux:qemu-block-iscsi
oraclelinuxqemu-block-rbdp-cpe:/a:oracle:linux:qemu-block-rbd
oraclelinuxqemu-commonp-cpe:/a:oracle:linux:qemu-common
oraclelinuxqemu-imgp-cpe:/a:oracle:linux:qemu-img
oraclelinuxqemu-kvmp-cpe:/a:oracle:linux:qemu-kvm
oraclelinuxqemu-kvm-corep-cpe:/a:oracle:linux:qemu-kvm-core
oraclelinuxqemu-system-x86p-cpe:/a:oracle:linux:qemu-system-x86
Rows per page:
1-10 of 111

Related

oraclelinux 6
nessus 44
osv 7
openvas 45
debian 3
prion 4
suse 6
redhatcve 4
ubuntucve 4
debiancve 4
cve 4
veracode 3
ubuntu 2
fedora 4
oraclelinux
oraclelinux
qemu security update
2019-01-28 00:00:00
qemu security update
2018-12-21 00:00:00
qemu security update
2018-12-21 00:00:00
nessus
nessus
Debian DLA-1646-1 : qemu security update
2019-01-30 00:00:00
SUSE SLES11 Security Update : kvm (SUSE-SU-2019:13962-1)
2019-02-19 00:00:00
SUSE SLES12 Security Update : qemu (SUSE-SU-2019:0457-1)
2019-02-22 00:00:00
osv
osv
qemu - security update
2019-01-29 00:00:00
CVE-2018-16847
2018-11-02 22:29:00
CVE-2018-19489
2018-12-13 19:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:13962-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0457-1)
2021-04-19 00:00:00
Debian: Security Advisory (DLA-1646-1)
2019-01-29 00:00:00
debian
debian
[SECURITY] [DLA 1646-1] qemu security update
2019-01-29 17:32:19
[SECURITY] [DSA 4454-1] qemu security update
2019-05-30 18:06:19
[SECURITY] [DLA 1781-1] qemu security update
2019-05-09 18:42:13
prion
prion
Heap overflow
2018-11-02 22:29:00
Design/Logic Flaw
2018-12-13 19:29:00
Race condition
2018-12-13 19:29:00
suse
suse
Security update for qemu (important)
2019-02-27 00:00:00
Security update for qemu (important)
2018-12-15 12:09:23
Security update for qemu (important)
2018-12-07 12:23:09
redhatcve
redhatcve
CVE-2018-16847
2020-01-21 15:42:22
CVE-2018-19364
2020-04-08 21:46:53
CVE-2018-19489
2020-03-29 13:56:43
ubuntucve
ubuntucve
CVE-2018-16847
2018-11-02 00:00:00
CVE-2018-19489
2018-12-13 00:00:00
CVE-2018-18849
2018-11-02 00:00:00
debiancve
debiancve
CVE-2018-16847
2018-11-02 22:29:00
CVE-2018-19364
2018-12-13 19:29:00
CVE-2018-19489
2018-12-13 19:29:00
cve
cve
CVE-2018-16847
2018-11-02 22:29:00
CVE-2018-19489
2018-12-13 19:29:00
CVE-2018-19364
2018-12-13 19:29:00
veracode
veracode
Use-After-Free
2020-09-21 06:24:21
Denial Of Service (DoS)
2020-09-21 06:28:09
Out Of Bound Access
2020-09-21 06:21:22
ubuntu
ubuntu
QEMU vulnerabilities
2018-11-26 00:00:00
QEMU vulnerabilities
2019-03-27 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29
2019-03-25 06:10:52
[SECURITY] Fedora 29 Update: qemu-3.0.1-3.fc29
2019-05-17 03:18:08
[SECURITY] Fedora 29 Update: qemu-3.0.1-4.fc29
2019-07-09 02:25:09
JSON
Related for ORACLELINUX_ELSA-2019-4520.NASL
oraclelinux6nessus44osv7openvas45debian3prion4suse6redhatcve4ubuntucve4debiancve4cve4veracode3ubuntu2fedora4