Search...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20161103)

2016-12-15T00:00:00

ID SL_20161103_LIBVIRT_ON_SL7_X.NASL
Type nessus
Reporter This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2016-12-15T00:00:00

Description

The following packages have been upgraded to a newer upstream version: libvirt (2.0.0).

Security Fix(es) :

It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160)

A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313)

It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008)

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(95846);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2015-5160", "CVE-2015-5313", "CVE-2016-5008");

  script_name(english:"Scientific Linux Security Update : libvirt on SL7.x x86_64 (20161103)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The following packages have been upgraded to a newer upstream version:
libvirt (2.0.0).

Security Fix(es) :

  - It was found that the libvirt daemon, when using RBD
    (RADOS Block Device), leaked private credentials to the
    process list. A local attacker could use this flaw to
    perform certain privileged operations within the
    cluster. (CVE-2015-5160)

  - A path-traversal flaw was found in the way the libvirt
    daemon handled filesystem names for storage volumes. A
    libvirt user with privileges to create storage volumes
    and without privileges to create and modify domains
    could possibly use this flaw to escalate their
    privileges. (CVE-2015-5313)

  - It was found that setting a VNC password to an empty
    string in libvirt did not disable all access to the VNC
    server as documented, instead it allowed access with no
    authentication required. An attacker could use this flaw
    to access a VNC server with an empty VNC password
    without any authentication. (CVE-2016-5008)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=9310
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?5dce02be"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-interface");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nodedev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-secret");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-login-shell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libvirt-nss");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " &gt;!&lt; release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu &gt;!&lt; "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" &gt;!&lt; cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-client-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-config-network-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-config-nwfilter-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-interface-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-lxc-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-network-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nodedev-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-nwfilter-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-secret-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-kvm-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-daemon-lxc-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-debuginfo-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-devel-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-docs-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-lock-sanlock-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-login-shell-2.0.0-10.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libvirt-nss-2.0.0-10.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-client / libvirt-daemon / etc");
}

