Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2017-0176.NASL
HistoryDec 14, 2017 - 12:00 a.m.

OracleVM 3.4 : xen (OVMSA-2017-0176)

2017-12-1400:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

  • BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  • BUILDINFO: xen commit=b90f0a4fa66aea67e743c393ba307612a2fec379

  • BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  • BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  • BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  • BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  • p2m: Check return value of p2m_set_entry when decreasing reservation (George Dunlap) [Orabug: 27216264] (CVE-2017-17045)

  • p2m: Always check to see if removing a p2m entry actually worked (George Dunlap) [Orabug: 27216264] (CVE-2017-17045)

  • x86/pod: prevent infinite loop when shattering large pages (Julien Grall) [Orabug: 27216261] (CVE-2017-17044)

  • xen/physmap: Do not permit a guest to populate PoD pages for itself (Elena Ufimtseva) [Orabug: 27216261] (CVE-2017-17044)

  • xend/pxm: Include pxm in XenStore when hotplugging PCI devices (Konrad Rzeszutek Wilk) [Orabug: 27206706]

  • BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  • BUILDINFO: xen commit=2f4972e50ebd2a470b19bfdb1fc6ce91e77614e0

  • BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  • BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  • BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  • BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  • vNUMA: assign vcpus to nodes by interleaving (Elena Ufimtseva)

  • BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  • BUILDINFO: xen commit=c9c2df2dc87e18c9dcf584aedf859ab50b62883a

  • BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  • BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  • BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  • BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  • vNUMA: disable vNUMA if fail to find vcpus for pinning (Elena Ufimtseva) [Orabug: 27091931]

  • BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  • BUILDINFO: xen commit=fe4d54f49f8cf07f9e9d8077b7c85d287fb5c90c

  • BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  • BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  • BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  • BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  • x86/shadow: correct SH_LINEAR mapping detection in sh_guess_wrmap (Andrew Cooper) [Orabug: 27148184] (CVE-2017-15592) (CVE-2017-15592)

  • x86: don’t wrongly trigger linear page table assertion (Jan Beulich) [Orabug: 27148179] (CVE-2017-15595)

  • BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  • BUILDINFO: xen commit=b67a2d04c74002cceabfa76612a27fd1cf3f2b29

  • BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  • BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  • BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  • BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  • vNUMA: fix cpus assignment in manual vNUMA mode. (Elena Ufimtseva)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2017-0176.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(105249);
  script_version("3.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2017-15592", "CVE-2017-15595", "CVE-2017-17044", "CVE-2017-17045");

  script_name(english:"OracleVM 3.4 : xen (OVMSA-2017-0176)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - BUILDINFO: OVMF
    commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen
    commit=b90f0a4fa66aea67e743c393ba307612a2fec379

  - BUILDINFO: QEMU upstream
    commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional
    commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE
    commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS
    commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - p2m: Check return value of p2m_set_entry when decreasing
    reservation (George Dunlap) [Orabug: 27216264]
    (CVE-2017-17045)

  - p2m: Always check to see if removing a p2m entry
    actually worked (George Dunlap) [Orabug: 27216264]
    (CVE-2017-17045)

  - x86/pod: prevent infinite loop when shattering large
    pages (Julien Grall) [Orabug: 27216261] (CVE-2017-17044)

  - xen/physmap: Do not permit a guest to populate PoD pages
    for itself (Elena Ufimtseva) [Orabug: 27216261]
    (CVE-2017-17044)

  - xend/pxm: Include pxm in XenStore when hotplugging PCI
    devices (Konrad Rzeszutek Wilk) [Orabug: 27206706]

  - BUILDINFO: OVMF
    commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen
    commit=2f4972e50ebd2a470b19bfdb1fc6ce91e77614e0

  - BUILDINFO: QEMU upstream
    commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional
    commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE
    commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS
    commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - vNUMA: assign vcpus to nodes by interleaving (Elena
    Ufimtseva) 

  - BUILDINFO: OVMF
    commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen
    commit=c9c2df2dc87e18c9dcf584aedf859ab50b62883a

  - BUILDINFO: QEMU upstream
    commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional
    commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE
    commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS
    commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - vNUMA: disable vNUMA if fail to find vcpus for pinning
    (Elena Ufimtseva) [Orabug: 27091931]

  - BUILDINFO: OVMF
    commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen
    commit=fe4d54f49f8cf07f9e9d8077b7c85d287fb5c90c

  - BUILDINFO: QEMU upstream
    commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional
    commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE
    commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS
    commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - x86/shadow: correct SH_LINEAR mapping detection in
    sh_guess_wrmap (Andrew Cooper) [Orabug: 27148184]
    (CVE-2017-15592) (CVE-2017-15592)

  - x86: don't wrongly trigger linear page table assertion
    (Jan Beulich) [Orabug: 27148179] (CVE-2017-15595)

