{"id": "REDHAT-RHSA-2013-0608.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 : kvm (RHSA-2013:0608)", "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "published": "2013-03-08T00:00:00", "modified": "2018-09-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65082", "reporter": "Tenable", "references": ["https://www.redhat.com/security/data/cve/CVE-2012-6075.html", "http://rhn.redhat.com/errata/RHSA-2013-0608.html"], "cvelist": ["CVE-2012-6075"], "type": "nessus", "lastseen": "2018-09-12T10:06:36", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kvm", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug", "p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm", "p-cpe:/a:redhat:enterprise_linux:kvm-tools"], "cvelist": ["CVE-2012-6075"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a43fb91b00fc98ba27308a719a4be03b51263afd9791ab36970af46d647b1511", "hashmap": [{"hash": "971d3e6c5e474d156bfdb014e2a0f1d4", "key": "published"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "a7256da6af851d620c610f0bd722a95a", "key": "href"}, {"hash": "56b32354e3c1787f51c54e1301941fa3", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5d6b55af58497b7d7a6351ef0e8ed9e8", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e2e9ea8f1580e085792d06982e23d9ba", "key": "sourceData"}, {"hash": "038c06db55f9d3d8b376e6616f9d747e", "key": "description"}, {"hash": "17a68951e47e6ca2e1101c6d70d728ca", "key": "cpe"}, {"hash": "4317f1da42835c8ce0d86e02ef17fc8e", "key": "cvelist"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "57fc6f4466470dd2e2c7c62deea994c4", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65082", "id": "REDHAT-RHSA-2013-0608.NASL", "lastseen": "2017-10-29T13:41:18", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65082", "published": "2013-03-08T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2012-6075.html", "http://rhn.redhat.com/errata/RHSA-2013-0608.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65082);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2013:0608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0608.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0608\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n }\n}\n", "title": "RHEL 5 : kvm (RHSA-2013:0608)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-10-29T13:41:18"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2012-6075"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "edition": 1, "hash": "87d4b1bc78ea0c9066592c6d85fae701e034bd5868d600bc15ab69081445486d", "hashmap": [{"hash": "971d3e6c5e474d156bfdb014e2a0f1d4", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "a7256da6af851d620c610f0bd722a95a", "key": "href"}, {"hash": "56b32354e3c1787f51c54e1301941fa3", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5d6b55af58497b7d7a6351ef0e8ed9e8", "key": "references"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "038c06db55f9d3d8b376e6616f9d747e", "key": "description"}, {"hash": "4317f1da42835c8ce0d86e02ef17fc8e", "key": "cvelist"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "modified"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "57fc6f4466470dd2e2c7c62deea994c4", "key": "pluginID"}, {"hash": "0466f00ee24ce1f276700ee6884387cf", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65082", "id": "REDHAT-RHSA-2013-0608.NASL", "lastseen": "2016-09-26T17:25:29", "modified": "2014-11-08T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "65082", "published": "2013-03-08T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2012-6075.html", "http://rhn.redhat.com/errata/RHSA-2013-0608.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65082);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/11/08 02:15:10 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2013:0608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0608.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n}\n", "title": "RHEL 5 : kvm (RHSA-2013:0608)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:25:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kvm", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug", "p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm", "p-cpe:/a:redhat:enterprise_linux:kvm-tools"], "cvelist": ["CVE-2012-6075"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "1fe4be799709223ac1d78ffa97985edfbeaa9b3701e4940e76d113b40da7d8cc", "hashmap": [{"hash": "971d3e6c5e474d156bfdb014e2a0f1d4", "key": "published"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "a7256da6af851d620c610f0bd722a95a", "key": "href"}, {"hash": "56b32354e3c1787f51c54e1301941fa3", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5d6b55af58497b7d7a6351ef0e8ed9e8", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e2e9ea8f1580e085792d06982e23d9ba", "key": "sourceData"}, {"hash": "038c06db55f9d3d8b376e6616f9d747e", "key": "description"}, {"hash": "17a68951e47e6ca2e1101c6d70d728ca", "key": "cpe"}, {"hash": "4317f1da42835c8ce0d86e02ef17fc8e", "key": "cvelist"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "57fc6f4466470dd2e2c7c62deea994c4", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65082", "id": "REDHAT-RHSA-2013-0608.NASL", "lastseen": "2018-08-30T19:49:05", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65082", "published": "2013-03-08T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2012-6075.html", "http://rhn.redhat.com/errata/RHSA-2013-0608.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65082);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2013:0608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0608.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0608\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n }\n}\n", "title": "RHEL 5 : kvm (RHSA-2013:0608)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:49:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2012-6075"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "edition": 2, "enchantments": {}, "hash": "f2121e747eeac86e47460838a4f93ff992183e40e35f1b4c1d877d2d112cdb83", "hashmap": [{"hash": "971d3e6c5e474d156bfdb014e2a0f1d4", "key": "published"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "a7256da6af851d620c610f0bd722a95a", "key": "href"}, {"hash": "56b32354e3c1787f51c54e1301941fa3", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5d6b55af58497b7d7a6351ef0e8ed9e8", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e2e9ea8f1580e085792d06982e23d9ba", "key": "sourceData"}, {"hash": "038c06db55f9d3d8b376e6616f9d747e", "key": "description"}, {"hash": "4317f1da42835c8ce0d86e02ef17fc8e", "key": "cvelist"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "57fc6f4466470dd2e2c7c62deea994c4", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65082", "id": "REDHAT-RHSA-2013-0608.NASL", "lastseen": "2017-01-06T02:15:55", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "65082", "published": "2013-03-08T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2012-6075.html", "http://rhn.redhat.com/errata/RHSA-2013-0608.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65082);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2013:0608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0608.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0608\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n }\n}\n", "title": "RHEL 5 : kvm (RHSA-2013:0608)", "type": "nessus", "viewCount": 3}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2017-01-06T02:15:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kvm", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug", "p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm", "p-cpe:/a:redhat:enterprise_linux:kvm-tools"], "cvelist": ["CVE-2012-6075"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a43fb91b00fc98ba27308a719a4be03b51263afd9791ab36970af46d647b1511", "hashmap": [{"hash": "971d3e6c5e474d156bfdb014e2a0f1d4", "key": "published"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "a7256da6af851d620c610f0bd722a95a", "key": "href"}, {"hash": "56b32354e3c1787f51c54e1301941fa3", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5d6b55af58497b7d7a6351ef0e8ed9e8", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e2e9ea8f1580e085792d06982e23d9ba", "key": "sourceData"}, {"hash": "038c06db55f9d3d8b376e6616f9d747e", "key": "description"}, {"hash": "17a68951e47e6ca2e1101c6d70d728ca", "key": "cpe"}, {"hash": "4317f1da42835c8ce0d86e02ef17fc8e", "key": "cvelist"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "57fc6f4466470dd2e2c7c62deea994c4", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65082", "id": "REDHAT-RHSA-2013-0608.NASL", "lastseen": "2018-09-01T23:56:06", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65082", "published": "2013-03-08T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2012-6075.html", "http://rhn.redhat.com/errata/RHSA-2013-0608.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65082);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2013:0608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6075.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0608.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0608\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n }\n}\n", "title": "RHEL 5 : kvm (RHSA-2013:0608)", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:56:06"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "17a68951e47e6ca2e1101c6d70d728ca"}, {"key": "cvelist", "hash": "4317f1da42835c8ce0d86e02ef17fc8e"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "038c06db55f9d3d8b376e6616f9d747e"}, {"key": "href", "hash": "a7256da6af851d620c610f0bd722a95a"}, {"key": "modified", "hash": "7f86b488cde79959076c92cafc9748f6"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "57fc6f4466470dd2e2c7c62deea994c4"}, {"key": "published", "hash": "971d3e6c5e474d156bfdb014e2a0f1d4"}, {"key": "references", "hash": "5d6b55af58497b7d7a6351ef0e8ed9e8"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "c80841f25128a3b3435bcd9041953824"}, {"key": "title", "hash": "56b32354e3c1787f51c54e1301941fa3"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c2e64e3db411fc213058c4252985b2cbf67d8801a03aef7e00d07fad03c76192", "viewCount": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65082);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/09/10 11:37:05\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2013:0608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0608.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6075.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0608\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "65082", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kvm", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug", "p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img", "p-cpe:/a:redhat:enterprise_linux:kmod-kvm", "p-cpe:/a:redhat:enterprise_linux:kvm-tools"]}

{"cve": [{"lastseen": "2016-09-03T17:22:08", "references": ["http://www.debian.org/security/2013/dsa-2619", "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html", "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html", "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html", "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html", "http://rhn.redhat.com/errata/RHSA-2013-0599.html", "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb", "http://rhn.redhat.com/errata/RHSA-2013-0639.html", "http://rhn.redhat.com/errata/RHSA-2013-0609.html", "http://www.ubuntu.com/usn/USN-1692-1", "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", "http://www.securityfocus.com/bid/57420", "http://rhn.redhat.com/errata/RHSA-2013-0608.html", "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html", "http://rhn.redhat.com/errata/RHSA-2013-0610.html", "http://security.gentoo.org/glsa/glsa-201309-24.xml", "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html", "https://bugzilla.redhat.com/show_bug.cgi?id=889301", "http://www.debian.org/security/2013/dsa-2607", "http://www.openwall.com/lists/oss-security/2012/12/30/1", "http://www.debian.org/security/2013/dsa-2608"], "edition": 1, "description": "Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.", "reporter": "NVD", "published": "2013-02-12T20:55:03", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "title": "CVE-2012-6075", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-6075"], "scanner": [], "modified": "2014-04-19T00:29:22", "cpe": ["cpe:/a:qemu:qemu:0.11.0", "cpe:/a:qemu:qemu:1.1.1", "cpe:/a:qemu:qemu:0.12.3", "cpe:/a:qemu:qemu:1.2.0", "cpe:/a:qemu:qemu:1.2.0:rc2", "cpe:/a:qemu:qemu:0.4.3", "cpe:/a:qemu:qemu:0.12.0:rc2", "cpe:/a:qemu:qemu:0.13.0:rc0", "cpe:/a:qemu:qemu:1.0.1", "cpe:/a:qemu:qemu:0.9.1", "cpe:/a:qemu:qemu:1.1:rc3", "cpe:/a:qemu:qemu:0.4", "cpe:/a:qemu:qemu:0.1.1", "cpe:/a:qemu:qemu:0.10.1", "cpe:/a:qemu:qemu:0.5.3", "cpe:/a:qemu:qemu:0.11.0-rc2", "cpe:/a:qemu:qemu:0.3", "cpe:/a:qemu:qemu:1.3.0:rc1", "cpe:/a:qemu:qemu:0.11.0:rc1", "cpe:/a:qemu:qemu:1.2.2", "cpe:/a:qemu:qemu:1.0:rc1", "cpe:/a:qemu:qemu:0.12.5", "cpe:/a:qemu:qemu:0.11.0-rc0", "cpe:/a:qemu:qemu:1.2.0:rc1", "cpe:/a:qemu:qemu:1.1:rc2", "cpe:/a:qemu:qemu:1.1.2", "cpe:/a:qemu:qemu:0.11.0-rc1", "cpe:/a:qemu:qemu:0.1.3", "cpe:/a:qemu:qemu:1.0:rc3", "cpe:/a:qemu:qemu:0.8.1", "cpe:/a:qemu:qemu:0.11.0:rc2", "cpe:/a:qemu:qemu:1.0", "cpe:/a:qemu:qemu:0.10.2", "cpe:/a:qemu:qemu:0.12.2", "cpe:/a:qemu:qemu:0.5.4", "cpe:/a:qemu:qemu:0.1.2", "cpe:/a:qemu:qemu:1.2.1", "cpe:/a:qemu:qemu:1.3.0:rc2", "cpe:/a:qemu:qemu:1.1:rc4", "cpe:/a:qemu:qemu:0.5.1", "cpe:/a:qemu:qemu:1.3.0:rc0", "cpe:/a:qemu:qemu:1.2.0:rc0", "cpe:/a:qemu:qemu:0.5.5", "cpe:/a:qemu:qemu:0.4.2", "cpe:/a:qemu:qemu:1.4.0:rc1", "cpe:/a:qemu:qemu:0.5.0", "cpe:/a:qemu:qemu:0.2", "cpe:/a:qemu:qemu:0.7.0", "cpe:/a:qemu:qemu:1.3.1", "cpe:/a:qemu:qemu:0.9.1-5", "cpe:/a:qemu:qemu:0.1.4", "cpe:/a:qemu:qemu:0.10.3", "cpe:/a:qemu:qemu:-", "cpe:/a:qemu:qemu:0.6.0", "cpe:/a:qemu:qemu:0.10.5", "cpe:/a:qemu:qemu:0.6.1", "cpe:/a:qemu:qemu:0.10.6", "cpe:/a:qemu:qemu:0.14.0:rc2", "cpe:/a:qemu:qemu:0.11.1", "cpe:/a:qemu:qemu:0.1.6", "cpe:/a:qemu:qemu:0.14.0", "cpe:/a:qemu:qemu:0.12.1", "cpe:/a:qemu:qemu:0.9.0", "cpe:/a:qemu:qemu:0.14.0:rc1", "cpe:/a:qemu:qemu:0.10.0", "cpe:/a:qemu:qemu:0.1.5", "cpe:/a:qemu:qemu:0.5.2", "cpe:/a:qemu:qemu:1.2.0:rc3", "cpe:/a:qemu:qemu:0.14.0:rc0", "cpe:/a:qemu:qemu:1.0:rc4", "cpe:/a:qemu:qemu:0.15.0:rc2", "cpe:/a:qemu:qemu:1.4.0:rc0", "cpe:/a:qemu:qemu:0.13.0", "cpe:/a:qemu:qemu:0.13.0:rc1", "cpe:/a:qemu:qemu:0.8.2", "cpe:/a:qemu:qemu:0.7.1", "cpe:/a:qemu:qemu:1.3.0", "cpe:/a:qemu:qemu:0.8.0", "cpe:/a:qemu:qemu:0.12.0:rc1", "cpe:/a:qemu:qemu:0.1", "cpe:/a:qemu:qemu:0.14.1", "cpe:/a:qemu:qemu:1.0:rc2", "cpe:/a:qemu:qemu:0.15.0:rc1", "cpe:/a:qemu:qemu:0.10.4", "cpe:/a:qemu:qemu:0.12.0", "cpe:/a:qemu:qemu:1.1:rc1", "cpe:/a:qemu:qemu:0.11.0:rc0", "cpe:/a:qemu:qemu:0.12.4", "cpe:/a:qemu:qemu:1.1", "cpe:/a:qemu:qemu:0.4.1", "cpe:/a:qemu:qemu:0.7.2"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6075", "id": "CVE-2012-6075", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:51:21", "references": ["http://www.debian.org/security/2013/dsa-2608.html"], "pluginID": "892608", "description": "It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "published": "2013-01-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 2608-1 (qemu - buffer overflow)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892608", "id": "OPENVAS:892608", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2608.