Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2016-2577.NASL
HistoryNov 04, 2016 - 12:00 a.m.

RHEL 7 : libvirt (RHSA-2016:2577)

2016-11-0400:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

0.027 Low

EPSS

Percentile

90.5%

JSON

An update for libvirt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
In addition, libvirt provides tools for remote management of virtualized systems.

The following packages have been upgraded to a newer upstream version:
libvirt (2.0.0). (BZ#830971, BZ#1286679)

Security Fix(es) :

  • It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160)

  • A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313)

  • It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2016:2577. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(94540);
  script_version("2.14");
  script_cvs_date("Date: 2019/10/24 15:35:42");

  script_cve_id("CVE-2015-5160", "CVE-2015-5313", "CVE-2016-5008");
  script_xref(name:"RHSA", value:"2016:2577");

  script_name(english:"RHEL 7 : libvirt (RHSA-2016:2577)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for libvirt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The libvirt library contains a C API for managing and interacting with
the virtualization capabilities of Linux and other operating systems.
In addition, libvirt provides tools for remote management of
virtualized systems.

The following packages have been upgraded to a newer upstream version:
libvirt (2.0.0). (BZ#830971, BZ#1286679)

Security Fix(es) :

* It was found that the libvirt daemon, when using RBD (RADOS Block
Device), leaked private credentials to the process list. A local
attacker could use this flaw to perform certain privileged operations
within the cluster. (CVE-2015-5160)

* A path-traversal flaw was found in the way the libvirt daemon
handled filesystem names for storage volumes. A libvirt user with
privileges to create storage volumes and without privileges to create
and modify domains could possibly use this flaw to escalate their
privileges. (CVE-2015-5313)

* It was found that setting a VNC password to an empty string in
libvirt did not disable all access to the VNC server as documented,
instead it allowed access with no authentication required. An attacker
could use this flaw to access a VNC server with an empty VNC password
without any authentication. (CVE-2016-5008)

Additional Changes :

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section."
  );
  # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3395ff0b"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2016:2577"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-5160"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-5313"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-5008"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libvirt-nss");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2016:2577";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", reference:"libvirt-client-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-config-network-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-config-network-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-config-nwfilter-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-interface-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-lxc-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-network-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-network-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-nodedev-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-nwfilter-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-secret-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-driver-storage-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-kvm-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-daemon-lxc-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-daemon-lxc-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", reference:"libvirt-debuginfo-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", reference:"libvirt-devel-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-docs-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-docs-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-lock-sanlock-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"libvirt-login-shell-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libvirt-login-shell-2.0.0-10.el7", allowmaj:TRUE)) flag++;

  if (rpm_check(release:"RHEL7", reference:"libvirt-nss-2.0.0-10.el7", allowmaj:TRUE)) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-daemon / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxlibvirt-daemon-driver-storagep-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage
redhatenterprise_linuxlibvirt-daemon-kvmp-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm
redhatenterprise_linuxlibvirt-daemon-lxcp-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc
redhatenterprise_linuxlibvirtp-cpe:/a:redhat:enterprise_linux:libvirt
redhatenterprise_linuxlibvirt-clientp-cpe:/a:redhat:enterprise_linux:libvirt-client
redhatenterprise_linuxlibvirt-daemonp-cpe:/a:redhat:enterprise_linux:libvirt-daemon
redhatenterprise_linuxlibvirt-daemon-config-networkp-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network
redhatenterprise_linuxlibvirt-daemon-config-nwfilterp-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter
redhatenterprise_linuxlibvirt-daemon-driver-interfacep-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface
redhatenterprise_linuxlibvirt-daemon-driver-lxcp-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc
Rows per page:
1-10 of 271