JSON Vulners Source

Initial Source

{"id": "SL_20161103_LIBVIRT_ON_SL7_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : libvirt on SL7.x x86_64 (20161103)", "description": "The following packages have been upgraded to a newer upstream version:\nlibvirt (2.0.0).\n\nSecurity Fix(es) :\n\n - It was found that the libvirt daemon, when using RBD\n (RADOS Block Device), leaked private credentials to the\n process list. A local attacker could use this flaw to\n perform certain privileged operations within the\n cluster. (CVE-2015-5160)\n\n - A path-traversal flaw was found in the way the libvirt\n daemon handled filesystem names for storage volumes. A\n libvirt user with privileges to create storage volumes\n and without privileges to create and modify domains\n could possibly use this flaw to escalate their\n privileges. (CVE-2015-5313)\n\n - It was found that setting a VNC password to an empty\n string in libvirt did not disable all access to the VNC\n server as documented, instead it allowed access with no\n authentication required. An attacker could use this flaw\n to access a VNC server with an empty VNC password\n without any authentication. (CVE-2016-5008)", "published": "2016-12-15T00:00:00", "modified": "2016-12-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/95846", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?5dce02be"], "cvelist": ["CVE-2015-5160", "CVE-2016-5008", "CVE-2015-5313"], "type": "nessus", "lastseen": "2021-01-17T13:49:26", "edition": 14, "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5160", "CVE-2015-5313", "CVE-2016-5008"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843454", "OPENVAS:1361412562310871710", "OPENVAS:1361412562310131262", "OPENVAS:1361412562311220171052", "OPENVAS:1361412562311220171053", "OPENVAS:1361412562310808993", "OPENVAS:703613", "OPENVAS:1361412562310806939", "OPENVAS:1361412562310703613", "OPENVAS:1361412562310808989"]}, {"type": "centos", "idList": ["CESA-2016:2577"]}, {"type": "redhat", "idList": ["RHSA-2016:2577"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2577"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2016-2577.NASL", "FEDORA_2015-2C9678DA8C.NASL", "REDHAT-RHSA-2016-2577.NASL", "SUSE_SU-2016-0931-1.NASL", "FEDORA_2015-30B347DFF1.NASL", "OPENSUSE-2016-77.NASL", "SUSE_SU-2016-0923-1.NASL", "GENTOO_GLSA-201612-10.NASL", "FREEBSD_PKG_F714B4C9A6C111E588D7047D7B492D07.NASL", "CENTOS_RHSA-2016-2577.NASL"]}, {"type": "fedora", "idList": ["FEDORA:263256124F9A", "FEDORA:C70A6607925A", "FEDORA:383256087C12", "FEDORA:534846092206"]}, {"type": "freebsd", "idList": ["F714B4C9-A6C1-11E5-88D7-047D7B492D07"]}, {"type": "gentoo", "idList": ["GLSA-201612-10"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3613-1:9FF39", "DEBIAN:DLA-541-1:58ED7"]}, {"type": "ubuntu", "idList": ["USN-2867-1", "USN-3576-1"]}], "modified": "2021-01-17T13:49:26", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-01-17T13:49:26", "rev": 2}, "vulnersScore": 5.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95846);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5160\", \"CVE-2015-5313\", \"CVE-2016-5008\");\n\n script_name(english:\"Scientific Linux Security Update : libvirt on SL7.x x86_64 (20161103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a newer upstream version:\nlibvirt (2.0.0).\n\nSecurity Fix(es) :\n\n - It was found that the libvirt daemon, when using RBD\n (RADOS Block Device), leaked private credentials to the\n process list. A local attacker could use this flaw to\n perform certain privileged operations within the\n cluster. (CVE-2015-5160)\n\n - A path-traversal flaw was found in the way the libvirt\n daemon handled filesystem names for storage volumes. A\n libvirt user with privileges to create storage volumes\n and without privileges to create and modify domains\n could possibly use this flaw to escalate their\n privileges. (CVE-2015-5313)\n\n - It was found that setting a VNC password to an empty\n string in libvirt did not disable all access to the VNC\n server as documented, instead it allowed access with no\n authentication required. An attacker could use this flaw\n to access a VNC server with an empty VNC password\n without any authentication. (CVE-2016-5008)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=9310\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5dce02be\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-client-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-debuginfo-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-devel-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-docs-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libvirt-nss-2.0.0-10.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-daemon / etc\");\n}\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "95846", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-network", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:fermilab:scientific_linux:libvirt-client", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-kvm", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-interface", "p-cpe:/a:fermilab:scientific_linux:libvirt-lock-sanlock", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-storage", "p-cpe:/a:fermilab:scientific_linux:libvirt-devel", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-lxc", "p-cpe:/a:fermilab:scientific_linux:libvirt-login-shell", "p-cpe:/a:fermilab:scientific_linux:libvirt", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-config-nwfilter", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:libvirt-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:fermilab:scientific_linux:libvirt-nss", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-secret", "p-cpe:/a:fermilab:scientific_linux:libvirt-daemon-driver-network", "p-cpe:/a:fermilab:scientific_linux:libvirt-docs"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-12-09T20:03:05", "description": "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-08-20T21:29:00", "title": "CVE-2015-5160", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5160"], "modified": "2020-10-15T13:28:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux:5", "cpe:/a:redhat:virtualization:3.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_eus:7.4", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_eus:7.6", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_eus:7.5", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6"], "id": "CVE-2015-5160", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5160", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:49:53", "description": "Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.", "edition": 3, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 2.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-04-11T21:59:00", "title": "CVE-2015-5313", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5313"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:redhat:libvirt:-"], "id": "CVE-2015-5313", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5313", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:redhat:libvirt:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:39", "description": "libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-13T15:59:00", "title": "CVE-2016-5008", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5008"], "modified": "2018-03-16T01:29:00", "cpe": ["cpe:/a:redhat:libvirt:1.3.5", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2016-5008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5008", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libvirt:1.3.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:35:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5160", "CVE-2016-5008", "CVE-2015-5313"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-11-04T00:00:00", "id": "OPENVAS:1361412562310871710", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871710", "type": "openvas", "title": "RedHat Update for libvirt RHSA-2016:2577-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libvirt RHSA-2016:2577-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871710\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:43:38 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2015-5160\", \"CVE-2015-5313\", \"CVE-2016-5008\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libvirt RHSA-2016:2577-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libvirt library contains a C API for\nmanaging and interacting with the virtualization capabilities of Linux and other\noperating systems. In addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nThe following packages have been upgraded to a newer upstream version:\nlibvirt (2.0.0). (BZ#830971, BZ#1286679)\n\nSecurity Fix(es):\n\n * It was found that the libvirt daemon, when using RBD (RADOS Block\nDevice), leaked private credentials to the process list. A local attacker\ncould use this flaw to perform certain privileged operations within the\ncluster. (CVE-2015-5160)\n\n * A path-traversal flaw was found in the way the libvirt daemon handled\nfilesystem names for storage volumes. A libvirt user with privileges to\ncreate storage volumes and without privileges to create and modify domains\ncould possibly use this flaw to escalate their privileges. (CVE-2015-5313)\n\n * It was found that setting a VNC password to an empty string in libvirt\ndid not disable all access to the VNC server as documented, instead it\nallowed access with no authentication required. An attacker could use this\nflaw to access a VNC server with an empty VNC password without any\nauthentication. (CVE-2016-5008)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"libvirt on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2577-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00013.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-client\", rpm:\"libvirt-client~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon\", rpm:\"libvirt-daemon~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-config-network\", rpm:\"libvirt-daemon-config-network~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-config-nwfilter\", rpm:\"libvirt-daemon-config-nwfilter~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-driver-interface\", rpm:\"libvirt-daemon-driver-interface~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-driver-lxc\", rpm:\"libvirt-daemon-driver-lxc~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-driver-network\", rpm:\"libvirt-daemon-driver-network~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-driver-nodedev\", rpm:\"libvirt-daemon-driver-nodedev~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-driver-nwfilter\", rpm:\"libvirt-daemon-driver-nwfilter~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-driver-qemu\", rpm:\"libvirt-daemon-driver-qemu~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-driver-secret\", rpm:\"libvirt-daemon-driver-secret~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage\", rpm:\"libvirt-daemon-driver-storage~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-daemon-kvm\", rpm:\"libvirt-daemon-kvm~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-debuginfo\", rpm:\"libvirt-debuginfo~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-devel\", rpm:\"libvirt-devel~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvirt-docs\", rpm:\"libvirt-docs~2.0.0~10.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5313"], "description": "Mageia Linux Local Security Checks mgasa-2016-0103", "modified": "2019-03-14T00:00:00", "published": "2016-03-10T00:00:00", "id": "OPENVAS:1361412562310131262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131262", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0103", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0103.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131262\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 07:17:43 +0200 (Thu, 10 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0103\");\n script_tag(name:\"insight\", value:\"A path-traversal flaw was found in the way the libvirt daemon handled file-system names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges (CVE-2015-5313).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0103.html\");\n script_cve_id(\"CVE-2015-5313\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0103\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~1.2.9.3~1.3.