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2608-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"qemu on Debian Linux\";\ntag_insight = \"QEMU is a fast processor emulator: currently the package supports\nARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,\nSPARC and x86-64 emulation. By using dynamic translation it achieves\nreasonable speed while being easy to port on new host CPUs. QEMU has\ntwo operating modes:\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-3squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.2+dfsg-4.\n\nWe recommend that you upgrade your qemu packages.\";\ntag_summary = \"It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892608);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-6075\");\n script_name(\"Debian Security Advisory DSA 2608-1 (qemu - buffer overflow)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-15 00:00:00 +0100 (Tue, 15 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2608.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libqemu-dev\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:52:06", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html", "2013-0965"], "pluginID": "865240", "description": "Check for the Version of qemu", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-01-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for qemu FEDORA-2013-0965", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865240", "id": "OPENVAS:865240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2013-0965\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"QEMU is a generic and open source processor emulator which achieves a good\n emulation speed by using dynamic translation. QEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherials. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n\n As QEMU requires no host kernel patches to run, it is safe and easy to use.\";\n\n\ntag_affected = \"qemu on Fedora 18\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html\");\n script_id(865240);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-28 09:33:24 +0530 (Mon, 28 Jan 2013)\");\n script_cve_id(\"CVE-2012-6075\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2013-0965\");\n script_name(\"Fedora Update for qemu FEDORA-2013-0965\");\n\n script_summary(\"Check for the Version of qemu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~1.2.2~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:58", "references": ["http://linux.oracle.com/errata/ELSA-2013-0608.html"], "pluginID": "1361412562310123673", "description": "Oracle Linux Local Security Checks ELSA-2013-0608", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-0608", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310123673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123673", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2013-0608.nasl 6558 2017-07-06 11:56:55Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123673\");\nscript_version(\"$Revision: 6558 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 14:07:04 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:56:55 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2013-0608\");\nscript_tag(name: \"insight\", value: \"ELSA-2013-0608 - kvm security update - [kvm-83-262.0.1.el5_9.1]- Added kvm-add-oracle-workaround-for-libvirt-bug.patch- Added kvm-Introduce-oel-machine-type.patch[kvm-83-262.el5_1]- kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910839]- kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910839]- Resolves: bz#910839 (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-5.9.z])\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2013-0608\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2013-0608.html\");\nscript_cve_id(\"CVE-2012-6075\");\nscript_tag(name:\"cvss_base\", value:\"9.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~262.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~262.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~262.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~262.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~262.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:55:50", "references": ["http://www.debian.org/security/2013/dsa-2608.html"], "pluginID": "1361412562310892608", "description": "It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "published": "2013-01-15T00:00:00", "title": "Debian Security Advisory DSA 2608-1 (qemu - buffer overflow)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310892608", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892608", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2608.nasl 9353 2018-04-06 07:14:20Z cfischer $\n# Auto-generated from advisory DSA 2608-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"qemu on Debian Linux\";\ntag_insight = \"QEMU is a fast processor emulator: currently the package supports\nARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,\nSPARC and x86-64 emulation. By using dynamic translation it achieves\nreasonable speed while being easy to port on new host CPUs. QEMU has\ntwo operating modes:\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-3squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.2+dfsg-4.\n\nWe recommend that you upgrade your qemu packages.\";\ntag_summary = \"It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892608\");\n script_version(\"$Revision: 9353 $\");\n script_cve_id(\"CVE-2012-6075\");\n script_name(\"Debian Security Advisory DSA 2608-1 (qemu - buffer overflow)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-15 00:00:00 +0100 (Tue, 15 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2608.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libqemu-dev\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-keymaps\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-system\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-user-static\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-utils\", ver:\"0.12.5+dfsg-3squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:35", "references": ["2013:0609", "http://lists.centos.org/pipermail/centos-announce/2013-March/019632.html"], "pluginID": "881665", "description": "Check for the Version of qemu-guest-agent", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for qemu-guest-agent CESA-2013:0609 centos6 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881665", "id": "OPENVAS:881665", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for qemu-guest-agent CESA-2013:0609 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\n for running virtual machines using KVM.\n\n A flaw was found in the way QEMU-KVM emulated the e1000 network interface\n card when the host was configured to accept jumbo network frames, and a\n guest using the e1000 emulated driver was not. A remote attacker could use\n this flaw to crash the guest or, potentially, execute arbitrary code with\n root privileges in the guest. (CVE-2012-6075)\n \n All users of qemu-kvm should upgrade to these updated packages, which\n contain backported patches to correct this issue. After installing this\n update, shut down all running virtual machines. Once all virtual machines\n have shut down, start them again for this update to take effect.\";\n\n\ntag_affected = \"qemu-guest-agent on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019632.html\");\n script_id(881665);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:01:32 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-6075\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0609\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2013:0609 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qemu-guest-agent\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.355.el6_4.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent-win32\", rpm:\"qemu-guest-agent-win32~0.12.1.2~2.355.el6_4.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.355.el6_4.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.355.el6_4.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.355.el6_4.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:43", "references": ["1692-1", "http://www.ubuntu.com/usn/usn-1692-1/"], "pluginID": "1361412562310841288", "description": "Check for the Version of qemu-kvm", "edition": 5, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-01-21T00:00:00", "title": "Ubuntu Update for qemu-kvm USN-1692-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310841288", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841288", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1692_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for qemu-kvm USN-1692-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1692-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841288\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:51:22 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-6075\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1692-1\");\n script_name(\"Ubuntu Update for qemu-kvm USN-1692-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of qemu-kvm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|12\\.10)\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"It was discovered that QEMU incorrectly handled certain e1000 packet sizes.\n In certain environments, an attacker may use this flaw in combination with\n large packets to cause a denial of service or execute arbitrary code in the\n guest.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.0+noroms-0ubuntu14.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.14.1+noroms-0ubuntu6.6\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.3+noroms-0ubuntu9.21\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.2.0+noroms-0ubuntu2.12.10.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:26", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-March/019272.html", "2013:0608"], "pluginID": "1361412562310881678", "description": "Check for the Version of kmod-kvm", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-12T00:00:00", "title": "CentOS Update for kmod-kvm CESA-2013:0608 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kmod-kvm CESA-2013:0608 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\n the standard Red Hat Enterprise Linux kernel.\n\n A flaw was found in the way QEMU-KVM emulated the e1000 network interface\n card when the host was configured to accept jumbo network frames, and a\n guest using the e1000 emulated driver was not. A remote attacker could use\n this flaw to crash the guest or, potentially, execute arbitrary code with\n root privileges in the guest. (CVE-2012-6075)\n \n All users of kvm are advised to upgrade to these updated packages, which\n contain backported patches to correct this issue. Note that the procedure\n in the Solution section must be performed before this update will take\n effect.\";\n\n\ntag_affected = \"kmod-kvm on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019272.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881678\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:02:32 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2012-6075\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0608\");\n script_name(\"CentOS Update for kmod-kvm CESA-2013:0608 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kmod-kvm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~262.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~262.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~262.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~262.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~262.