Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20150421_QEMU_KVM_ON_SL6_X.NASL
HistoryApr 22, 2015 - 12:00 a.m.

Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150421)

2015-04-2200:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM- allocated buffer boundaries in the host’s QEMU process address space with attacker-provided data. (CVE-2014-8106)

This update also fixes the following bug :

  • Previously, the effective downtime during the last phase of a live migration would sometimes be much higher than the maximum downtime specified by ‘migration_downtime’ in vdsm.conf. This problem has been corrected. The value of ‘migration_downtime’ is now honored and the migration is aborted if the downtime cannot be achieved.

After installing this update, shut down all running virtual machines.
Once all virtual machines have shut down, start them again for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82989);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-8106");

  script_name(english:"Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150421)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was found that the Cirrus blit region checks were insufficient. A
privileged guest user could use this flaw to write outside of VRAM-
allocated buffer boundaries in the host's QEMU process address space
with attacker-provided data. (CVE-2014-8106)

This update also fixes the following bug :

  - Previously, the effective downtime during the last phase
    of a live migration would sometimes be much higher than
    the maximum downtime specified by 'migration_downtime'
    in vdsm.conf. This problem has been corrected. The value
    of 'migration_downtime' is now honored and the migration
    is aborted if the downtime cannot be achieved.

After installing this update, shut down all running virtual machines.
Once all virtual machines have shut down, start them again for this
update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1504&L=scientific-linux-errata&T=0&P=2294
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?5131a6ed"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-img");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"qemu-guest-agent-0.12.1.2-2.448.el6_6.2")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"qemu-img-0.12.1.2-2.448.el6_6.2")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"qemu-kvm-0.12.1.2-2.448.el6_6.2")) flag++;
if (rpm_check(release:"SL6", reference:"qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.2")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"qemu-kvm-tools-0.12.1.2-2.448.el6_6.2")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxqemu-guest-agentp-cpe:/a:fermilab:scientific_linux:qemu-guest-agent
fermilabscientific_linuxqemu-imgp-cpe:/a:fermilab:scientific_linux:qemu-img
fermilabscientific_linuxqemu-kvmp-cpe:/a:fermilab:scientific_linux:qemu-kvm
fermilabscientific_linuxqemu-kvm-debuginfop-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo
fermilabscientific_linuxqemu-kvm-toolsp-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

nessus 27
osv 2
centos 2
openvas 23
redhat 7
debian 4
oraclelinux 2
veracode 1
securityvulns 2
ubuntucve 2
debiancve 1
ubuntu 1
prion 1
cve 1
mageia 1
fedora 5
gentoo 1
f5 2
suse 3
nessus
nessus
Oracle Linux 6 : qemu-kvm (ELSA-2015-0867)
2015-04-22 00:00:00
Fedora 20 : qemu-1.6.2-13.fc20 (2015-1886)
2015-02-18 00:00:00
Debian DSA-3087-1 : qemu - security update
2014-12-05 00:00:00
osv
osv
qemu - security update
2014-12-04 00:00:00
qemu-kvm - security update
2014-12-04 00:00:00
centos
centos
qemu security update
2015-04-22 09:45:47
libcacard, qemu security update
2015-03-17 13:29:43
openvas
openvas
Debian: Security Advisory (DSA-3087-1)
2014-12-03 00:00:00
Debian Security Advisory DSA 3088-1 (qemu-kvm - security update)
2014-12-04 00:00:00
CentOS Update for qemu-guest-agent CESA-2015:0867 centos6
2015-04-23 00:00:00
redhat
redhat
(RHSA-2015:0795) Important: qemu-kvm-rhev security update
2015-04-09 00:00:00
(RHSA-2015:0891) Important: qemu-kvm-rhev security update
2015-04-28 05:25:42
(RHSA-2015:0867) Important: qemu-kvm security and bug fix update
2015-04-21 00:00:00
debian
debian
[SECURITY] [DSA 3088-1] qemu-kvm security update
2014-12-04 13:44:52
[SECURITY] [DSA 3087-1] qemu security update
2014-12-04 13:44:41
[SECURITY] [DSA 3088-1] qemu-kvm security update
2014-12-04 13:45:15
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2015-04-21 00:00:00
qemu-kvm security, bug fix, and enhancement update
2015-03-11 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:05:03
securityvulns
securityvulns
[SECURITY] [DSA 3087-1] qemu security update
2014-12-08 00:00:00
qemu multiple security vulnerabilities
2014-12-08 00:00:00
ubuntucve
ubuntucve
CVE-2014-8106
2014-12-08 00:00:00
CVE-2017-2615
2017-02-01 00:00:00
debiancve
debiancve
CVE-2014-8106
2014-12-08 16:59:00
ubuntu
ubuntu
QEMU vulnerabilities
2014-12-11 00:00:00
prion
prion
Heap overflow
2014-12-08 16:59:00
cve
cve
CVE-2014-8106
2014-12-08 16:59:00
mageia
mageia
Updated qemu packages fix security vulnerabilities
2014-12-13 23:16:05
fedora
fedora
[SECURITY] Fedora 21 Update: qemu-2.1.3-5.fc21
2015-04-13 07:05:24
[SECURITY] Fedora 21 Update: qemu-2.1.3-7.fc21
2015-05-17 06:38:09
[SECURITY] Fedora 21 Update: qemu-2.1.3-8.fc21
2015-06-21 00:16:05
gentoo
gentoo
QEMU: Multiple Vulnerabilities
2014-12-24 00:00:00
f5
f5
SOL63519101 - Multiple QEMU vulnerabilities
2016-02-16 00:00:00
K63519101 : Multiple QEMU vulnerabilities
2016-02-16 00:00:00
suse
suse
Security update for xen (important)
2017-03-17 12:10:10
Security update for xen (important)
2017-03-10 00:07:36
Security update for xen (important)
2017-03-01 00:33:56
JSON
Related for SL_20150421_QEMU_KVM_ON_SL6_X.NASL
nessus27osv2centos2openvas23redhat7debian4oraclelinux2veracode1securityvulns2ubuntucve2debiancve1ubuntu1prion1cve1mageia1fedora5gentoo1f52suse3