{"id": "REDHAT-RHSA-2013-0886.NASL", "bulletinFamily": "scanner", "title": "RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)", "description": "Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for\ninformation about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/\nRed_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/\nchap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using\nRed Hat Enterprise Virtualization Manager are advised to install these\nupdated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.", "published": "2014-11-08T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/78959", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/documentation/en-US/", "https://access.redhat.com/security/cve/cve-2013-0167", "https://access.redhat.com/errata/RHSA-2013:0886"], "cvelist": ["CVE-2013-0167"], "type": "nessus", "lastseen": "2019-11-01T03:20:43", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:vdsm-python", "p-cpe:/a:redhat:enterprise_linux:vdsm-reg", "p-cpe:/a:redhat:enterprise_linux:vdsm-cli", "p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:vdsm", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd"], "cvelist": ["CVE-2013-0167"], "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}, "description": "Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for\ninformation about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/\nRed_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/\nchap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using\nRed Hat Enterprise Virtualization Manager are advised to install these\nupdated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.", "edition": 12, "enchantments": {"dependencies": {"modified": "2019-10-28T21:08:05", "references": [{"idList": ["RHSA-2013:1181", "RHSA-2013:0907", "RHSA-2013:0886", "RHSA-2013:1155"], "type": "redhat"}, {"idList": ["REDHAT-RHSA-2013-0907.NASL", "REDHAT-RHSA-2013-1155.NASL", "REDHAT-RHSA-2013-1181.NASL"], "type": "nessus"}, {"idList": ["CVE-2013-0167"], "type": "cve"}]}, "score": {"modified": "2019-10-28T21:08:05", "value": 3.7, "vector": "NONE"}}, "hash": "746926c35e352baddf4decf82c76f1ee76535ba1c6525adee1a760bd160337ed", "hashmap": [{"hash": "9dc963421b664b59a25e1339abb783a6", "key": "title"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "published"}, {"hash": "78ed4b4950880593d65659edb22a2887", "key": "sourceData"}, {"hash": "8330a75a1f7c11a54b43afe156c51262", "key": "href"}, {"hash": "6f1c6f3176b948e3aa502b28923ae1ff", "key": "pluginID"}, {"hash": "e2ecaeee7b25baed866d1f3d54f14507", "key": "references"}, {"hash": "0fb1014b4614192eebbaf69393c57e18", "key": "reporter"}, {"hash": "72a85ead4e0e9eaf700a6ede67b647f6", "key": "description"}, {"hash": "206a88bd2a200ab345eeb4ff216356a5", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "b9515277aa2a4d91ec8e5901c831349a", "key": "cvelist"}, {"hash": "c2314979080e034459e0513c222dc185", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/78959", "id": "REDHAT-RHSA-2013-0886.NASL", "lastseen": "2019-10-28T21:08:05", "modified": "2019-10-02T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "78959", "published": "2014-11-08T00:00:00", "references": ["https://access.redhat.com/documentation/en-US/", "https://access.redhat.com/security/cve/cve-2013-0167", "https://access.redhat.com/errata/RHSA-2013:0886"], "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0886. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78959);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:37\");\n\n script_cve_id(\"CVE-2013-0167\");\n script_xref(name:\"RHSA\", value:\"2013:0886\");\n\n script_name(english:\"RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for\ninformation about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/\nRed_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/\nchap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using\nRed Hat Enterprise Virtualization Manager are advised to install these\nupdated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.\"\n );\n # https://access.redhat.com/site/documentation/en-US/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0167\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-reg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0886\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-cli-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-debuginfo-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-hook-vhostmd-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-python-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-reg-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-xmlrpc-4.10.2-22.0.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vdsm / vdsm-cli / vdsm-debuginfo / vdsm-hook-vhostmd / vdsm-python / etc\");\n }\n}\n", "title": "RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)", "type": "nessus", "viewCount": 2}, "differentElements": ["modified"], "edition": 12, "lastseen": "2019-10-28T21:08:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:vdsm-python", "p-cpe:/a:redhat:enterprise_linux:vdsm-reg", "p-cpe:/a:redhat:enterprise_linux:vdsm-cli", "p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:vdsm", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd"], "cvelist": ["CVE-2013-0167"], "cvss": {"score": 2.