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:16", "references": ["http://linux.oracle.com/errata/ELSA-2013-0609.html"], "pluginID": "1361412562310123671", "description": "Oracle Linux Local Security Checks ELSA-2013-0609", "edition": 4, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-0609", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:1361412562310123671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123671", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2013-0609.nasl 6558 2017-07-06 11:56:55Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123671\");\nscript_version(\"$Revision: 6558 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 14:07:03 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:56:55 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2013-0609\");\nscript_tag(name: \"insight\", value: \"ELSA-2013-0609 - qemu-kvm security update - [qemu-kvm-0.12.1.2-2.355.el6_4.2]- kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910841]- kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910841]- Resolves: bz#910841 (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-6.4.z])[qemu-kvm-0.12.1.2-2.355.el6_4.1]- kvm-Revert-e1000-no-need-auto-negotiation-if-link-was-do.patch [bz#907397]- Resolves: bz#907397 (Patch 'e1000: no need auto-negotiation if link was down' may break e1000 guest)\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2013-0609\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2013-0609.html\");\nscript_cve_id(\"CVE-2012-6075\");\nscript_tag(name:\"cvss_base\", value:\"9.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.355.el6_4.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent-win32\", rpm:\"qemu-guest-agent-win32~0.12.1.2~2.355.el6_4.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.355.el6_4.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.355.el6_4.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.355.el6_4.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:52:02", "references": ["http://www.debian.org/security/2013/dsa-2607.html"], "pluginID": "892607", "description": "It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "published": "2013-01-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 2607-1 (qemu-kvm - buffer overflow)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892607", "id": "OPENVAS:892607", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2607.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2607-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"qemu-kvm on Debian Linux\";\ntag_insight = \"Using KVM, one can run multiple virtual PCs, each running unmodified Linux or\nWindows images. Each virtual machine has private virtualized hardware: a\nnetwork card, disk, graphics adapter, etc.\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze10.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.2+dfsg-4.\n\nWe recommend that you upgrade your qemu-kvm packages.\";\ntag_summary = \"It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892607);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-6075\");\n script_name(\"Debian Security Advisory DSA 2607-1 (qemu-kvm - buffer overflow)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-15 00:00:00 +0100 (Tue, 15 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"9.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2607.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kvm\", ver:\"0.12.5+dfsg-5+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.5+dfsg-5+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"0.12.5+dfsg-5+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:10:39", "references": ["2013:0599", "http://lists.centos.org/pipermail/centos-announce/2013-March/019266.html"], "pluginID": "881619", "description": "Check for the Version of xen", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for xen CESA-2013:0599 centos5 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2018-01-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881619", "id": "OPENVAS:881619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xen CESA-2013:0599 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The xen packages contain administration tools and the xend service for\n managing the kernel-xen kernel for virtualization on Red Hat Enterprise\n Linux.\n\n A flaw was found in the way QEMU emulated the e1000 network interface card\n when the host was configured to accept jumbo network frames, and a\n fully-virtualized guest using the e1000 emulated driver was not. A remote\n attacker could use this flaw to crash the guest or, potentially, execute\n arbitrary code with root privileges in the guest. (CVE-2012-6075)\n\n All users of xen are advised to upgrade to these updated packages, which\n correct this issue. After installing the updated packages, all running\n fully-virtualized guests must be restarted for this update to take effect.\";\n\n\ntag_affected = \"xen on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019266.html\");\n script_id(881619);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:19:29 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2012-6075\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0599\");\n script_name(\"CentOS Update for xen CESA-2013:0599 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~142.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~142.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~142.el5_9.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-02T00:01:38", "references": ["http://www.nessus.org/u?8cd2861f"], "pluginID": "65092", "description": "A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2013-03-08T00:00:00", "title": "Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2013-03-08T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130307_QEMU_KVM_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65092);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/03/08 11:44:06 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n\n script_name(english:\"Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAfter installing this update, shut down all running virtual machines.\nOnce all virtual machines have shut down, start them again for this\nupdate to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=3090\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8cd2861f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"qemu-guest-agent-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"seabios-0.6.1.2-26.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-glib-0.14-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-glib-devel-0.14-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-gtk-0.14-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-gtk-devel-0.14-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-gtk-python-0.14-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-gtk-tools-0.14-7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-protocol-0.12.2-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"spice-server-0.12.0-12.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"spice-server-devel-0.12.0-12.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-vdagent-0.12.0-4.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"spice-xpi-2.7-22.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"usbredir-0.5.1-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"usbredir-devel-0.5.1-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"usbredir-server-0.5.1-1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"virt-viewer-0.5.2-18.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:40", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-March/003336.html"], "pluginID": "68774", "description": "From Red Hat Security Advisory 2013:0599 :\n\nUpdated xen packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux.\n\nA flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : xen (ELSA-2013-0599)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:xen-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:xen", "p-cpe:/a:oracle:linux:xen-libs"], "id": "ORACLELINUX_ELSA-2013-0599.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68774", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0599 and \n# Oracle Linux Security Advisory ELSA-2013-0599 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68774);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0599\");\n\n script_name(english:\"Oracle Linux 5 : xen (ELSA-2013-0599)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0599 :\n\nUpdated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way QEMU emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and\na fully-virtualized guest using the e1000 emulated driver was not. A\nremote attacker could use this flaw to crash the guest or,\npotentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, all\nrunning fully-virtualized guests must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003336.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xen-3.0.3-142.el5_9.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xen-devel-3.0.3-142.el5_9.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xen-libs-3.0.3-142.el5_9.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-libs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:23", "references": ["https://packages.debian.org/source/squeeze/qemu-kvm", "http://www.debian.org/security/2013/dsa-2607", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051"], "pluginID": "63556", "description": "It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).", "edition": 4, "reporter": "Tenable", "published": "2013-01-16T00:00:00", "title": "Debian DSA-2607-1 : qemu-kvm - buffer overflow", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2015-02-16T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:qemu-kvm"], "id": "DEBIAN_DSA-2607.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63556", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2607. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63556);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/02/16 15:37:39 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_xref(name:\"DSA\", value:\"2607\");\n\n script_name(english:\"Debian DSA-2607-1 : qemu-kvm - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/qemu-kvm\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2013/dsa-2607\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the qemu-kvm packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze10.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"kvm\", reference:\"0.12.5+dfsg-5+squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qemu-kvm\", reference:\"0.12.5+dfsg-5+squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"qemu-kvm-dbg\", reference:\"0.12.5+dfsg-5+squeeze10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:22", "references": ["http://www.debian.org/security/2013/dsa-2619", "https://packages.debian.org/source/squeeze/xen-qemu-dm-4.0"], "pluginID": "64553", "description": "A buffer overflow was found in the e1000 emulation, which could be triggered when processing jumbo frames.", "edition": 5, "reporter": "Tenable", "published": "2013-02-11T00:00:00", "title": "Debian DSA-2619-1 : xen-qemu-dm-4.0 - buffer overflow", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:xen-qemu-dm-4.0"], "id": "DEBIAN_DSA-2619.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64553", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2619. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64553);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/09 14:30:25\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"DSA\", value:\"2619\");\n\n script_name(english:\"Debian DSA-2619-1 : xen-qemu-dm-4.0 - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was found in the e1000 emulation, which could be\ntriggered when processing jumbo frames.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/xen-qemu-dm-4.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2013/dsa-2619\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen-qemu-dm-4.0 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-2+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-qemu-dm-4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"xen-qemu-dm-4.0\", reference:\"4.0.1-2+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:17", "references": ["http://www.nessus.org/u?68d46490", "http://www.nessus.org/u?58a0cd56"], "pluginID": "65164", "description": "Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect.", "edition": 4, "reporter": "Tenable", "published": "2013-03-10T00:00:00", "title": "CentOS 5 : kvm (CESA-2013:0608)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2015-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kvm-qemu-img", "p-cpe:/a:centos:centos:kvm", "p-cpe:/a:centos:centos:kmod-kvm", "p-cpe:/a:centos:centos:kmod-kvm-debug", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:kvm-tools"], "id": "CENTOS_RHSA-2013-0608.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65164", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0608 and \n# CentOS Errata and Security Advisory 2013:0608 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65164);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/05/19 23:52:01 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0608\");\n\n script_name(english:\"CentOS 5 : kvm (CESA-2013:0608)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. Note that the\nprocedure in the Solution section must be performed before this update\nwill take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-March/019270.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58a0cd56\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-March/019272.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68d46490\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5.centos.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:42", "references": [], "pluginID": "63608", "description": "It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw in combination with large packets to cause a denial of service or execute arbitrary code in the guest.