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5313"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310806939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806939", "type": "openvas", "title": "Fedora Update for libvirt FEDORA-2015-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvirt FEDORA-2015-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806939\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 06:29:47 +0100 (Fri, 08 Jan 2016)\");\n script_cve_id(\"CVE-2015-5313\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvirt FEDORA-2015-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libvirt on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175206.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~1.2.13.2~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:33:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5008"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171052", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2017-1052)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1052\");\n script_version(\"2020-01-23T10:46:42+0000\");\n script_cve_id(\"CVE-2016-5008\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:46:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:46:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2017-1052)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1052\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1052\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libvirt' package(s) announced via the EulerOS-SA-2017-1052 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication.(CVE-2016-5008)\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-client\", rpm:\"libvirt-client~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon\", rpm:\"libvirt-daemon~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-config-network\", rpm:\"libvirt-daemon-config-network~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-config-nwfilter\", rpm:\"libvirt-daemon-config-nwfilter~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-interface\", rpm:\"libvirt-daemon-driver-interface~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-lxc\", rpm:\"libvirt-daemon-driver-lxc~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-network\", rpm:\"libvirt-daemon-driver-network~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-nodedev\", rpm:\"libvirt-daemon-driver-nodedev~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-nwfilter\", rpm:\"libvirt-daemon-driver-nwfilter~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-qemu\", rpm:\"libvirt-daemon-driver-qemu~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-secret\", rpm:\"libvirt-daemon-driver-secret~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-driver-storage\", rpm:\"libvirt-daemon-driver-storage~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-daemon-kvm\", rpm:\"libvirt-daemon-kvm~2.0.0~10.5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5008"], "description": "Vivian Zhang and Christoph Anton\nMitterer discovered that setting an empty VNC password does not work as documented\nin Libvirt, a virtualisation abstraction library. When the password on a VNC\nserver is set to the empty string, authentication on the VNC server will be\ndisabled, allowing any user to connect, despite the documentation\ndeclaring that setting an empty password for the VNC server prevents all\nclient connections. With this update the behaviour is enforced by\nsetting the password expiration to now\n.", "modified": "2019-03-18T00:00:00", "published": "2016-07-02T00:00:00", "id": "OPENVAS:1361412562310703613", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703613", "type": "openvas", "title": "Debian Security Advisory DSA 3613-1 (libvirt - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3613.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3613-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703613\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-5008\");\n script_name(\"Debian Security Advisory DSA 3613-1 (libvirt - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-02 00:00:00 +0200 (Sat, 02 Jul 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3613.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"libvirt on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthis problem has been fixed in version 1.2.9-9+deb8u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0-1.\n\nWe recommend that you upgrade your libvirt packages.\");\n script_tag(name:\"summary\", value:\"Vivian Zhang and Christoph Anton\nMitterer discovered that setting an empty VNC password does not work as documented\nin Libvirt, a virtualisation abstraction library. When the password on a VNC\nserver is set to the empty string, authentication on the VNC server will be\ndisabled, allowing any user to connect, despite the documentation\ndeclaring that setting an empty password for the VNC server prevents all\nclient connections. With this update the behaviour is enforced by\nsetting the password expiration to now\n.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"1.2.9-9+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvirt-clients\", ver:\"1.2.9-9+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvirt-daemon\", ver:\"1.2.9-9+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvirt-daemon-system\", ver:\"1.2.9-9+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvirt-dev\", ver:\"1.2.9-9+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvirt-doc\", ver:\"1.2.9-9+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvirt-sanlock\", ver:\"1.2.9-9+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"1.2.9-9+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvirt0-dbg\", ver:\"1.2.9-9+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:41:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5008"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171053", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171053", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2017-1053)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1053\");\n script_version(\"2020-01-23T10:46:43+0000\");\n script_cve_id(\"CVE-2016-5008\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:46:43 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:46:43 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2017-1053)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1053\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1053\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libvirt' package(s) announced via the EulerOS-SA-2017-1053 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication.(CVE-2016-5008)\");\n\n script_tag(name:\"affected\", value:\"'libvirt' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libvirt-client\", rpm:\"libvirt-client~2.0.0~10.5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5008"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-02T00:00:00", "id": "OPENVAS:1361412562310808989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808989", "type": "openvas", "title": "Fedora Update for libvirt FEDORA-2016-7b7e16a39e", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvirt FEDORA-2016-7b7e16a39e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808989\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:57:57 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-5008\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvirt FEDORA-2016-7b7e16a39e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libvirt on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-7b7e16a39e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTQF6LXKEEMJG4VOOCIAPJAD6ACBYP4W\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~1.2.18.4~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5008"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-08-02T00:00:00", "id": "OPENVAS:1361412562310808993", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808993", "type": "openvas", "title": "Fedora Update for libvirt FEDORA-2016-65cc608ebe", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvirt FEDORA-2016-65cc608ebe\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808993\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:58:21 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-5008\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvirt FEDORA-2016-65cc608ebe\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libvirt on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-65cc608ebe\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZZMOMRXNPALA34XDF5NK363KDLAYSTL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvirt\", rpm:\"libvirt~1.3.3.2~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:54:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5008"], "description": "Vivian Zhang and Christoph Anton\nMitterer discovered that setting an empty VNC password does not work as documented\nin Libvirt, a virtualisation abstraction library. When the password on a VNC\nserver is set to the empty string, authentication on the VNC server will be\ndisabled, allowing any user to connect, despite the documentation\ndeclaring that setting an empty password for the VNC server prevents all\nclient connections. With this update the behaviour is enforced by\nsetting the password expiration to now \n.", "modified": "2017-07-07T00:00:00", "published": "2016-07-02T00:00:00", "id": "OPENVAS:703613", "href": "http://plugins.openvas.org/nasl.php?oid=703613", "type": "openvas", "title": "Debian Security Advisory DSA 3613-1 (libvirt - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3613.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3613-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703613);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-5008\");\n script_name(\"Debian Security Advisory DSA 3613-1 (libvirt - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-07-02 00:00:00 +0200 (Sat, 02 Jul 2016)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3613.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libvirt on Debian Linux\");\n script_tag(name: \"insight\", value: \"Libvirt is a C toolkit to interact with\nthe virtualization capabilities of recent versions of Linux (and other OSes).\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthis problem has been fixed in version 1.2.9-9+deb8u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0-1.\n\nWe recommend that you upgrade your libvirt packages.\");\n script_tag(name: \"summary\", value: \"Vivian Zhang and Christoph Anton\nMitterer discovered that setting an empty VNC password does not work as documented\nin Libvirt, a virtualisation abstraction library. When the password on a VNC\nserver is set to the empty string, authentication on the VNC server will be\ndisabled, allowing any user to connect, despite the documentation\ndeclaring that setting an empty password for the VNC server prevents all\nclient connections. With this update the behaviour is enforced by\nsetting the password expiration to now \n.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"1.2.9-9+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvirt-clients\", ver:\"1.2.9-9+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvirt-daemon\", ver:\"1.2.9-9+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvirt-daemon-system\", ver:\"1.2.9-9+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvirt-dev\", ver:\"1.2.9-9+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvirt-doc\", ver:\"1.2.9-9+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvirt-sanlock\", ver:\"1.2.9-9+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"1.2.9-9+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvirt0-dbg\", ver:\"1.2.9-9+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5748", "CVE-2016-5008", "CVE-2018-6764", "CVE-2017-1000256"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2018-02-21T00:00:00", "id": "OPENVAS:1361412562310843454", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843454", "type": "openvas", "title": "Ubuntu Update for libvirt USN-3576-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3576_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for libvirt USN-3576-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843454\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-21 08:47:28 +0100 (Wed, 21 Feb 2018)\");\n script_cve_id(\"CVE-2016-5008\", \"CVE-2017-1000256\", \"CVE-2018-5748\", \"CVE-2018-6764\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libvirt USN-3576-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvirt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Vivian Zhang and Christoph Anton Mitterer\n discovered that libvirt incorrectly disabled password authentication when the\n VNC password was set to an empty string. A remote attacker could possibly use\n this issue to bypass authentication, contrary to expectations. This issue only\n affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008) Daniel P.