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Updated vdsm packages that fix one security issue and various bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for information about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/ Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/ chap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package.", "edition": 8, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "05f1d443d7ac37a8d61e34c627691ed1b0de7b52d0133d0b7f52cb47c4da6960", "hashmap": [{"hash": "9dc963421b664b59a25e1339abb783a6", "key": "title"}, {"hash": "ffcc148791229a9d042fe33f3f845198", "key": "cvss"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "published"}, {"hash": "872c21b3412478d0030649fc15c6bacc", "key": "sourceData"}, {"hash": "156f1b1e4021f160e10b8c1c4ba24c35", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3b56f7b4921a67223d46da053d861c0b", "key": "references"}, {"hash": "6f1c6f3176b948e3aa502b28923ae1ff", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "b9515277aa2a4d91ec8e5901c831349a", "key": "cvelist"}, {"hash": "f20eca50de083f6440d1eb4c66b68f20", "key": "href"}, {"hash": "c2314979080e034459e0513c222dc185", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78959", "id": "REDHAT-RHSA-2013-0886.NASL", "lastseen": "2018-11-13T17:04:57", "modified": "2018-11-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "78959", "published": "2014-11-08T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2013-0167", "https://access.redhat.com/site/documentation/en-US/", "https://access.redhat.com/errata/RHSA-2013:0886"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0886. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78959);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-0167\");\n script_xref(name:\"RHSA\", value:\"2013:0886\");\n\n script_name(english:\"RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for\ninformation about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/\nRed_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/\nchap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using\nRed Hat Enterprise Virtualization Manager are advised to install these\nupdated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/site/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0167\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-reg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0886\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-cli-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-debuginfo-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-hook-vhostmd-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-python-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-reg-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-xmlrpc-4.10.2-22.0.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vdsm / vdsm-cli / vdsm-debuginfo / vdsm-hook-vhostmd / vdsm-python / etc\");\n }\n}\n", "title": "RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified", "sourceData"], "edition": 8, "lastseen": "2018-11-13T17:04:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:vdsm-python", "p-cpe:/a:redhat:enterprise_linux:vdsm-reg", "p-cpe:/a:redhat:enterprise_linux:vdsm-cli", "p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:vdsm", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd"], "cvelist": ["CVE-2013-0167"], "cvss": {"score": 2.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Updated vdsm packages that fix one security issue and various bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for information about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/ Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/ chap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package.", "edition": 7, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "3268c354990caa16c4f681f0697fee742939c927b5f990c2907382b768cfa0ec", "hashmap": [{"hash": "9dc963421b664b59a25e1339abb783a6", "key": "title"}, {"hash": "7f86b488cde79959076c92cafc9748f6", "key": "modified"}, {"hash": "77afa24f12da02552bc0605f6a4f792f", "key": "sourceData"}, {"hash": "ffcc148791229a9d042fe33f3f845198", "key": "cvss"}, {"hash": "15b3b45ba4e122ed816a72aa6102a0ad", "key": "references"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "published"}, {"hash": "156f1b1e4021f160e10b8c1c4ba24c35", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6f1c6f3176b948e3aa502b28923ae1ff", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b9515277aa2a4d91ec8e5901c831349a", "key": "cvelist"}, {"hash": "f20eca50de083f6440d1eb4c66b68f20", "key": "href"}, {"hash": "c2314979080e034459e0513c222dc185", "key": "cpe"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78959", "id": "REDHAT-RHSA-2013-0886.NASL", "lastseen": "2018-09-12T10:09:14", "modified": "2018-09-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "78959", "published": "2014-11-08T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-0167.html", "http://rhn.redhat.com/errata/RHSA-2013-0886.html", "https://access.redhat.com/site/documentation/en-US/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0886. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78959);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/09/10 11:37:05\");\n\n script_cve_id(\"CVE-2013-0167\");\n script_xref(name:\"RHSA\", value:\"2013:0886\");\n\n script_name(english:\"RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for\ninformation about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/\nRed_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/\nchap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using\nRed Hat Enterprise Virtualization Manager are advised to install these\nupdated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/site/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0886.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0167.