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2013-01-17T00:00:00", "title": "Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : qemu-kvm vulnerability (USN-1692-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2018-08-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:qemu-kvm", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1692-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63608", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1692-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63608);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/08/01 17:36:14\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"USN\", value:\"1692-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : qemu-kvm vulnerability (USN-1692-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that QEMU incorrectly handled certain e1000 packet\nsizes. In certain environments, an attacker may use this flaw in\ncombination with large packets to cause a denial of service or execute\narbitrary code in the guest.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"qemu-kvm\", pkgver:\"0.12.3+noroms-0ubuntu9.21\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"qemu-kvm\", pkgver:\"0.14.1+noroms-0ubuntu6.6\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"qemu-kvm\", pkgver:\"1.0+noroms-0ubuntu14.7\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"qemu-kvm\", pkgver:\"1.2.0+noroms-0ubuntu2.12.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:43:28", "references": ["http://www.nessus.org/u?b89b940e", "https://bugzilla.redhat.com/show_bug.cgi?id=889301"], "pluginID": "64255", "description": "- CVE-2012-6075: Buffer overflow in e1000 nic (bz #889301, bz #889304)\n\n - Use systemd spec macros (bz #850285)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2013-01-28T00:00:00", "title": "Fedora 18 : qemu-1.2.2-2.fc18 (2013-0965)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2015-10-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:qemu"], "id": "FEDORA_2013-0965.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64255", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0965.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64255);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:56 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"FEDORA\", value:\"2013-0965\");\n\n script_name(english:\"Fedora 18 : qemu-1.2.2-2.fc18 (2013-0965)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2012-6075: Buffer overflow in e1000 nic (bz #889301,\n bz #889304)\n\n - Use systemd spec macros (bz #850285)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=889301\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b89b940e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"qemu-1.2.2-2.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:26", "references": ["http://www.nessus.org/u?58678aad"], "pluginID": "65091", "description": "A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nNote that the procedure in the Solution section must be performed before this update will take effect.", "edition": 4, "reporter": "Tenable", "published": "2013-03-08T00:00:00", "title": "Scientific Linux Security Update : kvm on SL5.x x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2013-03-08T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130307_KVM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65091", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65091);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/03/08 11:44:06 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n\n script_name(english:\"Scientific Linux Security Update : kvm on SL5.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nNote that the procedure in the Solution section must be performed\nbefore this update will take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=3218\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58678aad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-262.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-262.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-83-262.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-262.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-262.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-262.el5_9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:10:15", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-March/003341.html"], "pluginID": "68780", "description": "From Red Hat Security Advisory 2013:0609 :\n\nUpdated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : qemu-kvm (ELSA-2013-0609)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:qemu-kvm-tools", "p-cpe:/a:oracle:linux:qemu-guest-agent-win32", "p-cpe:/a:oracle:linux:qemu-img", "p-cpe:/a:oracle:linux:qemu-guest-agent", "p-cpe:/a:oracle:linux:qemu-kvm"], "id": "ORACLELINUX_ELSA-2013-0609.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68780", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0609 and \n# Oracle Linux Security Advisory ELSA-2013-0609 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68780);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"RHSA\", value:\"2013:0609\");\n\n script_name(english:\"Oracle Linux 6 : qemu-kvm (ELSA-2013-0609)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0609 :\n\nUpdated qemu-kvm packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network\ninterface card when the host was configured to accept jumbo network\nframes, and a guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially,\nexecute arbitrary code with root privileges in the guest.\n(CVE-2012-6075)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to correct this issue. After installing\nthis update, shut down all running virtual machines. Once all virtual\nmachines have shut down, start them again for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003341.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-guest-agent-win32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"qemu-guest-agent-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.355.el6_4.2\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.355.el6_4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-guest-agent-win32 / qemu-img / qemu-kvm / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:58", "references": ["http://www.nessus.org/u?054186f6", "https://bugzilla.redhat.com/show_bug.cgi?id=889301"], "pluginID": "64256", "description": "- CVE-2012-6075: Buffer overflow in e1000 nic (bz #889301, bz #889304)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2013-01-28T00:00:00", "title": "Fedora 17 : qemu-1.0.1-3.fc17 (2013-0971)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6075"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qemu", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-0971.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0971.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64256);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:56 $\");\n\n script_cve_id(\"CVE-2012-6075\");\n script_bugtraq_id(57420);\n script_xref(name:\"FEDORA\", value:\"2013-0971\");\n\n script_name(english:\"Fedora 17 : qemu-1.0.1-3.fc17 (2013-0971)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2012-6075: Buffer overflow in e1000 nic (bz #889301,\n bz #889304)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=889301\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?054186f6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"qemu-1.0.1-3.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:32", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0608.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kvm-83-262.el5.centos.1.x86_64.rpm", "packageName": "kvm", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kvm-83-262.el5.centos.1.x86_64.rpm", "packageName": "kvm", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kmod-kvm-debug-83-262.el5.centos.1.x86_64.rpm", "packageName": "kmod-kvm-debug", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kmod-kvm-debug-83-262.el5.centos.1.x86_64.rpm", "packageName": "kmod-kvm-debug", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kmod-kvm-83-262.el5.centos.1.x86_64.rpm", "packageName": "kmod-kvm", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kmod-kvm-83-262.el5.centos.1.x86_64.rpm", "packageName": "kmod-kvm", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kvm-qemu-img-83-262.el5.centos.1.x86_64.rpm", "packageName": "kvm-qemu-img", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kvm-qemu-img-83-262.el5.centos.1.x86_64.rpm", "packageName": "kvm-qemu-img", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kvm-83-262.el5.centos.1.src.rpm", "packageName": "kvm", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kvm-83-262.el5.centos.1.src.rpm", "packageName": "kvm", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kvm-tools-83-262.el5.centos.1.x86_64.rpm", "packageName": "kvm-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "83-262.el5.centos.1", "packageFilename": "kvm-tools-83-262.el5.centos.1.x86_64.rpm", "packageName": "kvm-tools", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0608\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which\ncontain backported patches to correct this issue. Note that the procedure\nin the Solution section must be performed before this update will take\neffect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019270.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019272.html\n\n**Affected packages:**\nkmod-kvm\nkmod-kvm-debug\nkvm\nkvm-qemu-img\nkvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0608.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-03-08T00:28:36", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "kmod, kvm security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-03-08T16:42:53", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019270.html", "id": "CESA-2013:0608", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:53", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0599.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "any", "packageName": "xen", "packageFilename": "xen-3.0.3-142.el5_9.2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageName": "xen", "packageFilename": "xen-3.0.3-142.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageName": "xen-devel", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageName": "xen-devel", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageName": "xen-libs", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageName": "xen-libs", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageName": "xen-libs", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageName": "xen-devel", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageName": "xen", "packageFilename": "xen-3.0.3-142.el5_9.2.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0599\n\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA flaw was found in the way QEMU emulated the e1000 network interface card\nwhen the host was configured to accept jumbo network frames, and a\nfully-virtualized guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially, execute\narbitrary code with root privileges in the guest. (CVE-2012-6075)\n\nAll users of xen are advised to upgrade to these updated packages, which\ncorrect this issue. After installing the updated packages, all running\nfully-virtualized guests must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019266.html\n\n**Affected packages:**\nxen\nxen-devel\nxen-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0599.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-03-06T19:54:46", "title": "xen security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-03-06T19:54:46", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019266.html", "id": "CESA-2013:0599", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:47", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0609.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm-tools", "packageFilename": "qemu-kvm-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-img", "packageFilename": "qemu-img-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-guest-agent-win32", "packageFilename": "qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "any", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "i686", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-0.12.1.2-2.355.el6_4.2.i686.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0609\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\nfor running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019632.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-guest-agent-win32\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0609.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-03-09T00:45:27", "title": "qemu security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-03-09T00:45:27", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019632.html", "id": "CESA-2013:0609", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:14", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-262.0.1.el5_9.1", "arch": "x86_64", "packageFilename": "kvm-tools-83-262.0.1.el5_9.1.x86_64.rpm", "packageName": "kvm-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-262.0.1.el5_9.1", "arch": "x86_64", "packageFilename": "kvm-qemu-img-83-262.0.1.el5_9.1.x86_64.rpm", "packageName": "kvm-qemu-img", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-262.0.1.el5_9.1", "arch": "src", "packageFilename": "kvm-83-262.0.1.el5_9.1.src.