\n Berrange discovered that libvirt incorrectly handled validating SSL/TLS\n certificates. A remote attacker could possibly use this issue to obtain\n sensitive information. This issue only affected Ubuntu 17.10. (CVE-2017-1000256)\n Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectly handled\n large QEMU replies. An attacker could possibly use this issue to cause libvirt\n to crash, resulting in a denial of service. (CVE-2018-5748) Pedro Sampaio\n discovered that libvirt incorrectly handled the libnss_dns.so module. An\n attacker in a libvirt_lxc session could possibly use this issue to execute\n arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.\n (CVE-2018-6764)\");\n script_tag(name:\"affected\", value:\"libvirt on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3576-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3576-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"1.2.2-0ubuntu13.1.26\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"1.2.2-0ubuntu13.1.26\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"3.6.0-1ubuntu6.3\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"3.6.0-1ubuntu6.3\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libvirt-bin\", ver:\"1.3.1-1ubuntu10.19\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libvirt0\", ver:\"1.3.1-1ubuntu10.19\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:29:34", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5160", "CVE-2016-5008", "CVE-2015-5313"], "description": "**CentOS Errata and Security Advisory** CESA-2016:2577\n\n\nThe libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nThe following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679)\n\nSecurity Fix(es):\n\n* It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160)\n\n* A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313)\n\n* It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-November/003620.html\n\n**Affected packages:**\nlibvirt\nlibvirt-client\nlibvirt-daemon\nlibvirt-daemon-config-network\nlibvirt-daemon-config-nwfilter\nlibvirt-daemon-driver-interface\nlibvirt-daemon-driver-lxc\nlibvirt-daemon-driver-network\nlibvirt-daemon-driver-nodedev\nlibvirt-daemon-driver-nwfilter\nlibvirt-daemon-driver-qemu\nlibvirt-daemon-driver-secret\nlibvirt-daemon-driver-storage\nlibvirt-daemon-kvm\nlibvirt-daemon-lxc\nlibvirt-devel\nlibvirt-docs\nlibvirt-lock-sanlock\nlibvirt-login-shell\nlibvirt-nss\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-2577.html", "edition": 3, "modified": "2016-11-25T15:59:54", "published": "2016-11-25T15:59:54", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003620.html", "id": "CESA-2016:2577", "title": "libvirt security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5160", "CVE-2015-5313", "CVE-2016-5008"], "description": "The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.\n\nThe following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679)\n\nSecurity Fix(es):\n\n* It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160)\n\n* A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313)\n\n* It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "modified": "2018-04-12T03:33:04", "published": "2016-11-03T10:07:14", "id": "RHSA-2016:2577", "href": "https://access.redhat.com/errata/RHSA-2016:2577", "type": "redhat", "title": "(RHSA-2016:2577) Moderate: libvirt security, bug fix, and enhancement update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5160", "CVE-2016-5008", "CVE-2015-5313"], "description": "[2.0.0-10]\n- virtlogd: Don't stop or restart along with libvirtd (rhbz#1372576)\n[2.0.0-9]\n- Add helper for removing transient definition (rhbz#1368774)\n- qemu: Remove stale transient def when migration fails (rhbz#1368774)\n- qemu: Don't use query-migrate on destination (rhbz#1374613)\n- conf: allow hotplugging 'legacy PCI' device to manually addressed PCIe slot (rhbz#1337490)\n- conf: Add support for virtio-net.rx_queue_size (rhbz#1366989)\n- qemu_capabilities: Introduce virtio-net-*.rx_queue_size (rhbz#1366989)\n- qemu: Implement virtio-net rx_queue_size (rhbz#1366989)\n- audit: Audit information about shmem devices (rhbz#1218603)\n- qemu: monitor: Use a more obvious iterator name (rhbz#1375783)\n- qemu: monitor: qemuMonitorGetCPUInfoHotplug: Add iterator 'anycpu' (rhbz#1375783)\n- qemu: monitor: Add vcpu state information to monitor data (rhbz#1375783)\n- qemu: domain: Don't infer vcpu state (rhbz#1375783)\n[2.0.0-8]\n- util: storage: Properly set protocol type when parsing gluster json string (rhbz#1372251)\n- conf: Add IOThread quota and period scheduler/cputune defs (rhbz#1356937)\n- qemu: Add support to get/set IOThread period and quota cgroup values (rhbz#1356937)\n- network: new network forward mode 'open' (rhbz#846810)\n- virtlogd.socket: Tie lifecycle to libvirtd.service (rhbz#1372576)\n- cpu_x86: Fix minimum match custom CPUs on hosts with CMT (rhbz#1365500)\n- qemu: cgroup: Extract temporary relaxing of cgroup setting for vcpu hotplug (rhbz#1097930)\n- qemu: process: Fix start with unpluggable vcpus with NUMA pinning (rhbz#1097930)\n[2.0.0-7]\n- qemu: caps: Always assume QEMU_CAPS_SMP_TOPOLOGY (rhbz#1097930)\n- conf: Extract code formatting vCPU info (rhbz#1097930)\n- conf: Rename virDomainVcpuInfoPtr to virDomainVcpuDefPtr (rhbz#1097930)\n- conf: Don't report errors from virDomainDefGetVcpu (rhbz#1097930)\n- tests: qemuxml2xml: Format status XML header dynamically (rhbz#1097930)\n- conf: convert def->vcpus to a array of pointers (rhbz#1097930)\n- conf: Add private data for virDomainVcpuDef (rhbz#1097930)\n- qemu: domain: Add vcpu private data structure (rhbz#1097930)\n- qemu: domain: Extract formating and parsing of vCPU thread ids (rhbz#1097930)\n- qemu: Add cpu ID to the vCPU pid list in the status XML (rhbz#1097930)\n- qemu: Store vCPU thread ids in vcpu private data objects (rhbz#1097930)\n- Fix logic in qemuDomainObjPrivateXMLParseVcpu (rhbz#1097930)\n- qemu: Add qemuProcessSetupPid() and use it in qemuProcessSetupIOThread() (rhbz#1097930)\n- qemu: Use qemuProcessSetupPid() in qemuProcessSetupEmulator() (rhbz#1097930)\n- qemu: Use qemuProcessSetupPid() in qemuProcessSetupVcpu() (rhbz#1097930)\n- qemuBuildCpuCommandLine: Don't leak @buf (rhbz#1097930)\n- conf: Make really sure we don't access non-existing vCPUs (rhbz#1097930)\n- conf: Make really sure we don't access non-existing vCPUs again (rhbz#1097930)\n- qemu: capabilities: Drop unused function virQEMUCapsGetMachineTypes (rhbz#1097930)\n- qemu: caps: Sanitize storage of machine type related data (rhbz#1097930)\n- qemu: cap: Refactor access to array in virQEMUCapsProbeQMPMachineTypes (rhbz#1097930)\n- qemu: monitor: Add monitor API for device_add supporting JSON objects (rhbz#1097930)\n- qemu: monitor: Add do-while block to QEMU_CHECK_MONITOR_FULL (rhbz#1097930)\n- qemu: Improve error message in virDomainGetVcpus (rhbz#1097930)\n- qemu: domain: Rename qemuDomainDetectVcpuPids to qemuDomainRefreshVcpuInfo (rhbz#1097930)\n- qemu: monitor: Rename qemuMonitor(JSON|Text)GetCPUInfo (rhbz#1097930)\n- qemu: domain: Improve vCPU data checking in qemuDomainRefreshVcpu (rhbz#1097930)\n- qemu: domain: Simplify return values of qemuDomainRefreshVcpuInfo (rhbz#1097930)\n- internal: Introduce macro for stealing pointers (rhbz#1097930)\n- tests: qemucapabilities: Add data for qemu 2.7.0 (rhbz#1097930)\n- qemu: setcpus: Report better errors (rhbz#1097930)\n- qemu: setvcpus: Extract setting of maximum vcpu count (rhbz#1097930)\n- qemu: driver: Extract setting of live vcpu count (rhbz#1097930)\n- qemu: driver: Split out regular vcpu hotplug code into a function (rhbz#1097930)\n- conf: Provide error on undefined vcpusched entry (rhbz#1097930)\n- qemu: monitor: Return structures from qemuMonitorGetCPUInfo (rhbz#1097930)\n- qemu: monitor: Return struct from qemuMonitor(Text|Json)QueryCPUs (rhbz#1097930)\n- qemu: Add capability for query-hotpluggable-cpus command (rhbz#1097930)\n- qemu: Forbid config when topology based cpu count doesn't match the config (rhbz#1097930)\n- qemu: capabilities: Extract availability of new cpu hotplug for machine types (rhbz#1097930)\n- qemu: monitor: Extract QOM path from query-cpus reply (rhbz#1097930)\n- qemu: monitor: Add support for calling query-hotpluggable-cpus (rhbz#1097930)\n- qemu: monitor: Add algorithm for combining query-(hotpluggable-)-cpus data (rhbz#1097930)\n- tests: Add test infrastructure for qemuMonitorGetCPUInfo (rhbz#1097930)\n- tests: cpu-hotplug: Add data for x86 hotplug with 11+ vcpus (rhbz#1097930)\n- tests: cpu-hotplug: Add data for ppc64 platform including hotplug (rhbz#1097930)\n- tests: cpu-hotplug: Add data for ppc64 out-of-order hotplug (rhbz#1097930)\n- tests: cpu-hotplug: Add data for ppc64 without threads enabled (rhbz#1097930)\n- qemu: domain: Extract cpu-hotplug related data (rhbz#1097930)\n- qemu: domain: Prepare for VCPUs vanishing while libvirt is not running (rhbz#1097930)\n- util: Extract and rename qemuDomainDelCgroupForThread to virCgroupDelThread (rhbz#1097930)\n- conf: Add XML for individual vCPU hotplug (rhbz#1097930)\n- qemu: migration: Prepare for non-contiguous vcpu configurations (rhbz#1097930)\n- qemu: command: Add helper to convert vcpu definition to JSON props (rhbz#1097930)\n- qemu: process: Copy final vcpu order information into the vcpu definition (rhbz#1097930)\n- qemu: command: Add support for sparse vcpu topologies (rhbz#1097930)\n- qemu: Use modern vcpu hotplug approach if possible (rhbz#1097930)\n- qemu: hotplug: Allow marking unplugged devices by alias (rhbz#1097930)\n- qemu: hotplug: Add support for VCPU unplug (rhbz#1224341)\n- virsh: vcpuinfo: Report vcpu number from the structure rather than it's position (rhbz#1097930)\n- qemu: driver: Fix qemuDomainHelperGetVcpus for sparse vcpu topologies (rhbz#1097930)\n- doc: clarify documentation for vcpu order (rhbz#1097930)\n- conf: Don't validate vcpu count in XML parser (rhbz#1097930)\n- qemu: driver: Validate configuration when setting maximum vcpu count (rhbz#1370066)\n- conf: Fix build with picky GCC (rhbz#1097930)\n[2.0.0-6]\n- qemu_command: don't modify heads for graphics device (rhbz#1366119)\n- virsh: Fix core for cmdSecretGetValue (rhbz#1366611)\n- conf: report an error message for non-existing USB hubs (rhbz#1367130)\n- conf: free the ports array of a USB hub (rhbz#1366097)\n- utils: storage: Fix JSON field name for uri based storage (rhbz#1367260)\n- qemu: Adjust the cur_ballon on coldplug/unplug of dimms (rhbz#1220702)\n- conf: Provide error on undefined iothreadsched entry (rhbz#1366484)\n- qemu: Fix the command line generation for rbd auth using aes secrets (rhbz#1182074)\n- qemu: Fix crash hot plugging luks volume (rhbz#1367259)\n- Revert 'admin: Fix the default uri for session daemon to libvirtd:///session' (rhbz#1367269)\n- libvirt: convert to typesafe virConf accessors (rhbz#1367269)\n- admin: Fix default uri config option name s/admin_uri_default/uri_default (rhbz#1367269)\n- virt-admin: Properly fix the default session daemon URI to admin server (rhbz#1367269)\n[2.0.0-5]\n- qemu: Fix domain state after reset (rhbz#1269575)\n- rpc: virnetserver: Rename ClientSetProcessingControls to ClientSetLimits (rhbz#1357776)\n- rpc: virnetserver: Move virNetServerCheckLimits which is static up in the file (rhbz#1357776)\n- rpc: virnetserver: Add code to CheckLimits to handle suspending of services (rhbz#1357776)\n- admin: rpc: virnetserver: Fix updating of the client limits (rhbz#1357776)\n- rpc: virnetserver: Remove dead code checking the client limits (rhbz#1357776)\n- storage: Fix a NULL ptr dereference in virStorageBackendCreateQemuImg (rhbz#1363636)\n- qemu: Introduce qemuAliasFromHostdev (rhbz#1289391)\n- qemu: Use the hostdev alias in qemuDomainAttachHostSCSIDevice error path (rhbz#1289391)\n- storage: Don't remove the pool for buildPool failure in storagePoolCreate (rhbz#1362349)\n- lxcDomainCreateXMLWithFiles: Avoid crash (rhbz#1363773)\n- admin: Fix the default uri for session daemon to libvirtd:///session (rhbz#1356858)\n- docs: Distribute subsite.xsl (rhbz#1365004)\n- qemuBuildMachineCommandLine: Follow our pattern (rhbz#1304483)\n- Introduce SMM feature (rhbz#1304483)\n- Introduce @secure attribute to os loader element (rhbz#1304483)\n- qemu: Enable secure boot (rhbz#1304483)\n- qemu: Advertise OVMF_CODE.secboot.fd (rhbz#1304483)\n- tests: Fix broken build (rhbz#1304483)\n- cpu_x86: Introduce x86FeatureIsMigratable (rhbz#1365500)\n- cpu_x86: Properly drop non-migratable features (rhbz#1365500)\n- tests: Add a test for host-model CPU with CMT feature (rhbz#1365500)\n- cpu_x86: Fix host-model CPUs on hosts with CMT (rhbz#1365500)\n- virt-admin: Fix the error when an invalid URI has been provided (rhbz#1365903)\n- conf: improve error log when PCI devices don't match requested controller (rhbz#1363627)\n- conf: don't allow connecting upstream-port directly to pce-expander-bus (rhbz#1361172)\n- conf: restrict where dmi-to-pci-bridge can be connected (rhbz#1363648)\n- conf: restrict expander buses to connect only to a root bus (rhbz#1358712)\n- virNetDevMacVLanCreateWithVPortProfile: Don't mask virNetDevMacVLanTapOpen error (rhbz#1240439)\n[2.0.0-4]\n- qemu: hotplug: fix changeable media ejection (rhbz#1359071)\n- lxc: Don't crash by forgetting to ref transient domains (rhbz#1351057)\n- Introduce \n device (rhbz#1235581)\n- Add QEMU_CAPS_DEVICE_INTEL_IOMMU (rhbz#1235581)\n- qemu: format intel-iommu on the command line (rhbz#1235581)\n- qemu_monitor_json: add support to search QOM device path by device alias (rhbz#1358728)\n- hvsupport: Introduce parseSymsFile (rhbz#1286679)\n- hvsupport: use a regex instead of XML::XPath (rhbz#1286679)\n- hvsupport: construct the group regex upfront (rhbz#1286679)\n- hvsupport: skip non-matching lines early (rhbz#1286679)\n- virconf: Fix config file path construction (rhbz#1357364)\n- virDomainHostdevDefFree: Don't leak privateData (rhbz#1357346)\n- virt-admin: Output srv-threadpool-info data as unsigned int rather than signed (rhbz#1356769)\n- util: Introduce virISCSINodeNew (rhbz#1356436)\n- iscsi: Establish connection to target via static target login (rhbz#1356436)\n- storage: Document wiping formatted volume types (rhbz#868771)\n- admin: Retrieve the SASL context for both local and remote connection (rhbz#1361948)\n- daemon: sasl: Don't forget to save SASL username to client's identity (rhbz#1361948)\n- vsh: Make vshInitDebug return int instead of void (rhbz#1357363)\n- tools: Make use of the correct environment variables (rhbz#1357363)\n- util: Add 'usage' for encryption (rhbz#1301021)\n- virStorageEncryptionSecretFree: Don't leak secret lookup definition (rhbz#1301021)\n- encryption: Add luks parsing for storageencryption (rhbz#1301021)\n- encryption: Add \n and \n to encryption (rhbz#1301021)\n- qemu: Introduce helper qemuDomainSecretDiskCapable (rhbz#1301021)\n- tests: Adjust LUKS tests to use 'volume' secret type (rhbz#1301021)\n- docs: Update docs to reflect LUKS secret changes (rhbz#1301021)\n- qemu: Alter error path cleanup for qemuDomainAttachHostSCSIDevice (rhbz#1301021)\n- qemu: Alter error path cleanup for qemuDomainAttachVirtioDiskDevice (rhbz#1301021)\n- qemu: Alter error path cleanup for qemuDomainAttachSCSIDisk (rhbz#1301021)\n- qemu: Move and rename qemuBufferEscapeComma (rhbz#1301021)\n- storage: Add support to create a luks volume (rhbz#1301021)\n- qemu: Add secinfo for hotplug virtio disk (rhbz#1301021)\n- qemu: Alter the qemuDomainGetSecretAESAlias to add new arg (rhbz#1301021)\n- qemu: Add luks support for domain disk (rhbz#1301021)\n- qemu: Move setting of obj bools for qemuDomainAttachVirtioDiskDevice (rhbz#1301021)\n- qemu: Move setting of encobjAdded for qemuDomainAttachSCSIDisk (rhbz#1301021)\n- storage: Fix error path (rhbz#1301021)\n- qemu: Disallow usage of luks encryption if aes secret not possible (rhbz#1301021)\n- storage: Add extra failure condition for luks volume creation (rhbz#1301021)\n- virstoragefile: refactor virStorageFileMatchesNNN methods (rhbz#1301021)\n- qemu: Make qemuDomainCheckDiskStartupPolicy self-contained (rhbz#1168453)\n- qemu: Remove unnecessary label and its only reference (rhbz#1168453)\n- qemu: Fix support for startupPolicy with volume/pool disks (rhbz#1168453)\n- virsh: Report error when explicit connection fails (rhbz#1356461)\n- tests: Add testing of backing store string parser (rhbz#1134878)\n- util: json: Make first argument of virJSONValueObjectForeachKeyValue const (rhbz#1134878)\n- util: qemu: Add wrapper for JSON -> commandline conversion (rhbz#1134878)\n- util: qemu: Add support for user-passed strings in JSON->commandline (rhbz#1134878)\n- util: qemu: Allow nested objects in JSON -> commandline generator (rhbz#1134878)\n- util: qemu: Allow for different approaches to format JSON arrays (rhbz#1134878)\n- util: qemu: Don't generate any extra commas in virQEMUBuildCommandLineJSON (rhbz#1134878)\n- util: json: Make first argument of virJSONValueCopy const (rhbz#1134878)\n- util: storage: Add parser for qemu's json backing pseudo-protocol (rhbz#1134878)\n- util: storage: Add support for host device backing specified via JSON (rhbz#1134878)\n- util: storage: Add support for URI based backing volumes in qemu's JSON pseudo-protocol (rhbz#1134878)\n- util: storage: Add json pseudo protocol support for gluster volumes (rhbz#1134878)\n- util: storage: Add json pseudo protocol support for iSCSI volumes (rhbz#1134878)\n- util: storage: Add JSON backing volume parser for 'nbd' protocol (rhbz#1134878)\n- util: storage: Add JSON backing store parser for 'sheepdog' protocol (rhbz#1134878)\n- util: storage: Add 'ssh' network storage protocol (rhbz#1134878)\n- util: storage: Add JSON backing volume parser for 'ssh' protocol (rhbz#1134878)\n- qemu: command: Rename qemuBuildNetworkDriveURI to qemuBuildNetworkDriveStr (rhbz#1247521)\n- qemu: command: Split out network disk URI building (rhbz#1247521)\n- qemu: command: Extract drive source command line formatter (rhbz#1247521)\n- qemu: command: Refactor code extracted to qemuBuildDriveSourceStr (rhbz#1247521)\n- storage: gluster: Support multiple hosts in backend functions (rhbz#1247521)\n- util: qemu: Add support for numbered array members (rhbz#1247521)\n- qemu: command: Add infrastructure for object specified disk sources (rhbz#1247521)\n- qemu: command: Add support for multi-host gluster disks (rhbz#1247521)\n- qemu: Need to free fileprops in error path (rhbz#1247521)\n- storage: remove 'luks' storage volume type (rhbz#1301021)\n[2.0.0-3]\n- qemu: getAutoDumpPath() return value should be dumpfile not domname. (rhbz#1354238)\n- qemu: Copy complete domain def in qemuDomainDefFormatBuf (rhbz#1320470)\n- qemu: Drop default channel path during migration (rhbz#1320470)\n- qemu: Fix migration from old libvirt (rhbz#1320500)\n- Add USB addresses to qemuhotplug test cases (rhbz#1215968)\n- Introduce virDomainUSBDeviceDefForeach (rhbz#1215968)\n- Allow omitting USB port (rhbz#1215968)\n- Store USB port path as an array of integers (rhbz#1215968)\n- Introduce virDomainUSBAddressSet (rhbz#1215968)\n- Add functions for adding USB controllers to addrs (rhbz#1215968)\n- Add functions for adding USB hubs to addrs (rhbz#1215968)\n- Reserve existing USB addresses (rhbz#1215968)\n- Add tests for USB address assignment (rhbz#1215968)\n- Assign addresses to USB devices (rhbz#1215968)\n- Assign addresses on USB device hotplug (rhbz#1215968)\n- Auto-add one hub if there are too many USB devices (rhbz#1215968)\n[2.0.0-2]\n- qemu: Use bootindex whenever possible (rhbz#1323085)\n- qemu: Properly reset spiceMigration flag (rhbz#1151723)\n- qemu: Drop useless SPICE migration code (rhbz#1151723)\n- qemu: Memory locking is only required for KVM guests on ppc64 (rhbz#1350772)\n- virtlogd: make max file size & number of backups configurable (rhbz#1351209)\n- virtlogd: increase max file size to 2 MB (rhbz#1351209)\n[2.0.0-1]\n- Rebased to libvirt-2.0.0 (rhbz#1286679)\n- The rebase also fixes the following bugs:\n rhbz#735385, rhbz#1004602, rhbz#1046833, rhbz#1180092, rhbz#1216281\n rhbz#1283207, rhbz#1286679, rhbz#1289288, rhbz#1302373, rhbz#1304222\n rhbz#1312188, rhbz#1316370, rhbz#1320893, rhbz#1322210, rhbz#1325072\n rhbz#1325080, rhbz#1332446, rhbz#1333248, rhbz#1333404, rhbz#1334237\n rhbz#1335617, rhbz#1335832, rhbz#1337869, rhbz#1341415, rhbz#1342342\n rhbz#1342874, rhbz#1342962, rhbz#1343442, rhbz#1344892, rhbz#1344897\n rhbz#1345743, rhbz#1346723, rhbz#1346724, rhbz#1346730, rhbz#1350688\n rhbz#1351473\n[1.3.5-1]\n- Rebased to libvirt-1.3.5 (rhbz#1286679)\n- The rebase also fixes the following bugs:\n rhbz#1139766, rhbz#1182074, rhbz#1209802, rhbz#1265694, rhbz#1286679\n rhbz#1286709, rhbz#1318993, rhbz#1319044, rhbz#1320836, rhbz#1326660\n rhbz#1327537, rhbz#1328003, rhbz#1328301, rhbz#1329045, rhbz#1336629\n rhbz#1337073, rhbz#1339900, rhbz#1341460\n[1.3.4-1]\n- Rebased to libvirt-1.3.4 (rhbz#1286679)\n- The rebase also fixes the following bugs:\n rhbz#1002423, rhbz#1004593, rhbz#1038888, rhbz#1103314, rhbz#1220702\n rhbz#1286679, rhbz#1289363, rhbz#1320447, rhbz#1324551, rhbz#1325043\n rhbz#1325075, rhbz#1325757, rhbz#1326270, rhbz#1327499, rhbz#1328401\n rhbz#1329041, rhbz#1329046, rhbz#1329819, rhbz#1331228\n[1.3.3-2]\n- qemu: perf: Fix crash/memory corruption on failed VM start (rhbz#1324757)\n[1.3.3-1]\n- Rebased to libvirt-1.3.3 (rhbz#1286679)\n- The rebase also fixes the following bugs:\n rhbz#830971, rhbz#986365, rhbz#1151723, rhbz#1195176, rhbz#1249441\n rhbz#1260749, rhbz#1264008, rhbz#1269715, rhbz#1278727, rhbz#1281706\n rhbz#1282744, rhbz#1286679, rhbz#1288000, rhbz#1289363, rhbz#1293804\n rhbz#1306556, rhbz#1308317, rhbz#1313264, rhbz#1313314, rhbz#1314594\n rhbz#1315059, rhbz#1316371, rhbz#1316384, rhbz#1316420, rhbz#1316433\n rhbz#1316465, rhbz#1317531, rhbz#1318569, rhbz#1321546\n[1.3.2-1]\n- Rebased to libvirt-1.3.2 (rhbz#1286679)\n- The rebase also fixes the following bugs:\n rhbz#1197592, rhbz#1235180, rhbz#1244128, rhbz#1244567, rhbz#1245013\n rhbz#1250331, rhbz#1265694, rhbz#1267256, rhbz#1275039, rhbz#1282846\n rhbz#1283085, rhbz#1286679, rhbz#1290324, rhbz#1293241, rhbz#1293899\n rhbz#1299696, rhbz#1305922\n[1.3.1-1]\n- Rebased to libvirt-1.3.1 (rhbz#1286679)\n- The rebase also fixes the following bugs:\n rhbz#1207692, rhbz#1233115, rhbz#1245476, rhbz#1298065, rhbz#1026136\n rhbz#1207751, rhbz#1210587, rhbz#1250287, rhbz#1253107, rhbz#1254152\n rhbz#1257486, rhbz#1266078, rhbz#1271107, rhbz#1159219, rhbz#1163091\n rhbz#1196711, rhbz#1263574, rhbz#1270427, rhbz#1245525, rhbz#1247987\n rhbz#1248277, rhbz#1249981, rhbz#1251461, rhbz#1256999, rhbz#1264008\n rhbz#1265049, rhbz#1265114, rhbz#1270715, rhbz#1272301, rhbz#1273686\n rhbz#997561, rhbz#1166452, rhbz#1231114, rhbz#1233003, rhbz#1260576\n rhbz#1261432, rhbz#1273480, rhbz#1273491, rhbz#1277781, rhbz#1278404\n rhbz#1281707, rhbz#1282288, rhbz#1285665, rhbz#1288690, rhbz#1292984\n rhbz#921135, rhbz#1025230, rhbz#1240439, rhbz#1266982, rhbz#1270709\n rhbz#1276198, rhbz#1278068, rhbz#1278421, rhbz#1281710, rhbz#1291035\n rhbz#1297020, rhbz#1297690\n- RHEL: Add rhel machine types to qemuDomainMachineNeedsFDC (rhbz#1227880)\n- RHEL: qemu: Support vhost-user-multiqueue with QEMU 2.3 (rhbz#1207692)", "edition": 72, "modified": "2016-11-09T00:00:00", "published": "2016-11-09T00:00:00", "id": "ELSA-2016-2577", "href": "http://linux.oracle.com/errata/ELSA-2016-2577.html", "title": "libvirt security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-01T05:06:50", "description": "An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nThe following packages have been upgraded to a newer upstream version:\nlibvirt (2.0.0). (BZ#830971, BZ#1286679)\n\nSecurity Fix(es) :\n\n* It was found that the libvirt daemon, when using RBD (RADOS Block\nDevice), leaked private credentials to the process list. A local\nattacker could use this flaw to perform certain privileged operations\nwithin the cluster. (CVE-2015-5160)\n\n* A path-traversal flaw was found in the way the libvirt daemon\nhandled filesystem names for storage volumes. A libvirt user with\nprivileges to create storage volumes and without privileges to create\nand modify domains could possibly use this flaw to escalate their\nprivileges. (CVE-2015-5313)\n\n* It was found that setting a VNC password to an empty string in\nlibvirt did not disable all access to the VNC server as documented,\ninstead it allowed access with no authentication required. An attacker\ncould use this flaw to access a VNC server with an empty VNC password\nwithout any authentication. (CVE-2016-5008)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-04T00:00:00", "title": "RHEL 7 : libvirt (RHSA-2016:2577)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5160", "CVE-2016-5008", "CVE-2015-5313"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:redhat:enterprise_linux:libvirt-client", "p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:libvirt", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc", "p-cpe:/a:redhat:enterprise_linux:libvirt-docs", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:libvirt-nss", "p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell", "p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface", "p-cpe:/a:redhat:enterprise_linux:libvirt-devel"], "id": "REDHAT-RHSA-2016-2577.NASL", "href": "https://www.tenable.com/plugins/nessus/94540", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2577. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94540);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2015-5160\", \"CVE-2015-5313\", \"CVE-2016-5008\");\n script_xref(name:\"RHSA\", value:\"2016:2577\");\n\n script_name(english:\"RHEL 7 : libvirt (RHSA-2016:2577)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nThe following packages have been upgraded to a newer upstream version:\nlibvirt (2.0.0). (BZ#830971, BZ#1286679)\n\nSecurity Fix(es) :\n\n* It was found that the libvirt daemon, when using RBD (RADOS Block\nDevice), leaked private credentials to the process list. A local\nattacker could use this flaw to perform certain privileged operations\nwithin the cluster. (CVE-2015-5160)\n\n* A path-traversal flaw was found in the way the libvirt daemon\nhandled filesystem names for storage volumes. A libvirt user with\nprivileges to create storage volumes and without privileges to create\nand modify domains could possibly use this flaw to escalate their\nprivileges. (CVE-2015-5313)\n\n* It was found that setting a VNC password to an empty string in\nlibvirt did not disable all access to the VNC server as documented,\ninstead it allowed access with no authentication required. An attacker\ncould use this flaw to access a VNC server with an empty VNC password\nwithout any authentication. (CVE-2016-5008)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5008\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2577\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-client-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-config-network-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-config-nwfilter-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-interface-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-lxc-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-network-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-nodedev-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-nwfilter-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-secret-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-driver-storage-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-daemon-lxc-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-debuginfo-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-devel-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-docs-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-docs-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"libvirt-login-shell-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libvirt-nss-2.0.0-10.el7\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-daemon / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:30:49", "description": "An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nThe following packages have been upgraded to a newer upstream version:\nlibvirt (2.0.0). (BZ#830971, BZ#1286679)\n\nSecurity Fix(es) :\n\n* It was found that the libvirt daemon, when using RBD (RADOS Block\nDevice), leaked private credentials to the process list. A local\nattacker could use this flaw to perform certain privileged operations\nwithin the cluster. (CVE-2015-5160)\n\n* A path-traversal flaw was found in the way the libvirt daemon\nhandled filesystem names for storage volumes. A libvirt user with\nprivileges to create storage volumes and without privileges to create\nand modify domains could possibly use this flaw to escalate their\nprivileges. (CVE-2015-5313)\n\n* It was found that setting a VNC password to an empty string in\nlibvirt did not disable all access to the VNC server as documented,\ninstead it allowed access with no authentication required. An attacker\ncould use this flaw to access a VNC server with an empty VNC password\nwithout any authentication. (CVE-2016-5008)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-28T00:00:00", "title": "CentOS 7 : libvirt (CESA-2016:2577)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5160", "CVE-2016-5008", "CVE-2015-5313"], "modified": "2016-11-28T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libvirt-docs", "p-cpe:/a:centos:centos:libvirt-daemon-driver-lxc", "p-cpe:/a:centos:centos:libvirt-client", "p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:libvirt-daemon-driver-interface", "p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu", "p-cpe:/a:centos:centos:libvirt-lock-sanlock", "p-cpe:/a:centos:centos:libvirt-daemon-driver-storage", "p-cpe:/a:centos:centos:libvirt-daemon-lxc", "p-cpe:/a:centos:centos:libvirt-daemon-driver-secret", "p-cpe:/a:centos:centos:libvirt-daemon-kvm", "p-cpe:/a:centos:centos:libvirt", "p-cpe:/a:centos:centos:libvirt-daemon", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter", "p-cpe:/a:centos:centos:libvirt-nss", "p-cpe:/a:centos:centos:libvirt-daemon-config-network", "p-cpe:/a:centos:centos:libvirt-login-shell", "p-cpe:/a:centos:centos:libvirt-daemon-driver-network", "p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev", "p-cpe:/a:centos:centos:libvirt-devel"], "id": "CENTOS_RHSA-2016-2577.NASL", "href": "https://www.tenable.com/plugins/nessus/95324", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2577 and \n# CentOS Errata and Security Advisory 2016:2577 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95324);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5160\", \"CVE-2015-5313\", \"CVE-2016-5008\");\n script_xref(name:\"RHSA\", value:\"2016:2577\");\n\n script_name(english:\"CentOS 7 : libvirt (CESA-2016:2577)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nThe following packages have been upgraded to a newer upstream version:\nlibvirt (2.0.0). (BZ#830971, BZ#1286679)\n\nSecurity Fix(es) :\n\n* It was found that the libvirt daemon, when using RBD (RADOS Block\nDevice), leaked private credentials to the process list. A local\nattacker could use this flaw to perform certain privileged operations\nwithin the cluster. (CVE-2015-5160)\n\n* A path-traversal flaw was found in the way the libvirt daemon\nhandled filesystem names for storage volumes. A libvirt user with\nprivileges to create storage volumes and without privileges to create\nand modify domains could possibly use this flaw to escalate their\nprivileges. (CVE-2015-5313)\n\n* It was found that setting a VNC password to an empty string in\nlibvirt did not disable all access to the VNC server as documented,\ninstead it allowed access with no authentication required. An attacker\ncould use this flaw to access a VNC server with an empty VNC password\nwithout any authentication. (CVE-2016-5008)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003620.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e54d212d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5008\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-client-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-devel-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-docs-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libvirt-nss-2.0.0-10.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-daemon / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T12:50:50", "description": "From Red Hat Security Advisory 2016:2577 :\n\nAn update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nThe following packages have been upgraded to a newer upstream version:\nlibvirt (2.0.0). (BZ#830971, BZ#1286679)\n\nSecurity Fix(es) :\n\n* It was found that the libvirt daemon, when using RBD (RADOS Block\nDevice), leaked private credentials to the process list. A local\nattacker could use this flaw to perform certain privileged operations\nwithin the cluster. (CVE-2015-5160)\n\n* A path-traversal flaw was found in the way the libvirt daemon\nhandled filesystem names for storage volumes. A libvirt user with\nprivileges to create storage volumes and without privileges to create\nand modify domains could possibly use this flaw to escalate their\nprivileges. (CVE-2015-5313)\n\n* It was found that setting a VNC password to an empty string in\nlibvirt did not disable all access to the VNC server as documented,\ninstead it allowed access with no authentication required. An attacker\ncould use this flaw to access a VNC server with an empty VNC password\nwithout any authentication. (CVE-2016-5008)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-11T00:00:00", "title": "Oracle Linux 7 : libvirt (ELSA-2016-2577)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5160", "CVE-2016-5008", "CVE-2015-5313"], "modified": "2016-11-11T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc", "p-cpe:/a:oracle:linux:libvirt-login-shell", "p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret", "p-cpe:/a:oracle:linux:libvirt-devel", "p-cpe:/a:oracle:linux:libvirt-daemon", "p-cpe:/a:oracle:linux:libvirt-client", "p-cpe:/a:oracle:linux:libvirt-lock-sanlock", "p-cpe:/a:oracle:linux:libvirt-daemon-config-network", "p-cpe:/a:oracle:linux:libvirt-nss", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-network", "p-cpe:/a:oracle:linux:libvirt-docs", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:libvirt-daemon-kvm", "p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage", "p-cpe:/a:oracle:linux:libvirt", "p-cpe:/a:oracle:linux:libvirt-daemon-lxc"], "id": "ORACLELINUX_ELSA-2016-2577.NASL", "href": "https://www.tenable.com/plugins/nessus/94700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2577 and \n# Oracle Linux Security Advisory ELSA-2016-2577 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94700);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5160\", \"CVE-2015-5313\", \"CVE-2016-5008\");\n script_xref(name:\"RHSA\", value:\"2016:2577\");\n\n script_name(english:\"Oracle Linux 7 : libvirt (ELSA-2016-2577)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2577 :\n\nAn update for libvirt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libvirt library contains a C API for managing and interacting with\nthe virtualization capabilities of Linux and other operating systems.\nIn addition, libvirt provides tools for remote management of\nvirtualized systems.\n\nThe following packages have been upgraded to a newer upstream version:\nlibvirt (2.0.0). (BZ#830971, BZ#1286679)\n\nSecurity Fix(es) :\n\n* It was found that the libvirt daemon, when using RBD (RADOS Block\nDevice), leaked private credentials to the process list. A local\nattacker could use this flaw to perform certain privileged operations\nwithin the cluster. (CVE-2015-5160)\n\n* A path-traversal flaw was found in the way the libvirt daemon\nhandled filesystem names for storage volumes. A libvirt user with\nprivileges to create storage volumes and without privileges to create\nand modify domains could possibly use this flaw to escalate their\nprivileges. (CVE-2015-5313)\n\n* It was found that setting a VNC password to an empty string in\nlibvirt did not disable all access to the VNC server as documented,\ninstead it allowed access with no authentication required. An attacker\ncould use this flaw to access a VNC server with an empty VNC password\nwithout any authentication. (CVE-2016-5008)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006468.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-client-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-kvm-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-devel-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-docs-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-lock-sanlock-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-login-shell-2.0.0-10.