Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2015-0026.NASL
HistoryMar 09, 2015 - 12:00 a.m.

OracleVM 3.3 : xen (OVMSA-2015-0026)

2015-03-0900:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

  • pre-fill structures for certain HYPERVISOR_xen_version sub-ops … avoiding to pass hypervisor stack contents back to the caller through space unused by the respective strings. This is XSA-122. (CVE-2015-2045)

  • x86/HVM: return all ones on wrong-sized reads of system device I/O ports So far the value presented to the guest remained uninitialized. This is XSA-121. (CVE-2015-2044)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2015-0026.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81694);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2015-2044", "CVE-2015-2045");
  script_bugtraq_id(72954, 72955);

  script_name(english:"OracleVM 3.3 : xen (OVMSA-2015-0026)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - pre-fill structures for certain HYPERVISOR_xen_version
    sub-ops ... avoiding to pass hypervisor stack contents
    back to the caller through space unused by the
    respective strings. This is XSA-122. (CVE-2015-2045)

  - x86/HVM: return all ones on wrong-sized reads of system
    device I/O ports So far the value presented to the guest
    remained uninitialized. This is XSA-121. (CVE-2015-2044)"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2015-March/000278.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?743044c2"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xen / xen-tools packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.3", reference:"xen-4.3.0-55.el6.22.11")) flag++;
if (rpm_check(release:"OVS3.3", reference:"xen-tools-4.3.0-55.el6.22.11")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-tools");
}
VendorProductVersionCPE
oraclevmxenp-cpe:/a:oracle:vm:xen
oraclevmxen-toolsp-cpe:/a:oracle:vm:xen-tools
oraclevm_server3.3cpe:/o:oracle:vm_server:3.3

Related

nessus 20
citrix 1
securityvulns 2
osv 1
debian 1
openvas 25
xen 2
freebsd 2
debiancve 2
ubuntucve 2
prion 2
cvelist 2
cve 2
huawei 1
suse 3
fedora 13
gentoo 1
mageia 1
nessus
nessus
OracleVM 2.2 : xen (OVMSA-2015-0027)
2015-03-09 00:00:00
Debian DSA-3181-1 : xen - security update
2015-03-11 00:00:00
SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0745-1)
2015-05-20 00:00:00
citrix
citrix
Citrix XenServer Multiple Security Updates
2015-03-02 04:00:00
securityvulns
securityvulns
Xen multiple security vulnerabilities
2015-03-15 00:00:00
[SECURITY] [DSA 3181-1] xen security update
2015-03-15 00:00:00
osv
osv
xen - security update
2015-03-10 00:00:00
debian
debian
[SECURITY] [DSA 3181-1] xen security update
2015-03-10 20:40:36
openvas
openvas
Debian: Security Advisory (DSA-3181-1)
2015-03-09 00:00:00
Debian Security Advisory DSA 3181-1 (xen - security update)
2015-03-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0746-1)
2021-06-09 00:00:00
xen
xen
Information leak through version information hypercall
2015-03-05 12:00:00
Information leak via internal x86 system device emulation
2015-03-05 12:00:00
freebsd
freebsd
xen-kernel -- Information leak through version information hypercall
2015-03-05 00:00:00
xen-kernel -- Information leak via internal x86 system device emulation
2015-03-05 00:00:00
debiancve
debiancve
CVE-2015-2045
2015-03-12 14:59:00
CVE-2015-2044
2015-03-12 14:59:00
ubuntucve
ubuntucve
CVE-2015-2045
2015-03-12 00:00:00
CVE-2015-2044
2015-03-12 00:00:00
prion
prion
Information disclosure
2015-03-12 14:59:00
Design/Logic Flaw
2015-03-12 14:59:00
cvelist
cvelist
CVE-2015-2044
2015-03-12 14:00:00
CVE-2015-2045
2015-03-12 14:00:00
cve
cve
CVE-2015-2045
2015-03-12 14:59:00
CVE-2015-2044
2015-03-12 14:59:00
huawei
huawei
Security Advisory - Xen Vulnerabilities on Huawei FusionSphere products
2015-04-10 00:00:00
suse
suse
Security update for xen (important)
2015-04-20 16:04:56
Security update for Xen (important)
2015-03-27 10:04:56
Security update for xen (important)
2015-06-22 12:04:52
fedora
fedora
[SECURITY] Fedora 21 Update: xen-4.4.1-16.fc21
2015-03-23 07:10:24
[SECURITY] Fedora 21 Update: xen-4.4.2-2.fc21
2015-04-11 09:04:58
[SECURITY] Fedora 21 Update: xen-4.4.2-3.fc21
2015-05-02 18:04:27
gentoo
gentoo
Xen: Multiple vulnerabilities
2015-04-11 00:00:00
mageia
mageia
Updated xen packages fix security vulnerabilities
2016-03-07 14:20:30
JSON
Related for ORACLEVM_OVMSA-2015-0026.NASL
nessus20citrix1securityvulns2osv1debian1openvas25xen2freebsd2debiancve2ubuntucve2prion2cvelist2cve2huawei1suse3fedora13gentoo1mageia1