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-262.0.1.el5_9.1", "arch": "x86_64", "packageFilename": "kmod-kvm-debug-83-262.0.1.el5_9.1.x86_64.rpm", "packageName": "kmod-kvm-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-262.0.1.el5_9.1", "arch": "x86_64", "packageFilename": "kmod-kvm-83-262.0.1.el5_9.1.x86_64.rpm", "packageName": "kmod-kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-262.0.1.el5_9.1", "arch": "x86_64", "packageFilename": "kvm-83-262.0.1.el5_9.1.x86_64.rpm", "packageName": "kvm", "operator": "lt"}], "description": "[kvm-83-262.0.1.el5_9.1]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[kvm-83-262.el5_1]\n- kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910839]\n- kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910839]\n- Resolves: bz#910839\n (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-5.9.z])", "edition": 3, "reporter": "Oracle", "published": "2013-03-07T00:00:00", "title": "kvm security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-03-07T00:00:00", "id": "ELSA-2013-0608", "href": "http://linux.oracle.com/errata/ELSA-2013-0608.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:48:18", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageFilename": "xen-3.0.3-142.el5_9.2.x86_64.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "ia64", "packageFilename": "xen-3.0.3-142.el5_9.2.ia64.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.i386.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.i386.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.x86_64.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.i386.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.i386.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "ia64", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.ia64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageFilename": "xen-3.0.3-142.el5_9.2.i386.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.x86_64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "src", "packageFilename": "xen-3.0.3-142.el5_9.2.src.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "src", "packageFilename": "xen-3.0.3-142.el5_9.2.src.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "src", "packageFilename": "xen-3.0.3-142.el5_9.2.src.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "ia64", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.ia64.rpm", "packageName": "xen-devel", "operator": "lt"}], "description": "[3.0.3-142.el5_9.2]\n- e1000: discard packets that are too long if !SBP and !LPE (rhbz 910843)\n- e1000: discard oversized packets based on SBP|LPE (rhbz 910843)", "edition": 3, "reporter": "Oracle", "published": "2013-03-06T00:00:00", "title": "xen security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-03-06T00:00:00", "id": "ELSA-2013-0599", "href": "http://linux.oracle.com/errata/ELSA-2013-0599.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:45:21", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageFilename": "qemu-guest-agent-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "packageName": "qemu-guest-agent", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "src", "packageFilename": "qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "src", "packageFilename": "qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageFilename": "qemu-kvm-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "packageName": "qemu-kvm-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageFilename": "qemu-img-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "packageName": "qemu-img", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageFilename": "qemu-kvm-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageFilename": "qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "packageName": "qemu-guest-agent-win32", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "i686", "packageFilename": "qemu-guest-agent-0.12.1.2-2.355.el6_4.2.i686.rpm", "packageName": "qemu-guest-agent", "operator": "lt"}], "description": "[qemu-kvm-0.12.1.2-2.355.el6_4.2]\n- kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910841]\n- kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910841]\n- Resolves: bz#910841\n (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-6.4.z])\n[qemu-kvm-0.12.1.2-2.355.el6_4.1]\n- kvm-Revert-e1000-no-need-auto-negotiation-if-link-was-do.patch [bz#907397]\n- Resolves: bz#907397\n (Patch 'e1000: no need auto-negotiation if link was down' may break e1000 guest)", "edition": 3, "reporter": "Oracle", "published": "2013-03-07T00:00:00", "title": "qemu-kvm security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-03-07T00:00:00", "id": "ELSA-2013-0609", "href": "http://linux.oracle.com/errata/ELSA-2013-0609.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:39:04", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-266.0.1.el5_10.1", "arch": "x86_64", "packageFilename": "kvm-83-266.0.1.el5_10.1.x86_64.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-266.0.1.el5_10.1", "arch": "x86_64", "packageFilename": "kvm-qemu-img-83-266.0.1.el5_10.1.x86_64.rpm", "packageName": "kvm-qemu-img", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-266.0.1.el5_10.1", "arch": "x86_64", "packageFilename": "kvm-tools-83-266.0.1.el5_10.1.x86_64.rpm", "packageName": "kvm-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-266.0.1.el5_10.1", "arch": "x86_64", "packageFilename": "kmod-kvm-debug-83-266.0.1.el5_10.1.x86_64.rpm", "packageName": "kmod-kvm-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-266.0.1.el5_10.1", "arch": "src", "packageFilename": "kvm-83-266.0.1.el5_10.1.src.rpm", "packageName": "kvm", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "83-266.0.1.el5_10.1", "arch": "x86_64", "packageFilename": "kmod-kvm-83-266.0.1.el5_10.1.x86_64.rpm", "packageName": "kmod-kvm", "operator": "lt"}], "description": "[kvm-83-266.0.1.el5_10.1]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[kvm-83-266_10.1.el5]\n- KVM: x86: prevent cross page vapic_addr access (CVE-2013-6368) [bz#1032219]\n- KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) [bz#1032216]\n- Resolves: bz#1032219\n (CVE-2013-6368 kvm: cross page vapic_addr access [rhel-5.10])\n- Resolves: bz#1032216\n CVE-2013-6367 kvm: division by zero in apic_get_tmcct() [rhel-5.10.z]\n[kvm-83-266.el5]\n- Updated kversion to 2.6.18-348.4.1.el5\n- kvm-fix-l1_map-buffer-overflow.patch [bz#956511]\n- Resolves: bz#956511\n (qemu-kvm segfault in tb_invalidate_phys_page_range())\n[kvm-83-265.el5]\n- kvm-kernel-kvm-accept-unaligned-MSR_KVM_SYSTEM_TIME-writes.patch [bz#924597]\n- Resolves: bz#924597\n (RHEL.5.8.32 guest hang when installing)\n[kvm-83-264.el5]\n- kvm-kernel-KVM-Fix-for-buffer-overflow-in-handling-of-MSR_KVM_S.patch [bz#917019]\n- kvm-kernel-KVM-Convert-MSR_KVM_SYSTEM_TIME-to-use-kvm_write_gue.patch [bz#917023]\n- kvm-kernel-KVM-Fix-bounds-checking-in-ioapic-indirect-register-.patch [bz#917029]\n- kvm-kernel-do-not-GP-on-unaligned-MSR_KVM_SYSTEM_TIME-write.patch [bz#bz917019]\n- Resolves: bz#917019\n (CVE-2013-1796 kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME [rhel-5.10])\n- Resolves: bz#917023\n (CVE-2013-1797 kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME [rhel-5.10])\n- Resolves: bz#917029\n (CVE-2013-1798 kernel: kvm: out-of-bounds access in ioapic indirect register reads [rhel-5.10])\n[kvm-83-263.el5]\n- kvm-e1000-Discard-packets-that-are-too-long-if-SBP-and-L.patch [bz#910840]\n- kvm-e1000-Discard-oversized-packets-based-on-SBP-LPE.patch [bz#910840]\n- Resolves: bz#910840\n (CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [rhel-5.10])", "edition": 3, "reporter": "Oracle", "published": "2014-02-12T00:00:00", "title": "kvm security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1797", "CVE-2013-6368", "CVE-2013-6367", "CVE-2013-1796", "CVE-2013-1798", "CVE-2012-6075"], "modified": "2014-02-12T00:00:00", "id": "ELSA-2014-0163", "href": "http://linux.oracle.com/errata/ELSA-2014-0163.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "xen": [{"lastseen": "2016-04-01T21:57:13", "references": [], "description": "#### SUMMARY AND SOURCES OF INFORMATION\nAn issue in qemu has been disclosed which we believe affects some users of Xen.\nThe Qemu project has not itself issued an advisory. More information may be available in the advisories published by the distros:\n<a href=\"https://bugzilla.redhat.com/show_bug.cgi?id=889301\">https://bugzilla.redhat.com/show_bug.cgi?id=889301</a> <a href=\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051\">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696051</a>\n#### CAVEAT\nFor full and accurate information please refer to those advisories. We have not conducted a full review of the information and patches provided.\nThe rest of the information in this advisory is true to the best of our knowledge at the time of writing.\n#### IMPACT\nThe vulnerability impacts any host running HVM (Fully-Emulated) guests which are configured with an e1000 NIC (using &quot;model=e1000&quot;) in their VIF configuration. Note that the default emulated NIC is &quot;rtl8139&quot; which is not vulnerable.\nIn a vulnerable configuration a hostile network packet may be able to corrupt the memory of the guest, leading to a guest DoS or remote privilege escalation.\nWe do not believe that this issue enables an attack against the host.\n", "edition": 1, "reporter": "Xen Project", "published": "2013-01-16T14:50:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "xen", "title": "qemu (e1000 device driver): Buffer overflow when processing large packets", "bulletinFamily": "software", "cvelist": ["CVE-2012-6075"], "modified": "2013-01-17T12:17:00", "id": "XSA-41", "href": "http://xenbits.xen.org/xsa/advisory-41.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:29:00", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "4.0.1-2+squeeze3", "packageFilename": "xen-qemu-dm-4.0_4.0.1-2+squeeze3_all.deb", "packageName": "xen-qemu-dm-4.0", "arch": "all", "operator": "lt"}], "edition": 1, "description": "A buffer overflow was found in the e1000 emulation, which could be triggered when processing jumbo frames.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 4.0.1-2+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in version 4.1.3-8 of the xen source package.\n\nWe recommend that you upgrade your xen-qemu-dm-4.0 packages.", "reporter": "Debian", "published": "2013-02-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "xen-qemu-dm-4.0 -- buffer overflow", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-02-10T00:00:00", "href": "http://www.debian.org/security/dsa-2619", "id": "DSA-2619", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:31:40", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "0.12.5+dfsg-5+squeeze10", "packageFilename": "qemu-kvm_0.12.5+dfsg-5+squeeze10_all.deb", "packageName": "qemu-kvm", "arch": "all", "operator": "lt"}], "description": "It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).\n\nFor the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-5+squeeze10.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.1.2+dfsg-4.\n\nWe recommend that you upgrade your qemu-kvm packages.", "edition": 1, "reporter": "Debian", "published": "2013-01-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "qemu-kvm -- buffer overflow", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-01-15T00:00:00", "id": "DSA-2607", "href": "http://www.debian.org/security/dsa-2607", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:20:10", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "0.12.5+dfsg-3squeeze3", "packageFilename": "qemu_0.12.5+dfsg-3squeeze3_all.deb", "packageName": "qemu", "arch": "all", "operator": "lt"}], "description": "It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).\n\nFor the stable distribution (squeeze), this problem has been fixed in version 0.12.5+dfsg-3squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.1.2+dfsg-4.\n\nWe recommend that you upgrade your qemu packages.", "edition": 1, "reporter": "Debian", "published": "2013-01-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "qemu -- buffer overflow", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-01-15T00:00:00", "id": "DSA-2608", "href": "http://www.debian.org/security/dsa-2608", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-06-09T10:34:29", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "src", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.355.el6_4.2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageFilename": "qemu-img-rhev-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm-rhev-tools", "packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which correct this issue. After installing this update, shut down\nall running virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\n", "reporter": "RedHat", "published": "2013-03-12T04:00:00", "type": "redhat", "title": "(RHSA-2013:0639) Important: qemu-kvm-rhev security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-09T14:17:32", "id": "RHSA-2013:0639", "href": "https://access.redhat.com/errata/RHSA-2013:0639", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:59:02", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "src", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.355.el6_4.2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageFilename": "qemu-img-rhev-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm-rhev-tools", "packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which correct this issue. After installing this update, shut down\nall running virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\n", "reporter": "RedHat", "published": "2013-03-07T05:00:00", "type": "redhat", "title": "(RHSA-2013:0610) Important: qemu-kvm-rhev security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:59:28", "id": "RHSA-2013:0610", "href": "https://access.redhat.com/errata/RHSA-2013:0610", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:13", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-262.el5_9.1", "packageName": "kvm-debuginfo", "packageFilename": "kvm-debuginfo-83-262.el5_9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-262.el5_9.1", "packageName": "kvm", "packageFilename": "kvm-83-262.el5_9.1.