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libvirt-nss-2.0.0-10.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-daemon / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:51:28", "description": "Libvit development team reports :\n\nVarious virStorageVol* API operate on user-supplied volume names by\nconcatenating the volume name to the pool location. Note that the\nvirStoragePoolListVolumes API, when used on a storage pool backed by a\ndirectory in a file system, will only list volumes immediately in that\ndirectory (there is no traversal into subdirectories). However, other\nAPIs such as virStorageVolCreateXML were not checking if a potential\nvolume name represented one of the volumes that could be returned by\nvirStoragePoolListVolumes; because they were not rejecting the use of\n'/' in a volume name.\n\nBecause no checking was done on volume names, a user could supply a\npotential volume name of something like '../../../etc/passwd' to\nattempt to access a file not belonging to the storage pool. When\nfine-grained Access Control Lists (ACL) are in effect, a user with\nstorage_vol:create ACL permission but lacking domain:write permission\ncould thus abuse virStorageVolCreateXML and similar APIs to gain\naccess to files not normally permitted to that user. Fortunately, it\nappears that the only APIs that could leak information or corrupt\nfiles require read-write connection to libvirtd; and when ACLs are not\nin use (the default without any further configuration), a user with\nread-write access can already be considered to have full access to the\nmachine, and without an escalation of privilege there is no security\nproblem.", "edition": 25, "cvss3": {"score": 2.5, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2015-12-21T00:00:00", "title": "FreeBSD : libvirt -- ACL bypass using ../ to access beyond storage pool (f714b4c9-a6c1-11e5-88d7-047d7b492d07)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5313"], "modified": "2015-12-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libvirt", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F714B4C9A6C111E588D7047D7B492D07.NASL", "href": "https://www.tenable.com/plugins/nessus/87515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87515);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5313\");\n\n script_name(english:\"FreeBSD : libvirt -- ACL bypass using ../ to access beyond storage pool (f714b4c9-a6c1-11e5-88d7-047d7b492d07)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Libvit development team reports :\n\nVarious virStorageVol* API operate on user-supplied volume names by\nconcatenating the volume name to the pool location. Note that the\nvirStoragePoolListVolumes API, when used on a storage pool backed by a\ndirectory in a file system, will only list volumes immediately in that\ndirectory (there is no traversal into subdirectories). However, other\nAPIs such as virStorageVolCreateXML were not checking if a potential\nvolume name represented one of the volumes that could be returned by\nvirStoragePoolListVolumes; because they were not rejecting the use of\n'/' in a volume name.\n\nBecause no checking was done on volume names, a user could supply a\npotential volume name of something like '../../../etc/passwd' to\nattempt to access a file not belonging to the storage pool. When\nfine-grained Access Control Lists (ACL) are in effect, a user with\nstorage_vol:create ACL permission but lacking domain:write permission\ncould thus abuse virStorageVolCreateXML and similar APIs to gain\naccess to files not normally permitted to that user. Fortunately, it\nappears that the only APIs that could leak information or corrupt\nfiles require read-write connection to libvirtd; and when ACLs are not\nin use (the default without any further configuration), a user with\nread-write access can already be considered to have full access to the\nmachine, and without an escalation of privilege there is no security\nproblem.\"\n );\n # http://security.libvirt.org/2015/0004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.libvirt.org/2015/0004.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f714b4c9-a6c1-11e5-88d7-047d7b492d07.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?853d501e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libvirt>=1.1.0<1.2.19_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libvirt>=1.2.20<1.3.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:30:41", "description": "This update for libvirt fixes the following issues :\n\n - CVE-2015-5313: directory directory traversal privilege\n escalation vulnerability. (boo#953110)", "edition": 18, "cvss3": {"score": 2.5, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-01-26T00:00:00", "title": "openSUSE Security Update : libvirt (openSUSE-2016-77)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5313"], "modified": "2016-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml", "p-cpe:/a:novell:opensuse:libvirt-login-shell-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-devel-32bit", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libvirt-daemon-config-network", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage", "p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-lock-sanlock", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:libvirt-client-32bit", "p-cpe:/a:novell:opensuse:libvirt-daemon-qemu", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-devel", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-login-shell", "p-cpe:/a:novell:opensuse:libvirt-daemon-uml", "p-cpe:/a:novell:opensuse:libvirt", "p-cpe:/a:novell:opensuse:libvirt-daemon-lxc", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface", "p-cpe:/a:novell:opensuse:libvirt-daemon-xen", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-vbox", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-client", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-client-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret", "p-cpe:/a:novell:opensuse:libvirt-debugsource", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network", "p-cpe:/a:novell:opensuse:libvirt-daemon"], "id": "OPENSUSE-2016-77.NASL", "href": "https://www.tenable.com/plugins/nessus/88160", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-77.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88160);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5313\");\n\n script_name(english:\"openSUSE Security Update : libvirt (openSUSE-2016-77)\");\n script_summary(english:\"Check for the openSUSE-2016-77 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libvirt fixes the following issues :\n\n - CVE-2015-5313: directory directory traversal privilege\n escalation vulnerability. (boo#953110)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953110\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-login-shell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-client-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-client-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-config-network-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-config-nwfilter-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-interface-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-interface-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-lxc-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-lxc-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-network-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-network-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-nodedev-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-nwfilter-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-qemu-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-qemu-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-secret-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-secret-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-storage-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-storage-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-uml-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-uml-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-vbox-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-driver-vbox-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-lxc-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-qemu-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-uml-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-daemon-vbox-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-debugsource-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-devel-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-lock-sanlock-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-lock-sanlock-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-login-shell-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvirt-login-shell-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvirt-client-32bit-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvirt-client-debuginfo-32bit-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-xen-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-xen-debuginfo-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libvirt-devel-32bit-1.2.9-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-client-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-client-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-config-network-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-config-nwfilter-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-interface-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-interface-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-lxc-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-lxc-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-network-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-network-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-nodedev-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-nwfilter-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-qemu-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-qemu-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-secret-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-secret-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-storage-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-storage-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-uml-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-uml-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-vbox-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-driver-vbox-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-lxc-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-qemu-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-uml-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-daemon-vbox-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-debugsource-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-devel-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-lock-sanlock-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-lock-sanlock-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-login-shell-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libvirt-login-shell-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libvirt-client-32bit-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libvirt-client-debuginfo-32bit-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-1.2.18.2-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libvirt-devel-32bit-1.2.18.2-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-client-32bit / etc\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:30:42", "description": "Maintenance update for openSUSE13.1 libvirt package.\n\n - Fix cve-2015-5313: directory directory traversal\n privilege escalation vulnerability.