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-reg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0886\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-cli-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-debuginfo-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-hook-vhostmd-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-python-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-reg-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-xmlrpc-4.10.2-22.0.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vdsm / vdsm-cli / vdsm-debuginfo / vdsm-hook-vhostmd / vdsm-python / etc\");\n }\n}\n", "title": "RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified", "sourceData"], "edition": 7, "lastseen": "2018-09-12T10:09:14"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:vdsm-python", "p-cpe:/a:redhat:enterprise_linux:vdsm-reg", "p-cpe:/a:redhat:enterprise_linux:vdsm-cli", "p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:vdsm", "p-cpe:/a:redhat:enterprise_linux:vdsm-bootstrap", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd"], "cvelist": ["CVE-2013-0167"], "cvss": {"score": 2.7, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Updated vdsm packages that fix one security issue and various bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for information about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/ Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/ chap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "0abc1d48ef02bb4328598193e407a5f08d91cebfe5afb8858e4f2388e32913d6", "hashmap": [{"hash": "9dc963421b664b59a25e1339abb783a6", "key": "title"}, {"hash": "ffcc148791229a9d042fe33f3f845198", "key": "cvss"}, {"hash": "15b3b45ba4e122ed816a72aa6102a0ad", "key": "references"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "published"}, {"hash": "9b16dec391c0a019a4241601ae1e5ce5", "key": "cpe"}, {"hash": "156f1b1e4021f160e10b8c1c4ba24c35", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6f1c6f3176b948e3aa502b28923ae1ff", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1865261413c3db59730e6f4c15d45b87", "key": "modified"}, {"hash": "b9515277aa2a4d91ec8e5901c831349a", "key": "cvelist"}, {"hash": "da4e3645603e0282d35718f492506ae4", "key": "sourceData"}, {"hash": "f20eca50de083f6440d1eb4c66b68f20", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78959", "id": "REDHAT-RHSA-2013-0886.NASL", "lastseen": "2018-08-15T15:36:15", "modified": "2018-08-13T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "78959", "published": "2014-11-08T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-0167.html", "http://rhn.redhat.com/errata/RHSA-2013-0886.html", "https://access.redhat.com/site/documentation/en-US/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0886. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78959);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n\n script_cve_id(\"CVE-2013-0167\");\n script_xref(name:\"RHSA\", value:\"2013:0886\");\n\n script_name(english:\"RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for\ninformation about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/\nRed_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/\nchap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using\nRed Hat Enterprise Virtualization Manager are advised to install these\nupdated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/site/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0886.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-reg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0886\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-bootstrap-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-cli-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-debuginfo-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-hook-vhostmd-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-python-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-reg-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-xmlrpc-4.10.2-22.0.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vdsm / vdsm-bootstrap / vdsm-cli / vdsm-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-15T15:36:15"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:vdsm-python", "p-cpe:/a:redhat:enterprise_linux:vdsm-reg", "p-cpe:/a:redhat:enterprise_linux:vdsm-cli", "p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:vdsm", "p-cpe:/a:redhat:enterprise_linux:vdsm-bootstrap", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd"], "cvelist": ["CVE-2013-0167"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated vdsm packages that fix one security issue and various bugs are now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo dictionaries were processed. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for information about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/ Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/ chap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using Red Hat Enterprise Virtualization Manager are advised to install these updated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise Virtualization Hypervisor in the next rhev-hypervisor6 errata package.", "edition": 5, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "ad5f7c466de58e2eb3cea5143c46ed6b7b039a598253363a14454255e3b66e50", "hashmap": [{"hash": "9dc963421b664b59a25e1339abb783a6", "key": "title"}, {"hash": "15b3b45ba4e122ed816a72aa6102a0ad", "key": "references"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "published"}, {"hash": "9b16dec391c0a019a4241601ae1e5ce5", "key": "cpe"}, {"hash": "156f1b1e4021f160e10b8c1c4ba24c35", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6f1c6f3176b948e3aa502b28923ae1ff", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1865261413c3db59730e6f4c15d45b87", "key": "modified"}, {"hash": "b9515277aa2a4d91ec8e5901c831349a", "key": "cvelist"}, {"hash": "da4e3645603e0282d35718f492506ae4", "key": "sourceData"}, {"hash": "f20eca50de083f6440d1eb4c66b68f20", "key": "href"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=78959", "id": "REDHAT-RHSA-2013-0886.NASL", "lastseen": "2018-08-30T19:52:24", "modified": "2018-08-13T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "78959", "published": "2014-11-08T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-0167.html", "http://rhn.redhat.com/errata/RHSA-2013-0886.html", "https://access.redhat.com/site/documentation/en-US/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0886. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78959);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/08/13 14:32:38\");\n\n script_cve_id(\"CVE-2013-0167\");\n script_xref(name:\"RHSA\", value:\"2013:0886\");\n\n script_name(english:\"RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for\ninformation about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/\nRed_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/\nchap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using\nRed Hat Enterprise Virtualization Manager are advised to install these\nupdated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/site/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0886.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-reg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0886\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-bootstrap-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-cli-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-debuginfo-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-hook-vhostmd-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-python-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-reg-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-xmlrpc-4.10.2-22.0.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vdsm / vdsm-bootstrap / vdsm-cli / vdsm-debuginfo / etc\");\n }\n}\n", "title": "RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:52:24"}], "edition": 13, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "c2314979080e034459e0513c222dc185"}, {"key": "cvelist", "hash": "b9515277aa2a4d91ec8e5901c831349a"}, {"key": "cvss", "hash": "206a88bd2a200ab345eeb4ff216356a5"}, {"key": "description", "hash": "72a85ead4e0e9eaf700a6ede67b647f6"}, {"key": "href", "hash": "8330a75a1f7c11a54b43afe156c51262"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "6f1c6f3176b948e3aa502b28923ae1ff"}, {"key": "published", "hash": "98f00858001a0dd10fbd90da55b4ee8c"}, {"key": "references", "hash": "e2ecaeee7b25baed866d1f3d54f14507"}, {"key": "reporter", "hash": "0fb1014b4614192eebbaf69393c57e18"}, {"key": "sourceData", "hash": "78ed4b4950880593d65659edb22a2887"}, {"key": "title", "hash": "9dc963421b664b59a25e1339abb783a6"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d9150e5041f8ad3cecb7c408dbecf9c9cc25d73c799d4adfa2886b86a9ce955f", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-0167"]}, {"type": "redhat", "idList": ["RHSA-2013:0886", "RHSA-2013:1155", "RHSA-2013:0907", "RHSA-2013:1181"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2013-1155.NASL", "REDHAT-RHSA-2013-0907.NASL", "REDHAT-RHSA-2013-1181.NASL"]}], "modified": "2019-11-01T03:20:43"}, "score": {"value": 3.7, "vector": "NONE", "modified": "2019-11-01T03:20:43"}, "vulnersScore": 3.7}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0886. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78959);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:37\");\n\n script_cve_id(\"CVE-2013-0167\");\n script_xref(name:\"RHSA\", value:\"2013:0886\");\n\n script_name(english:\"RHEL 6 : rhev 3.2 - vdsm (RHSA-2013:0886)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nVDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for\ninformation about these changes :\n\nhttps://access.redhat.com/site/documentation/en-US/\nRed_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/\nchap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using\nRed Hat Enterprise Virtualization Manager are advised to install these\nupdated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.\"\n );\n # https://access.redhat.com/site/documentation/en-US/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-US/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0167\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-reg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0886\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-cli-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-debuginfo-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-hook-vhostmd-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-python-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-reg-4.10.2-22.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-xmlrpc-4.10.2-22.0.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vdsm / vdsm-cli / vdsm-debuginfo / vdsm-hook-vhostmd / vdsm-python / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "78959", "cpe": ["p-cpe:/a:redhat:enterprise_linux:vdsm-python", "p-cpe:/a:redhat:enterprise_linux:vdsm-reg", "p-cpe:/a:redhat:enterprise_linux:vdsm-cli", "p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:vdsm", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:12:59", "bulletinFamily": "NVD", "description": "VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become \"unavailable to the managment server\" via guestInfo dictionaries with \"unexpected fields.