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-262.el5_9.1", "packageName": "kmod-kvm", "packageFilename": "kmod-kvm-83-262.el5_9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-262.el5_9.1", "packageName": "kmod-kvm-debug", "packageFilename": "kmod-kvm-debug-83-262.el5_9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-262.el5_9.1", "packageName": "kvm-qemu-img", "packageFilename": "kvm-qemu-img-83-262.el5_9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-262.el5_9.1", "packageName": "kvm", "packageFilename": "kvm-83-262.el5_9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "83-262.el5_9.1", "packageName": "kvm-tools", "packageFilename": "kvm-tools-83-262.el5_9.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of kvm are advised to upgrade to these updated packages, which\ncontain backported patches to correct this issue. Note that the procedure\nin the Solution section must be performed before this update will take\neffect.\n", "reporter": "RedHat", "published": "2013-03-07T05:00:00", "type": "redhat", "title": "(RHSA-2013:0608) Important: kvm security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:18:53", "id": "RHSA-2013:0608", "href": "https://access.redhat.com/errata/RHSA-2013:0608", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:59", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageFilename": "xen-debuginfo-3.0.3-142.el5_9.2.i386.rpm", "packageName": "xen-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "src", "packageFilename": "xen-3.0.3-142.el5_9.2.src.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageFilename": "xen-debuginfo-3.0.3-142.el5_9.2.x86_64.rpm", "packageName": "xen-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.i386.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.x86_64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "ia64", "packageFilename": "xen-debuginfo-3.0.3-142.el5_9.2.ia64.rpm", "packageName": "xen-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "ia64", "packageFilename": "xen-libs-3.0.3-142.el5_9.2.ia64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageFilename": "xen-3.0.3-142.el5_9.2.i386.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "i386", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.i386.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "ia64", "packageFilename": "xen-3.0.3-142.el5_9.2.ia64.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "ia64", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.ia64.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageFilename": "xen-3.0.3-142.el5_9.2.x86_64.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "3.0.3-142.el5_9.2", "arch": "x86_64", "packageFilename": "xen-devel-3.0.3-142.el5_9.2.x86_64.rpm", "packageName": "xen-devel", "operator": "lt"}], "description": "The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA flaw was found in the way QEMU emulated the e1000 network interface card\nwhen the host was configured to accept jumbo network frames, and a\nfully-virtualized guest using the e1000 emulated driver was not. A remote\nattacker could use this flaw to crash the guest or, potentially, execute\narbitrary code with root privileges in the guest. (CVE-2012-6075)\n\nAll users of xen are advised to upgrade to these updated packages, which\ncorrect this issue. After installing the updated packages, all running\nfully-virtualized guests must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2013-03-06T05:00:00", "type": "redhat", "title": "(RHSA-2013:0599) Important: xen security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:16:58", "id": "RHSA-2013:0599", "href": "https://access.redhat.com/errata/RHSA-2013:0599", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-12T21:09:05", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "i686", "packageName": "qemu-kvm-debuginfo", "packageFilename": "qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "src", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-0.12.1.2-2.355.el6_4.2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm-debuginfo", "packageFilename": "qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-guest-agent-win32", "packageFilename": "qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "i686", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-0.12.1.2-2.355.el6_4.2.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm", "packageFilename": "qemu-kvm-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-kvm-tools", "packageFilename": "qemu-kvm-tools-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-img", "packageFilename": "qemu-img-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.12.1.2-2.355.el6_4.2", "arch": "x86_64", "packageName": "qemu-guest-agent", "packageFilename": "qemu-guest-agent-0.12.1.2-2.355.el6_4.2.x86_64.rpm", "operator": "lt"}], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\nfor running virtual machines using KVM.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncontain backported patches to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "reporter": "RedHat", "published": "2013-03-07T05:00:00", "type": "redhat", "title": "(RHSA-2013:0609) Important: qemu-kvm security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:32", "id": "RHSA-2013:0609", "href": "https://access.redhat.com/errata/RHSA-2013:0609", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:58:53", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.4-20130306.2.el6_4", "arch": "noarch", "packageName": "rhev-hypervisor6", "packageFilename": "rhev-hypervisor6-6.4-20130306.2.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6.4-20130306.2.el6_4", "arch": "src", "packageName": "rhev-hypervisor6", "packageFilename": "rhev-hypervisor6-6.4-20130306.2.el6_4.src.rpm", "operator": "lt"}], "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way QEMU-KVM emulated the e1000 network interface\ncard when the host was configured to accept jumbo network frames, and a\nguest using the e1000 emulated driver was not. A remote attacker could use\nthis flaw to crash the guest or, potentially, execute arbitrary code with\nroot privileges in the guest. (CVE-2012-6075)\n\nIt was discovered that GnuTLS leaked timing information when decrypting\nTLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A\nremote attacker could possibly use this flaw to retrieve plain text from\nthe encrypted packets by using a TLS/SSL server as a padding oracle.\n(CVE-2013-1619)\n\nIt was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-0169)\n\nA NULL pointer dereference flaw was found in the OCSP response verification\nin OpenSSL. A malicious OCSP server could use this flaw to crash\napplications performing OCSP verification by sending a specially-crafted\nresponse. (CVE-2013-0166)\n\nIt was discovered that the TLS/SSL protocol could leak information about\nplain text when optional compression was used. An attacker able to control\npart of the plain text sent over an encrypted TLS/SSL connection could\npossibly use this flaw to recover other portions of the plain text.\n(CVE-2012-4929)\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-0292 (dbus-glib issue)\n\nCVE-2013-0228, CVE-2013-0268, and CVE-2013-0871 (kernel issues)\n\nCVE-2013-0338 (libxml2 issue)\n\nThis update contains the builds from the following errata:\n\novirt-node: RHBA-2013:0634\n https://rhn.redhat.com/errata/RHBA-2013-0634.html\nkernel: RHSA-2013:0630\n https://rhn.redhat.com/errata/RHSA-2013-0630.html\ndbus-glib: RHSA-2013:0568\n https://rhn.redhat.com/errata/RHSA-2013-0568.html\nlibcgroup: RHBA-2013:0560\n https://rhn.redhat.com/errata/RHBA-2013-0560.html\nvdsm: RHBA-2013:0635\n https://rhn.redhat.com/errata/RHBA-2013-0635.html\nselinux-policy: RHBA-2013:0618\n https://rhn.redhat.com/errata/RHBA-2013-0618.html\nqemu-kvm-rhev: RHSA-2013:0610\n https://rhn.redhat.com/errata/RHSA-2013-0610.html\nglusterfs: RHBA-2013:0620\n https://rhn.redhat.com/errata/RHBA-2013-0620.html\ngnutls: RHSA-2013:0588\n https://rhn.redhat.com/errata/RHSA-2013-0588.html\nipmitool: RHBA-2013:0572\n https://rhn.redhat.com/errata/RHBA-2013-0572.html\nlibxml2: RHSA-2013:0581\n https://rhn.redhat.com/errata/RHSA-2013-0581.html\nopenldap: RHBA-2013:0598\n https://rhn.redhat.com/errata/RHBA-2013-0598.html\nopenssl: RHSA-2013:0587\n https://rhn.redhat.com/errata/RHSA-2013-0587.html\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "reporter": "RedHat", "published": "2013-03-13T04:00:00", "type": "redhat", "title": "(RHSA-2013:0636) Important: rhev-hypervisor6 security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-4929", "CVE-2012-6075", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0292", "CVE-2013-0338", "CVE-2013-0871", "CVE-2013-1619"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T08:59:36", "id": "RHSA-2013:0636", "href": "https://access.redhat.com/errata/RHSA-2013:0636", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:20", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-6075"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "1.2.0+noroms-0ubuntu2.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "0.14.1+noroms-0ubuntu6.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "1.0+noroms-0ubuntu14.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-kvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "0.12.3+noroms-0ubuntu9.21", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "qemu-kvm", "operator": "lt"}], "description": "It was discovered that QEMU incorrectly handled certain e1000 packet sizes. In certain environments, an attacker may use this flaw in combination with large packets to cause a denial of service or execute arbitrary code in the guest.", "edition": 3, "reporter": "Ubuntu", "published": "2013-01-16T00:00:00", "title": "QEMU vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-6075"], "modified": "2013-01-16T00:00:00", "id": "USN-1692-1", "href": "https://usn.ubuntu.com/1692-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:50", "references": ["https://vulners.com/securityvulns/securityvulns:doc:28966"], "description": "Buffer overflow in e1000 emulator", "edition": 1, "reporter": "BUGTRAQ", "published": "2013-01-21T00:00:00", "title": "qemu buffer overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:50", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "qemu", "version": "1.1", "operator": "eq"}], "cvelist": ["CVE-2012-6075"], "modified": "2013-01-21T00:00:00", "id": "SECURITYVULNS:VULN:12837", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12837", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:46", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2608-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nJanuary 15, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : qemu\r\nVulnerability : buffer overflow\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-6075\r\nDebian Bug : 696051\r\n\r\nIt was discovered that the e1000 emulation code in QEMU does not\r\nenforce frame size limits in the same way as the real hardware does.\r\nThis could trigger buffer overflows in the guest operating system\r\ndriver for that network card, assuming that the host system does not\r\ndiscard such frames &#40;which it will by default&#41;.\r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 0.12.5+dfsg-3squeeze3.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 1.1.2+dfsg-4.\r\n\r\nWe recommend that you upgrade your qemu packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niQEcBAEBAgAGBQJQ9b9sAAoJEL97/wQC1SS+ZuoH/3CtnIXPv5KJmimauvHjk0/7\r\n5Sg5VMwv5GDAIVOX4qcB4XFfK2KsLpLEULhdZj8swQQLEYVmfHtS4kUZWGYUYde5\r\nChCEJRD7O7wAi2CZTPuIFj895BqKebbSticeHZosxyfhKLnaaA18/0c1hHT8WqKp\r\n8yYxEHzWy9O5AO8phHqsuOI5vNlde6h4UlRotB6+OfyXd6oSfkITa7qOLdS8FPEW\r\npf+xJW1aQa4ttWkX6POnH04r6UDnT8tQyUtjHU7mYK+ATnpl1W9EHoUkSEMjILqN\r\nswqeua1YT4zW2jswijqJ4F/PVu3P8cb1bSSprWbDE+EVe7w7RXqkwBAJ3vtQ8Qo=\r\n=6z+u\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2013-01-21T00:00:00", "title": "[SECURITY] [DSA 2608-1] qemu security update", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:46", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-6075"], "modified": "2013-01-21T00:00:00", "id": "SECURITYVULNS:DOC:28966", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28966", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:57:19", "references": ["https://bugzilla.novell.com/820917", "https://bugzilla.novell.com/813677", "https://bugzilla.novell.com/841766", "https://bugzilla.novell.com/797031", "https://bugzilla.novell.com/789951", "https://bugzilla.novell.com/860163", "https://bugzilla.novell.com/789945", "https://bugzilla.novell.com/789944", "https://bugzilla.novell.com/853049", "https://bugzilla.novell.com/816159", "https://bugzilla.novell.com/813675", "https://bugzilla.novell.com/805094", "https://bugzilla.novell.com/819416", "https://bugzilla.novell.com/786519", "https://bugzilla.novell.com/849667", "https://bugzilla.novell.com/789948", "https://bugzilla.novell.com/848657", "https://bugzilla.novell.com/786516", "https://bugzilla.novell.com/816156", "https://bugzilla.novell.com/794316", "https://bugzilla.novell.com/840592", "https://bugzilla.novell.com/779212", "https://bugzilla.novell.com/839618", "https://bugzilla.novell.com/820919", "https://bugzilla.novell.com/800275", "https://bugzilla.novell.com/813673", "https://bugzilla.novell.com/831120", "https://bugzilla.novell.com/839596", "https://bugzilla.novell.com/786520", "https://bugzilla.novell.com/787163", "https://bugzilla.novell.com/789950", "https://bugzilla.novell.com/842511", "https://bugzilla.novell.com/777890", "https://bugzilla.novell.com/816163", "http://download.suse.com/patch/finder/?keywords=d46197780129fa94fee1eb1708143171", "https://bugzilla.novell.com/797523", "https://bugzilla.novell.com/786517", "https://bugzilla.novell.com/823011", "https://bugzilla.novell.com/777628", "https://bugzilla.novell.com/826882", "https://bugzilla.novell.com/849668", "https://bugzilla.novell.com/823608"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16_2.6.32.59_0.9-0.5.1", "arch": "i586", "packageFilename": "xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1.i586.rpm", "packageName": "xen-kmp-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16_2.6.32.59_0.9-0.5.1", "arch": "i586", "packageFilename": "xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1.i586.