  - BUILDINFO: OVMF
    commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

  - BUILDINFO: xen
    commit=b67a2d04c74002cceabfa76612a27fd1cf3f2b29

  - BUILDINFO: QEMU upstream
    commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

  - BUILDINFO: QEMU traditional
    commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

  - BUILDINFO: IPXE
    commit=9a93db3f0947484e30e753bbd61a10b17336e20e

  - BUILDINFO: SeaBIOS
    commit=7d9cbe613694924921ed1a6f8947d711c5832eee

  - vNUMA: fix cpus assignment in manual vNUMA mode. (Elena
    Ufimtseva)"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2017-December/000808.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fa5ebf09"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xen / xen-tools packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_exists(rpm:"xen-4.4.4-155", release:"OVS3.4") && rpm_check(release:"OVS3.4", reference:"xen-4.4.4-155.0.7.el6")) flag++;
if (rpm_exists(rpm:"xen-tools-4.4.4-155", release:"OVS3.4") && rpm_check(release:"OVS3.4", reference:"xen-tools-4.4.4-155.0.7.el6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-tools");
}
VendorProductVersionCPE
oraclevmxenp-cpe:/a:oracle:vm:xen
oraclevmxen-toolsp-cpe:/a:oracle:vm:xen-tools
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4

Related

nessus 55
openvas 42
citrix 2
fedora 19
debian 5
osv 10
suse 18
debiancve 6
ubuntucve 6
redhatcve 6
prion 6
cve 6
xen 4
seebug 1
symantec 1
gentoo 1
nessus
nessus
OracleVM 3.3 : xen (OVMSA-2017-0177)
2017-12-14 00:00:00
OracleVM 3.2 : xen (OVMSA-2017-0178)
2017-12-14 00:00:00
Citrix XenServer Multiple Vulnerabilities (CTX230138)
2017-12-07 00:00:00
openvas
openvas
Citrix XenServer Multiple Security Updates (CTX230138)
2017-12-05 00:00:00
Fedora Update for xen FEDORA-2017-4bfcd57172
2017-12-10 00:00:00
Fedora Update for xen FEDORA-2017-f2577f2108
2017-12-14 00:00:00
citrix
citrix
Citrix XenServer Multiple Security Updates
2017-12-01 05:00:00
Citrix XenServer Multiple Security Updates
2017-10-12 04:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: xen-4.8.2-7.fc26
2017-11-28 16:30:50
[SECURITY] Fedora 27 Update: xen-4.9.1-2.fc27
2017-12-10 05:11:32
[SECURITY] Fedora 27 Update: xen-4.9.0-14.fc27
2017-11-21 23:41:52
debian
debian
[SECURITY] [DLA 1559-1] xen security update
2018-10-30 07:46:34
[SECURITY] [DLA 1181-1] xen security update
2017-11-20 13:39:19
[SECURITY] [DLA 1230-1] xen security update
2018-01-05 06:57:15
osv
osv
xen - security update
2018-10-29 00:00:00
CVE-2017-15592
2017-10-18 08:29:00
xen - security update
2017-11-20 00:00:00
suse
suse
Security update for xen (important)
2017-12-05 21:08:27
Security update for xen (important)
2017-12-08 12:13:01
Security update for xen (important)
2017-12-07 21:12:55
debiancve
debiancve
CVE-2017-17045
2017-11-28 23:29:00
CVE-2017-15592
2017-10-18 08:29:00
CVE-2017-15595
2017-10-18 08:29:00
ubuntucve
ubuntucve
CVE-2017-17044
2017-11-28 00:00:00
CVE-2017-17045
2017-11-28 00:00:00
CVE-2017-15595
2017-10-18 00:00:00
redhatcve
redhatcve
CVE-2017-17045
2017-11-29 12:50:10
CVE-2017-15592
2017-10-18 14:54:18
CVE-2017-15595
2017-10-18 15:19:31
prion
prion
Denial of service
2017-10-18 08:29:00
Design/Logic Flaw
2017-11-28 23:29:00
Design/Logic Flaw
2017-11-28 23:29:00
cve
cve
CVE-2017-17044
2017-11-28 23:29:00
CVE-2017-17045
2017-11-28 23:29:00
CVE-2017-15592
2017-10-18 08:29:00
xen
xen
x86: Incorrect handling of self-linear shadow mappings with translated guests
2017-10-12 12:00:00
Unlimited recursion in linear pagetable de-typing
2017-10-12 12:00:00
x86: infinite loop due to missing PoD error checking
2017-11-28 11:58:00
seebug
seebug
Xen: unbounded recursion in pagetable de-typing(CVE-2017-15595)
2017-11-16 00:00:00
symantec
symantec
Xen CVE-2017-15595 Denial of Service Vulnerability
2017-10-18 00:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2018-01-14 00:00:00
JSON
Related for ORACLEVM_OVMSA-2017-0176.NASL
nessus55openvas42citrix2fedora19debian5osv10suse18debiancve6ubuntucve6redhatcve6prion6cve6xen4seebug1symantec1gentoo1