Related

oraclelinux 1
centos 1
openvas 19
nessus 27
redhat 1
ibm 2
prion 3
veracode 3
nvd 3
cvelist 3
altlinux 1
mageia 2
freebsd 1
cve 3
gentoo 1
fedora 4
debiancve 3
debian 3
ubuntucve 3
ubuntu 2
osv 15
oraclelinux
oraclelinux
libvirt security, bug fix, and enhancement update
2016-11-09 00:00:00
centos
centos
libvirt security update
2016-11-25 15:59:54
openvas
openvas
RedHat Update for libvirt RHSA-2016:2577-02
2016-11-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0923-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0931-1)
2021-06-09 00:00:00
nessus
nessus
Scientific Linux Security Update : libvirt on SL7.x x86_64 (20161103)
2016-12-15 00:00:00
CentOS 7 : libvirt (CESA-2016:2577)
2016-11-28 00:00:00
Oracle Linux 7 : libvirt (ELSA-2016-2577)
2016-11-11 00:00:00
redhat
redhat
(RHSA-2016:2577) Moderate: libvirt security, bug fix, and enhancement update
2016-11-03 06:07:14
ibm
ibm
Security Bulletin: Two vulnerabilities in libvirt affect PowerKVM (CVE-2015-5313, CVE-2016-5008)
2018-06-18 01:33:12
Security Bulletin: A vulnerability in libvirt affects PowerKVM
2018-06-18 01:34:53
prion
prion
Design/Logic Flaw
2018-08-20 21:29:00
Directory traversal
2016-04-11 21:59:00
Authentication flaw
2016-07-13 15:59:00
veracode
veracode
Information Disclosure
2019-01-15 09:13:55
Directory Traversal
2018-07-20 08:56:18
Authentication Bypass
2019-05-02 05:51:11
nvd
nvd
CVE-2015-5160
2018-08-20 21:29:00
CVE-2015-5313
2016-04-11 21:59:04
CVE-2016-5008
2016-07-13 15:59:05
cvelist
cvelist
CVE-2015-5160
2018-08-20 21:00:00
CVE-2015-5313
2016-04-11 21:00:00
CVE-2016-5008
2016-07-13 15:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libvirt version 1.3.0-alt1
2015-12-18 00:00:00
mageia
mageia
Updated libvirt packages fix security vulnerability
2016-03-10 01:57:53
Updated libvirt packages fix security vulnerabilities
2016-07-08 22:50:51
freebsd
freebsd
libvirt -- ACL bypass using ../ to access beyond storage pool
2015-10-30 00:00:00
cve
cve
CVE-2015-5313
2016-04-11 21:59:04
CVE-2016-5008
2016-07-13 15:59:05
CVE-2015-5160
2018-08-20 21:29:00
gentoo
gentoo
libvirt: Directory traversal
2016-12-04 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: libvirt-1.2.13.2-1.fc22
2016-01-08 03:35:48
[SECURITY] Fedora 23 Update: libvirt-1.2.18.2-1.fc23
2015-12-28 23:01:08
[SECURITY] Fedora 23 Update: libvirt-1.2.18.4-1.fc23
2016-07-27 20:55:52
debiancve
debiancve
CVE-2015-5313
2016-04-11 21:59:04
CVE-2015-5160
2018-08-20 21:29:00
CVE-2016-5008
2016-07-13 15:59:05
debian
debian
[SECURITY] [DSA 3613-1] libvirt security update
2016-07-02 07:48:56
[SECURITY] [DSA 3613-1] libvirt security update
2016-07-02 07:48:56
[SECURITY] [DLA 541-1] libvirt security update
2016-07-01 09:07:27
ubuntucve
ubuntucve
CVE-2015-5160
2018-08-20 00:00:00
CVE-2015-5313
2015-12-18 00:00:00
CVE-2016-5008
2016-07-13 00:00:00
ubuntu
ubuntu
libvirt vulnerabilities
2018-02-20 00:00:00
libvirt vulnerabilities
2016-01-12 00:00:00
osv
osv
CVE-2019-3840
2019-03-27 13:29:01
CVE-2019-20485
2020-03-19 02:15:10
CVE-2021-3975
2022-08-23 20:15:08

0.027 Low

EPSS

Percentile

90.5%

JSON
Related for REDHAT-RHSA-2016-2577.NASL
oraclelinux1centos1openvas19nessus27redhat1ibm2prion3veracode3nvd3cvelist3altlinux1mageia2freebsd1cve3gentoo1fedora4debiancve3debian3ubuntucve3ubuntu2osv15