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16_2.6.32.59_0.9-0.5.1", "arch": "x86_64", "packageFilename": "xen-kmp-trace-4.0.3_21548_16_2.6.32.59_0.9-0.5.1.x86_64.rpm", "packageName": "xen-kmp-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "i586", "packageFilename": "xen-doc-pdf-4.0.3_21548_16-0.5.1.i586.rpm", "packageName": "xen-doc-pdf", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "x86_64", "packageFilename": "xen-doc-pdf-4.0.3_21548_16-0.5.1.x86_64.rpm", "packageName": "xen-doc-pdf", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16_2.6.32.59_0.9-0.5.1", "arch": "x86_64", "packageFilename": "xen-kmp-default-4.0.3_21548_16_2.6.32.59_0.9-0.5.1.x86_64.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "x86_64", "packageFilename": "xen-tools-4.0.3_21548_16-0.5.1.x86_64.rpm", "packageName": "xen-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "i586", "packageFilename": "xen-tools-4.0.3_21548_16-0.5.1.i586.rpm", "packageName": "xen-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "x86_64", "packageFilename": "xen-libs-4.0.3_21548_16-0.5.1.x86_64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "i586", "packageFilename": "xen-libs-4.0.3_21548_16-0.5.1.i586.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "i586", "packageFilename": "xen-tools-domU-4.0.3_21548_16-0.5.1.i586.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "x86_64", "packageFilename": "xen-doc-html-4.0.3_21548_16-0.5.1.x86_64.rpm", "packageName": "xen-doc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "i586", "packageFilename": "xen-doc-html-4.0.3_21548_16-0.5.1.i586.rpm", "packageName": "xen-doc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "i586", "packageFilename": "xen-4.0.3_21548_16-0.5.1.i586.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "x86_64", "packageFilename": "xen-tools-domU-4.0.3_21548_16-0.5.1.x86_64.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16-0.5.1", "arch": "x86_64", "packageFilename": "xen-4.0.3_21548_16-0.5.1.x86_64.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "4.0.3_21548_16_2.6.32.59_0.9-0.5.1", "arch": "i586", "packageFilename": "xen-kmp-pae-4.0.3_21548_16_2.6.32.59_0.9-0.5.1.i586.rpm", "packageName": "xen-kmp-pae", "operator": "lt"}], "description": "The SUSE Linux Enterprise Server 11 Service Pack 1 LTSS Xen\n hypervisor and toolset have been updated to fix various\n security issues and some bugs.\n\n The following security issues have been addressed:\n\n *\n\n XSA-84: CVE-2014-1894: Xen 3.2 (and presumably\n earlier) exhibit both problems with the overflow issue\n being present for more than just the suboperations listed\n above. (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET,SET}BOOL and expose\n unreasonably large memory allocation to aribitrary guests.\n (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a buffer\n which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to allocate\n then access a zero byte buffer. (bnc#860163)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n *\n\n XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n\n *\n\n XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist\n hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does\n not always obtain the page_alloc_lock and mm_rwlock in the\n same order, which allows local guest administrators to\n cause a denial of service (host deadlock). (bnc#849667)\n\n *\n\n XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and\n 4.3.x does not take the page_alloc_lock and\n grant_table.lock in the same order, which allows local\n guest administrators with access to multiple vcpus to cause\n a denial of service (host deadlock) via unspecified\n vectors. (bnc#848657)\n\n *\n\n XSA-67: CVE-2013-4368: The outs instruction emulation\n in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or\n GS: segment override, uses an uninitialized variable as a\n segment base, which allows local 64-bit PV guests to obtain\n sensitive information (hypervisor stack content) via\n unspecified vectors related to stale data in a segment\n register. (bnc#842511)\n\n *\n\n XSA-66: CVE-2013-4361: The fbld instruction emulation\n in Xen 3.3.x through 4.3.x does not use the correct\n variable for the source effective address, which allows\n local HVM guests to obtain hypervisor stack information by\n reading the values used by the instruction. (bnc#841766)\n\n *\n\n XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not\n properly handle certain errors, which allows local HVM\n guests to obtain hypervisor stack memory via a (1) port or\n (2) memory mapped I/O write or (3) other unspecified\n operations related to addresses without associated memory.\n (bnc#840592)\n\n *\n\n XSA-62: CVE-2013-1442: Xen 4.0 through 4.3.x, when\n using AVX or LWP capable CPUs, does not properly clear\n previous data from registers when using an XSAVE or XRSTOR\n to extend the state components of a saved or restored vCPU\n after touching other restored extended registers, which\n allows local guest OSes to obtain sensitive information by\n reading the registers. (bnc#839596)\n\n *\n\n XSA-61: CVE-2013-4329: The xenlight library (libxl)\n in Xen 4.0.x through 4.2.x, when IOMMU is disabled,\n provides access to a busmastering-capable PCI passthrough\n device before the IOMMU setup is complete, which allows\n local HVM guest domains to gain privileges or cause a\n denial of service via a DMA instruction. (bnc#839618)\n\n *\n\n XSA-60: CVE-2013-2212: The vmx_set_uc_mode function\n in Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O regions\n to cause a denial of service (CPU consumption and possibly\n hypervisor or guest kernel panic) via a crafted GFN range.\n (bnc#831120)\n\n *\n\n XSA-58: CVE-2013-1918: Certain page table\n manipulation operations in Xen 4.1.x, 4.2.x, and earlier\n are not preemptible, which allows local PV kernels to cause\n a denial of service via vectors related to &quot;deep page table\n traversal.&quot; (bnc#826882)\n\n *\n\n XSA-58: CVE-2013-1432: Xen 4.1.x and 4.2.x, when the\n XSA-45 patch is in place, does not properly maintain\n references on pages stored for deferred cleanup, which\n allows local PV guest kernels to cause a denial of service\n (premature page free and hypervisor crash) or possible gain\n privileges via unspecified vectors. (bnc#826882)\n\n *\n\n XSA-57: CVE-2013-2211: The libxenlight (libxl)\n toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak\n permissions for xenstore keys for paravirtualised and\n emulated serial console devices, which allows local guest\n administrators to modify the xenstore value via unspecified\n vectors. (bnc#823608)\n\n *\n\n XSA-56: CVE-2013-2072: Buffer overflow in the Python\n bindings for the xc_vcpu_setaffinity call in Xen 4.0.x,\n 4.1.x, and 4.2.x allows local administrators with\n permissions to configure VCPU affinity to cause a denial of\n service (memory corruption and xend toolstack crash) and\n possibly gain privileges via a crafted cpumap. (bnc#819416)\n\n *\n\n XSA-55: CVE-2013-2196: Multiple unspecified\n vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and\n earlier allow local guest administrators with certain\n permissions to have an unspecified impact via a crafted\n kernel, related to &quot;other problems&quot; that are not\n CVE-2013-2194 or CVE-2013-2195. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen\n 4.2.x and earlier allow local guest administrators with\n certain permissions to have an unspecified impact via a\n crafted kernel, related to &quot;pointer dereferences&quot; involving\n unexpected calculations. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2194: Multiple integer overflows in\n the Elf parser (libelf) in Xen 4.2.x and earlier allow\n local guest administrators with certain permissions to have\n an unspecified impact via a crafted kernel. (bnc#823011)\n\n *\n\n XSA-53: CVE-2013-2077: Xen 4.0.x, 4.1.x, and 4.2.x\n does not properly restrict the contents of a XRSTOR, which\n allows local PV guest users to cause a denial of service\n (unhandled exception and hypervisor crash) via unspecified\n vectors. (bnc#820919)\n\n *\n\n XSA-52: CVE-2013-2076: Xen 4.0.x, 4.1.x, and 4.2.x,\n when running on AMD64 processors, only save/restore the\n FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an\n exception is pending, which allows one domain to determine\n portions of the state of floating point instructions of\n other domains, which can be leveraged to obtain sensitive\n information such as cryptographic keys, a similar\n vulnerability to CVE-2006-1056. NOTE: this is the\n documented behavior of AMD64 processors, but it is\n inconsistent with Intel processors in a security-relevant\n fashion that was not addressed by the kernels. (bnc#820917)\n\n *\n\n XSA-50: CVE-2013-1964: Xen 4.0.x and 4.1.x\n incorrectly releases a grant reference when releasing a\n non-v1, non-transitive grant, which allows local guest\n administrators to cause a denial of service (host crash),\n obtain sensitive information, or possible have other\n impacts via unspecified vectors. (bnc#816156)\n\n *\n\n XSA-49: CVE-2013-1952: Xen 4.x, when using Intel VT-d\n for a bus mastering capable PCI device, does not properly\n check the source when accessing a bridge device's interrupt\n remapping table entries for MSI interrupts, which allows\n local guest domains to cause a denial of service (interrupt\n injection) via unspecified vectors. (bnc#816163)\n\n *\n\n XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,\n when the hypervisor is running &quot;under memory pressure&quot; and\n the Xen Security Module (XSM) is enabled, uses the wrong\n ordering of operations when extending the per-domain event\n channel tracking table, which causes a use-after-free and\n allows local guest kernels to inject arbitrary events and\n gain privileges via unspecified vectors. (bnc#813677)\n\n *\n\n XSA-46: CVE-2013-1919: Xen 4.2.x and 4.1.x does not\n properly restrict access to IRQs, which allows local stub\n domain clients to gain access to IRQs and cause a denial of\n service via vectors related to &quot;passed-through IRQs or PCI\n devices.&quot; (bnc#813675)\n\n *\n\n XSA-45: CVE-2013-1918: Certain page table\n manipulation operations in Xen 4.1.x, 4.2.x, and earlier\n are not preemptible, which allows local PV kernels to cause\n a denial of service via vectors related to &quot;deep page table\n traversal.&quot; (bnc#816159)\n\n *\n\n XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when\n running 64-bit hosts on Intel CPUs, does not clear the NT\n flag when using an IRET after a SYSENTER instruction, which\n allows PV guest users to cause a denial of service\n (hypervisor crash) by triggering a #GP fault, which is not\n properly handled by another IRET instruction. (bnc#813673)\n\n *\n\n XSA-41: CVE-2012-6075: Buffer overflow in the\n e1000_receive function in the e1000 device driver\n (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the\n SBP and LPE flags are disabled, allows remote attackers to\n cause a denial of service (guest OS crash) and possibly\n execute arbitrary guest code via a large packet.\n (bnc#797523)\n\n *\n\n XSA-37: CVE-2013-0154: The get_page_type function in\n xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled,\n allows local PV or HVM guest administrators to cause a\n denial of service (assertion failure and hypervisor crash)\n via unspecified vectors related to a hypercall. (bnc#797031)\n\n *\n\n XSA-36: CVE-2013-0153: The AMD IOMMU support in Xen\n 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi\n for PCI passthrough, uses the same interrupt remapping\n table for the host and all guests, which allows guests to\n cause a denial of service by injecting an interrupt into\n other guests. (bnc#800275)\n\n *\n\n XSA-33: CVE-2012-5634: Xen 4.2.x, 4.1.x, and 4.0,\n when using Intel VT-d for PCI passthrough, does not\n properly configure VT-d when supporting a device that is\n behind a legacy PCI Bridge, which allows local guests to\n cause a denial of service to other guests by injecting an\n interrupt. (bnc#794316)\n\n *\n\n XSA-31: CVE-2012-5515: The (1)\n XENMEM_decrease_reservation, (2) XENMEM_populate_physmap,\n and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier\n allow local guest administrators to cause a denial of\n service (long loop and hang) via a crafted extent_order\n value. (bnc#789950)\n\n *\n\n XSA-30: CVE-2012-5514: The\n guest_physmap_mark_populate_on_demand function in Xen 4.2\n and earlier does not properly unlock the subject GFNs when\n checking if they are in use, which allows local guest HVM\n administrators to cause a denial of service (hang) via\n unspecified vectors. (bnc#789948)\n\n *\n\n XSA-29: CVE-2012-5513: The XENMEM_exchange handler in\n Xen 4.2 and earlier does not properly check the memory\n address, which allows local PV guest OS administrators to\n cause a denial of service (crash) or possibly gain\n privileges via unspecified vectors that overwrite memory in\n the hypervisor reserved range. (bnc#789951)\n\n *\n\n XSA-27: CVE-2012-6333: Multiple HVM control\n operations in Xen 3.4 through 4.2 allow local HVM guest OS\n administrators to cause a denial of service (physical CPU\n consumption) via a large input. (bnc#789944)\n\n *\n\n XSA-27: CVE-2012-5511: Stack-based buffer overflow in\n the dirty video RAM tracking functionality in Xen 3.4\n through 4.1 allows local HVM guest OS administrators to\n cause a denial of service (crash) via a large bitmap image.