\"", "modified": "2013-08-20T14:22:00", "id": "CVE-2013-0167", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0167", "published": "2013-08-19T23:55:00", "title": "CVE-2013-0167", "type": "cve", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:32", "bulletinFamily": "unix", "description": "VDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nA flaw was found in the way unexpected fields in guestInfo dictionaries\nwere processed. A privileged guest user could potentially use this flaw to\nmake the host the guest is running on unavailable to the management\nserver. (CVE-2013-0167)\n\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat\nEnterprise Virtualization team.\n\nThis update also fixes various bugs. Refer to the Technical Notes for\ninformation about these changes:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html/Technical_Notes/chap-RHSA-2013-0886.html\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using Red\nHat Enterprise Virtualization Manager are advised to install these updated\npackages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.\n", "modified": "2018-06-07T08:59:46", "published": "2013-06-10T04:00:00", "id": "RHSA-2013:0886", "href": "https://access.redhat.com/errata/RHSA-2013:0886", "type": "redhat", "title": "(RHSA-2013:0886) Moderate: rhev 3.2 - vdsm security and bug fix update", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:37", "bulletinFamily": "unix", "description": "VDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts. \n\nIt was found that the fix for CVE-2013-0167 released via RHSA-2013:0886\nwas incomplete. A privileged guest user could potentially use this flaw to\nmake the host the guest is running on unavailable to the management\nserver. (CVE-2013-4236)\n\nThis issue was found by David Gibson of Red Hat.\n\nThis update also fixes the following bugs:\n\n* Previously, failure to move a disk produced a 'truesize' exit message,\nwhich was not informative. Now, failure to move a disk produces a more\nhelpful error message explaining that the volume is corrupted or missing.\n(BZ#985556)\n\n* The LVM filter has been updated to only access physical volumes by full\n/dev/mapper paths in order to improve performance. This replaces the\nprevious behavior of scanning all devices including logical volumes on\nphysical volumes. (BZ#983599)\n\n* The log collector now collects /var/log/sanlock.log from Hypervisors, to\nassist in debugging sanlock errors. (BZ#987042)\n\n* When the poollist parameter was not defined, dumpStorageTable crashed,\ncausing SOS report generation to fail with the error 'IndexError: list\nindex out of range'. VDSM now handles this exception, so the log collector\ncan generate host SOS reports. (BZ#985069)\n\n* Previously, VDSM used the memAvailable parameter to report available\nmemory on a host, which could return negative values if memory\novercommitment was in use. Now, the new memFree parameter returns the\nactual amount of free memory on a host. (BZ#982639)\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using Red\nHat Enterprise Virtualization Manager are advised to install these updated\npackages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.\n", "modified": "2018-06-07T08:59:58", "published": "2013-08-13T04:00:00", "id": "RHSA-2013:1155", "href": "https://access.redhat.com/errata/RHSA-2013:1155", "type": "redhat", "title": "(RHSA-2013:1155) Moderate: rhev 3.2.2 - vdsm security and bug fix update", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way KVM initialized a guest's registered pv_eoi\n(paravirtualized end-of-interrupt) indication flag when entering the guest.\nAn unprivileged guest user could potentially use this flaw to crash the\nhost. (CVE-2013-1935)\n\nA flaw was found in the way unexpected fields in guestInfo dictionaries\nwere processed. A privileged guest user could potentially use this flaw to\nmake the host the guest is running on unavailable to the management server.\n(CVE-2013-0167)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue. The\nCVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red Hat\nEnterprise Virtualization team.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-1962 (libvirt issue)\n\nCVE-2013-2017 and CVE-2013-1943 (kernel issues)\n\nCVE-2012-6137 (subscription-manager issue)\n\nThis update also contains the fixes from the following errata:\n\n* vdsm: RHSA-2013:0886, which adds support for Red Hat Enterprise\nVirtualization 3.2 clusters.\n\n* ovirt-node: RHBA-2013:0908\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "modified": "2018-06-07T08:59:36", "published": "2013-06-10T04:00:00", "id": "RHSA-2013:0907", "href": "https://access.redhat.com/errata/RHSA-2013:0907", "type": "redhat", "title": "(RHSA-2013:0907) Important: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:10", "bulletinFamily": "unix", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of \"Install Failed\". If this happens, place the host\ninto maintenance mode, then activate it again to get the host back to an\n\"Up\" state.\n\nIt was discovered that NSS leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL or DTLS server as a\npadding oracle. (CVE-2013-1620)\n\nIt was found that the fix for CVE-2013-0167 released via RHSA-2013:0907\nwas incomplete. A privileged guest user could potentially use this flaw to\nmake the host the guest is running on unavailable to the management\nserver. (CVE-2013-4236)\n\nAn out-of-bounds memory read flaw was found in the way NSS decoded certain\ncertificates. If an application using NSS decoded a malformed certificate,\nit could cause the application to crash. (CVE-2013-0791)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original reporter\nof CVE-2013-0791. The CVE-2013-4236 issue was found by David Gibson of Red\nHat.