\n (bnc#789944)\n\n *\n\n XSA-26: CVE-2012-5510: Xen 4.x, when downgrading the\n grant table version, does not properly remove the status\n page from the tracking list when freeing the page, which\n allows local guest OS administrators to cause a denial of\n service (hypervisor crash) via unspecified vectors.\n (bnc#789945)\n\n *\n\n XSA-25: CVE-2012-4544: The PV domain builder in Xen\n 4.2 and earlier does not validate the size of the kernel or\n ramdisk (1) before or (2) after decompression, which allows\n local guest administrators to cause a denial of service\n (domain 0 memory consumption) via a crafted (a) kernel or\n (b) ramdisk. (bnc#787163)\n\n *\n\n XSA-24: CVE-2012-4539: Xen 4.0 through 4.2, when\n running 32-bit x86 PV guests on 64-bit hypervisors, allows\n local guest OS administrators to cause a denial of service\n (infinite loop and hang or crash) via invalid arguments to\n GNTTABOP_get_status_frames, aka &quot;Grant table hypercall\n infinite loop DoS vulnerability.&quot; (bnc#786520)\n\n *\n\n XSA-23: CVE-2012-4538: The HVMOP_pagetable_dying\n hypercall in Xen 4.0, 4.1, and 4.2 does not properly check\n the pagetable state when running on shadow pagetables,\n which allows a local HVM guest OS to cause a denial of\n service (hypervisor crash) via unspecified vectors.\n (bnc#786519)\n\n *\n\n XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and\n possibly earlier versions, does not properly synchronize\n the p2m and m2p tables when the set_p2m_entry function\n fails, which allows local HVM guest OS administrators to\n cause a denial of service (memory consumption and assertion\n failure), aka &quot;Memory mapping failure DoS vulnerability.&quot;\n (bnc#786517)\n\n *\n\n XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and\n possibly earlier versions, allows local guest OS\n administrators to cause a denial of service (Xen infinite\n loop and physical CPU consumption) by setting a VCPU with\n an &quot;inappropriate deadline.&quot; (bnc#786516)\n\n *\n\n XSA-19: CVE-2012-4411: The graphical console in Xen\n 4.0, 4.1 and 4.2 allows local OS guest administrators to\n obtain sensitive host resource information via the qemu\n monitor. NOTE: this might be a duplicate of CVE-2007-0998.\n (bnc#779212)\n\n *\n\n XSA-15: CVE-2012-3497: (1)\n TMEMC_SAVE_GET_CLIENT_WEIGHT, (2)\n TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS\n and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in\n Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a\n denial of service (NULL pointer dereference or memory\n corruption and host crash) or possibly have other\n unspecified impacts via a NULL client id. (bnc#777890)\n\n Also the following non-security bugs have been fixed:\n\n * xen hot plug attach/detach fails modified\n blktap-pv-cdrom.patch. (bnc#805094)\n * guest &quot;disappears&quot; after live migration Updated\n block-dmmd script. (bnc#777628)\n\n Security Issues references:\n\n * CVE-2006-1056\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056</a>\n &gt;\n * CVE-2007-0998\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0998\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0998</a>\n &gt;\n * CVE-2012-3497\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3497</a>\n &gt;\n * CVE-2012-4411\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4411</a>\n &gt;\n * CVE-2012-4535\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535</a>\n &gt;\n * CVE-2012-4537\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537</a>\n &gt;\n * CVE-2012-4538\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538</a>\n &gt;\n * CVE-2012-4539\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539</a>\n &gt;\n * CVE-2012-4544\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544</a>\n &gt;\n * CVE-2012-5510\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5510</a>\n &gt;\n * CVE-2012-5511\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5511</a>\n &gt;\n * CVE-2012-5513\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513</a>\n &gt;\n * CVE-2012-5514\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5514</a>\n &gt;\n * CVE-2012-5515\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515</a>\n &gt;\n * CVE-2012-5634\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5634</a>\n &gt;\n * CVE-2012-6075\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075</a>\n &gt;\n * CVE-2012-6333\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6333</a>\n &gt;\n * CVE-2013-0153\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153</a>\n &gt;\n * CVE-2013-0154\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0154</a>\n &gt;\n * CVE-2013-1432\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1432</a>\n &gt;\n * CVE-2013-1442\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1442</a>\n &gt;\n * CVE-2013-1917\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917</a>\n &gt;\n * CVE-2013-1918\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1918</a>\n &gt;\n * CVE-2013-1919\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1919</a>\n &gt;\n * CVE-2013-1920\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920</a>\n &gt;\n * CVE-2013-1952\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1952</a>\n &gt;\n * CVE-2013-1964\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1964</a>\n &gt;\n * CVE-2013-2072\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2072</a>\n &gt;\n * CVE-2013-2076\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2076</a>\n &gt;\n * CVE-2013-2077\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2077</a>\n &gt;\n * CVE-2013-2194\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194</a>\n &gt;\n * CVE-2013-2195\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195</a>\n &gt;\n * CVE-2013-2196\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196</a>\n &gt;\n * CVE-2013-2211\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2211</a>\n &gt;\n * CVE-2013-2212\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2212</a>\n &gt;\n * CVE-2013-4329\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4329</a>\n &gt;\n * CVE-2013-4355\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355</a>\n &gt;\n * CVE-2013-4361\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4361</a>\n &gt;\n * CVE-2013-4368\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368</a>\n &gt;\n * CVE-2013-4494\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494</a>\n &gt;\n * CVE-2013-4553\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4553</a>\n &gt;\n * CVE-2013-4554\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554</a>\n &gt;\n * CVE-2013-6885\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885</a>\n &gt;\n * CVE-2014-1891\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1891</a>\n &gt;\n * CVE-2014-1892\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1892</a>\n &gt;\n * CVE-2014-1893\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1893</a>\n &gt;\n * CVE-2014-1894\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1894</a>\n &gt;\n", "edition": 1, "reporter": "Suse", "published": "2014-03-25T23:04:15", "title": "Security update for Xen (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1056", "CVE-2013-1920", "CVE-2013-2196", "CVE-2012-5511", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-1919", "CVE-2012-5514", "CVE-2014-1891", "CVE-2013-4368", "CVE-2012-4535", "CVE-2013-4329", "CVE-2012-4411", "CVE-2013-1917", "CVE-2012-4539", "CVE-2014-1894", "CVE-2007-0998", "CVE-2013-4554", "CVE-2013-1952", "CVE-2013-0153", "CVE-2012-5513", "CVE-2013-2072", "CVE-2014-1892", "CVE-2012-5510", "CVE-2012-3497", "CVE-2013-1432", "CVE-2013-4361", "CVE-2012-6333", "CVE-2013-2077", "CVE-2012-4537", "CVE-2012-4538", "CVE-2013-2194", "CVE-2013-1918", "CVE-2013-0154", "CVE-2013-4553", "CVE-2014-1893", "CVE-2012-4544", "CVE-2013-1964", "CVE-2013-6885", "CVE-2013-1442", "CVE-2013-2195", "CVE-2012-6075", "CVE-2013-2211", "CVE-2013-2212", "CVE-2013-2076", "CVE-2013-4494", "CVE-2013-4355"], "modified": "2014-03-25T23:04:15", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", "id": "SUSE-SU-2014:0446-1", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:41", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=472214", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0152", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2196", "https://bugs.gentoo.org/show_bug.cgi?id=420875", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0217", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0154", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6333", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2195", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3433", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2934", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0153", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5511", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2211", "https://bugs.gentoo.org/show_bug.cgi?id=482860", "https://bugs.gentoo.org/show_bug.cgi?id=454314", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5512", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5514", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2194", "https://bugs.gentoo.org/show_bug.cgi?id=431156", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1964", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2901", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5515", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1920", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496", "https://bugs.gentoo.org/show_bug.cgi?id=386371", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1917", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5510", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1919", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0151", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0215", "https://bugs.gentoo.org/show_bug.cgi?id=464724", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0218", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5525", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1432", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1922", "https://bugs.gentoo.org/show_bug.cgi?id=385319", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5513", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3432", "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5634", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1952", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1918", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.2.2-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulation/xen", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.2.2-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulation/xen-tools", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.2.2-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulation/xen-pvgrub", "operator": "lt"}], "edition": 1, "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nGuest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. \n\n### Workaround\n\nThe CVEs listed below do not currently have fixes, but only apply to Xen setups which have \u201ctmem\u201d specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036 \n\n### Resolution\n\nAll Xen users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/xen-4.2.2-r1\"\n \n\nAll Xen-tools users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/xen-tools-4.2.2-r3\"\n \n\nAll Xen-pvgrub users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/xen-pvgrub-4.2.2-r1\"", "reporter": "Gentoo Foundation", "published": "2013-09-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Xen: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2497", "CVE-2013-1920", "CVE-2013-0152", "CVE-2012-6034", "CVE-2011-3262", "CVE-2013-2196", "CVE-2012-5511", "CVE-2012-5515", "CVE-2012-5634", "CVE-2013-1919", "CVE-2012-5514", "CVE-2012-3433", "CVE-2012-3494", "CVE-2013-2078", "CVE-2012-4535", "CVE-2012-4411", "CVE-2013-1917", "CVE-2012-0217", "CVE-2012-4539", "CVE-2012-3495", "CVE-2012-3498", "CVE-2013-1952", "CVE-2013-0153", "CVE-2012-6030", "CVE-2012-0218", "CVE-2012-5513", "CVE-2012-3515", "CVE-2011-2901", "CVE-2012-5510", "CVE-2012-3497", "CVE-2013-1432", "CVE-2012-6035", "CVE-2012-6031", "CVE-2012-6033", "CVE-2012-6333", "CVE-2013-2077", "CVE-2012-4537", "CVE-2012-4538", "CVE-2013-2194", "CVE-2013-1918", "CVE-2012-5525", "CVE-2012-2934", "CVE-2013-0154", "CVE-2012-3496", "CVE-2013-1922", "CVE-2012-6032", "CVE-2012-4536", "CVE-2012-6036", "CVE-2013-1964", "CVE-2012-3432", "CVE-2013-2195", "CVE-2012-6075", "CVE-2013-2211", "CVE-2013-0215", "CVE-2012-5512", "CVE-2013-0151", "CVE-2013-2076"], "modified": "2013-09-27T00:00:00", "id": "GLSA-201309-24", "href": "https://security.gentoo.org/glsa/201309-24", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}