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-4854 (bind issue)\n\nCVE-2012-6544, CVE-2013-2146, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232,\nand CVE-2013-2237 (kernel issues)\n\nThis update also contains the fixes from the following errata:\n\n* vdsm: RHSA-2013:1155 and RHBA-2013:1158\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.\n", "modified": "2018-06-07T08:59:42", "published": "2013-08-27T04:00:00", "id": "RHSA-2013:1181", "href": "https://access.redhat.com/errata/RHSA-2013:1181", "type": "redhat", "title": "(RHSA-2013:1181) Moderate: rhev-hypervisor6 security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2019-11-01T03:20:44", "bulletinFamily": "scanner", "description": "Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\n[Updated 21 August 2013] The packages list in this erratum has been\nupdated to include missing packages for the ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2013-1155.NASL", "href": "https://www.tenable.com/plugins/nessus/78968", "published": "2014-11-08T00:00:00", "title": "RHEL 6 : rhev 3.2.2 - vdsm (RHSA-2013:1155)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1155. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78968);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:37\");\n\n script_cve_id(\"CVE-2013-4236\");\n script_xref(name:\"RHSA\", value:\"2013:1155\");\n\n script_name(english:\"RHEL 6 : rhev 3.2.2 - vdsm (RHSA-2013:1155)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated vdsm packages that fix one security issue and various bugs are\nnow available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\n[Updated 21 August 2013] The packages list in this erratum has been\nupdated to include missing packages for the 'Red Hat Enterprise Virt\nManagement Agent (v 6 x86_64)' channel (also known as\n'rhel-x86_64-rhev-mgmt-agent-6'). No changes have been made to the\noriginal packages.\n\nVDSM is a management module that serves as a Red Hat Enterprise\nVirtualization Manager agent on Red Hat Enterprise Virtualization\nHypervisor or Red Hat Enterprise Linux hosts.\n\nIt was found that the fix for CVE-2013-0167 released via\nRHSA-2013:0886 was incomplete. A privileged guest user could\npotentially use this flaw to make the host the guest is running on\nunavailable to the management server. (CVE-2013-4236)\n\nThis issue was found by David Gibson of Red Hat.\n\nThis update also fixes the following bugs :\n\n* Previously, failure to move a disk produced a 'truesize' exit\nmessage, which was not informative. Now, failure to move a disk\nproduces a more helpful error message explaining that the volume is\ncorrupted or missing. (BZ#985556)\n\n* The LVM filter has been updated to only access physical volumes by\nfull /dev/mapper paths in order to improve performance. This replaces\nthe previous behavior of scanning all devices including logical\nvolumes on physical volumes. (BZ#983599)\n\n* The log collector now collects /var/log/sanlock.log from\nHypervisors, to assist in debugging sanlock errors. (BZ#987042)\n\n* When the poollist parameter was not defined, dumpStorageTable\ncrashed, causing SOS report generation to fail with the error\n'IndexError: list index out of range'. VDSM now handles this\nexception, so the log collector can generate host SOS reports.\n(BZ#985069)\n\n* Previously, VDSM used the memAvailable parameter to report available\nmemory on a host, which could return negative values if memory\novercommitment was in use. Now, the new memFree parameter returns the\nactual amount of free memory on a host. (BZ#982639)\n\nAll users managing Red Hat Enterprise Linux Virtualization hosts using\nRed Hat Enterprise Virtualization Manager are advised to install these\nupdated packages, which fix these issues.\n\nThese updated packages will be provided to users of Red Hat Enterprise\nVirtualization Hypervisor in the next rhev-hypervisor6 errata package.\"\n );\n # https://rhn.redhat.com/errata/RHSA-2013-0886.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4236\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-reg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vdsm-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1155\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-4.10.2-24.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-cli-4.10.2-24.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-debuginfo-4.10.2-24.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-hook-vhostmd-4.10.2-24.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"vdsm-python-4.10.2-24.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-reg-4.10.2-24.0.el6ev\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"vdsm-xmlrpc-4.10.2-24.0.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vdsm / vdsm-cli / vdsm-debuginfo / vdsm-hook-vhostmd / vdsm-python / etc\");\n }\n}\n", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T03:20:43", "bulletinFamily": "scanner", "description": "An updated rhev-hypervisor6 package that fixes two security issues and\nvarious bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way KVM initialized a guest", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2013-0907.NASL", "href": "https://www.tenable.com/plugins/nessus/78961", "published": "2014-11-08T00:00:00", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2013:0907)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0907. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78961);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:37\");\n\n script_cve_id(\"CVE-2013-0167\", \"CVE-2013-1935\");\n script_xref(name:\"RHSA\", value:\"2013:0907\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2013:0907)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes two security issues and\nvarious bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nA flaw was found in the way KVM initialized a guest's registered\npv_eoi (paravirtualized end-of-interrupt) indication flag when\nentering the guest. An unprivileged guest user could potentially use\nthis flaw to crash the host. (CVE-2013-1935)\n\nA flaw was found in the way unexpected fields in guestInfo\ndictionaries were processed. A privileged guest user could potentially\nuse this flaw to make the host the guest is running on unavailable to\nthe management server. (CVE-2013-0167)\n\nRed Hat would like to thank IBM for reporting the CVE-2013-1935 issue.\nThe CVE-2013-0167 issue was discovered by Dan Kenigsberg of the Red\nHat Enterprise Virtualization team.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2013-1962 (libvirt issue)\n\nCVE-2013-2017 and CVE-2013-1943 (kernel issues)\n\nCVE-2012-6137 (subscription-manager issue)\n\nThis update also contains the fixes from the following errata :\n\n* vdsm: RHSA-2013:0886, which adds support for Red Hat Enterprise\nVirtualization 3.2 clusters.\n\n* ovirt-node: RHBA-2013:0908\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of 'Install Failed'. If this happens, place the\nhost into maintenance mode, then activate it again to get the host\nback to an 'Up' state.\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues.\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n # https://rhn.redhat.com/errata/RHSA-2013-0886.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0886\"\n );\n # https://rhn.redhat.com/errata/RHBA-2013-0908.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2013:0908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0167\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0907\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.4-20130528.0.el6_4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-01T03:20:44", "bulletinFamily": "scanner", "description": "An updated rhev-hypervisor6 package that fixes three security issues\nand various bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2013-1181.NASL", "href": "https://www.tenable.com/plugins/nessus/78969", "published": "2014-11-08T00:00:00", "title": "RHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1181. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78969);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:37\");\n\n script_cve_id(\"CVE-2013-0791\", \"CVE-2013-1620\", \"CVE-2013-4236\");\n script_bugtraq_id(57777, 58826, 61772);\n script_xref(name:\"RHSA\", value:\"2013:1181\");\n\n script_name(english:\"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor6 package that fixes three security issues\nand various bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor6 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nUpgrade Note: If you upgrade the Red Hat Enterprise Virtualization\nHypervisor through the 3.2 Manager administration portal, the Host may\nappear with the status of 'Install Failed'. If this happens, place the\nhost into maintenance mode, then activate it again to get the host\nback to an 'Up' state.\n\nIt was discovered that NSS leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when CBC-mode cipher\nsuites were used. A remote attacker could possibly use this flaw to\nretrieve plain text from the encrypted packets by using a TLS/SSL or\nDTLS server as a padding oracle. (CVE-2013-1620)\n\nIt was found that the fix for CVE-2013-0167 released via\nRHSA-2013:0907 was incomplete. A privileged guest user could\npotentially use this flaw to make the host the guest is running on\nunavailable to the management server. (CVE-2013-4236)\n\nAn out-of-bounds memory read flaw was found in the way NSS decoded\ncertain certificates. If an application using NSS decoded a malformed\ncertificate, it could cause the application to crash. (CVE-2013-0791)\n\nRed Hat would like to thank the Mozilla project for reporting\nCVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original\nreporter of CVE-2013-0791. The CVE-2013-4236 issue was found by David\nGibson of Red Hat.\n\nThis updated package provides updated components that include fixes\nfor various security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however. The\nsecurity fixes included in this update address the following CVE\nnumbers :\n\nCVE-2013-4854 (bind issue)\n\nCVE-2012-6544, CVE-2013-2146, CVE-2013-2206, CVE-2013-2224,\nCVE-2013-2232, and CVE-2013-2237 (kernel issues)\n\nThis update also contains the fixes from the following errata :\n\n* vdsm: RHSA-2013:1155 and RHBA-2013:1158\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised\nto upgrade to this updated package, which corrects these issues.\"\n );\n # https://rhn.redhat.com/errata/RHSA-2013-0907.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0907\"\n );\n # https://rhn.redhat.com/errata/RHSA-2013-1155.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1155\"\n );\n # https://rhn.redhat.com/errata/RHBA-2013-1158.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2013:1158\"\n );\n # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6b506c4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4236\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1181\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor6-6.4-20130815.0.el6_4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor6\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}