\n e8643ef6-cve-2015-5313.patch bsc#953110\n\n - qemu: Call qemuSetupHostdevCGroup later during hotplug\n 05e149f9-call-qemuSetupHostdevCGroup-later.patch qemu:\n hotplug: Only label hostdev after checking device\n conflicts ee414b5d-fix-qemu-hotplug-usb-hostdev.patch\n bsc#863933 \n\n - libxl: support virtual sound devices in HVM domains\n c0d3f608-libxl-soundhw.patch bsc#875216", "edition": 18, "cvss3": {"score": 2.5, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-01-27T00:00:00", "title": "openSUSE Security Update : libvirt (openSUSE-2016-82)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5313"], "modified": "2016-01-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml", "p-cpe:/a:novell:opensuse:libvirt-login-shell-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-devel-32bit", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libvirt-daemon-config-network", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage", "p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:opensuse:libvirt-python-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-lock-sanlock", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen", "p-cpe:/a:novell:opensuse:libvirt-client-32bit", "p-cpe:/a:novell:opensuse:libvirt-daemon-qemu", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-devel", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-login-shell", "p-cpe:/a:novell:opensuse:libvirt-daemon-uml", "p-cpe:/a:novell:opensuse:libvirt", "p-cpe:/a:novell:opensuse:libvirt-python", "p-cpe:/a:novell:opensuse:libvirt-daemon-lxc", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface", "p-cpe:/a:novell:opensuse:libvirt-daemon-xen", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-vbox", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-client", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-client-debuginfo", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret", "p-cpe:/a:novell:opensuse:libvirt-debugsource", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network", "p-cpe:/a:novell:opensuse:libvirt-daemon"], "id": "OPENSUSE-2016-82.NASL", "href": "https://www.tenable.com/plugins/nessus/88395", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-82.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88395);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5313\");\n\n script_name(english:\"openSUSE Security Update : libvirt (openSUSE-2016-82)\");\n script_summary(english:\"Check for the openSUSE-2016-82 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Maintenance update for openSUSE13.1 libvirt package.\n\n - Fix cve-2015-5313: directory directory traversal\n privilege escalation vulnerability.\n e8643ef6-cve-2015-5313.patch bsc#953110\n\n - qemu: Call qemuSetupHostdevCGroup later during hotplug\n 05e149f9-call-qemuSetupHostdevCGroup-later.patch qemu:\n hotplug: Only label hostdev after checking device\n conflicts ee414b5d-fix-qemu-hotplug-usb-hostdev.patch\n bsc#863933 \n\n - libxl: support virtual sound devices in HVM domains\n c0d3f608-libxl-soundhw.patch bsc#875216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=863933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=875216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953110\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-storage-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-uml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-vbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-driver-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-uml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-vbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-login-shell-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvirt-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-client-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-client-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-config-network-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-config-nwfilter-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-interface-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-interface-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-lxc-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-lxc-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-network-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-network-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-nodedev-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-nwfilter-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-qemu-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-qemu-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-secret-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-secret-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-storage-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-storage-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-uml-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-uml-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-vbox-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-driver-vbox-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-lxc-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-qemu-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-uml-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-daemon-vbox-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-debugsource-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-devel-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-lock-sanlock-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-lock-sanlock-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-login-shell-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-login-shell-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-python-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvirt-python-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvirt-client-32bit-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvirt-client-debuginfo-32bit-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-xen-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-xen-debuginfo-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-1.1.2-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libvirt-devel-32bit-1.1.2-2.51.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt / libvirt-client / libvirt-client-32bit / etc\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T14:23:45", "description": "This update to libvirt 1.2.18.2 fixes the following minor security\nissue :\n\n - CVE-2015-5313: Directory traversal allowed privilege\n escalation (bsc#953110)\n\nThe following bugs were fixed :\n\n - bsc#952849: Don't add apparmor deny rw rule for 9P\n readonly mounts.\n\n - bsc#960305: libxl: support parsing and formatting vif\n bandwidth\n\n - bsc#954872: libxl: Add support for\n block-{dmmd,drbd,npiv} scripts\n\n - bsc#964465: Remove 'Wants=xencommons.service' from\n libvirtd service file\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 2.5, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-04-01T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2016:0923-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5313"], "modified": "2016-04-01T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl", "p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network", "p-cpe:/a:novell:suse_linux:libvirt-daemon-xen", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-debugsource", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter", "p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-doc", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev", "p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc"], "id": "SUSE_SU-2016-0923-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0923-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90305);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5313\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2016:0923-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to libvirt 1.2.18.2 fixes the following minor security\nissue :\n\n - CVE-2015-5313: Directory traversal allowed privilege\n escalation (bsc#953110)\n\nThe following bugs were fixed :\n\n - bsc#952849: Don't add apparmor deny rw rule for 9P\n readonly mounts.\n\n - bsc#960305: libxl: support parsing and formatting vif\n bandwidth\n\n - bsc#954872: libxl: Add support for\n block-{dmmd,drbd,npiv} scripts\n\n - bsc#964465: Remove 'Wants=xencommons.service' from\n libvirtd service file\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5313/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160923-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5880aceb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP1-2016-531=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-531=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-531=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-531=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-interface-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-libxl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-lxc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-network-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nodedev-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-nwfilter-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-qemu-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-secret-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-driver-storage-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-daemon-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-client-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-client-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-config-network-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-config-nwfilter-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-interface-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-interface-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-lxc-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-lxc-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-network-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-network-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-nodedev-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-nwfilter-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-qemu-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-qemu-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-secret-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-secret-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-driver-storage-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-lxc-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-daemon-qemu-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-debugsource-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-doc-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-lock-sanlock-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libvirt-lock-sanlock-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-client-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-client-32bit-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-client-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-client-debuginfo-32bit-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-network-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-config-nwfilter-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-interface-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-libxl-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-lxc-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-network-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nodedev-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-nwfilter-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-qemu-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-secret-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-driver-storage-debuginfo-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-lxc-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-qemu-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-daemon-xen-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-debugsource-1.2.18.2-8.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libvirt-doc-1.2.18.2-8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T11:05:26", "description": "The remote host is affected by the vulnerability described in GLSA-201612-10\n(libvirt: Directory traversal)\n\n Normally, only privileged users can coerce libvirt into creating or\n opening existing files using the virStorageVol APIs; and such users\n already have full privilege to create any domain XML.\n But in the case of fine-grained ACLs, it is feasible that a user can be\n granted storage_vol:create but not domain:write, and it violates\n assumptions if such a user can abuse libvirt to access files outside of\n the storage pool.\n \nImpact :\n\n When fine-grained Access Control Lists (ACL) are in effect, an\n authenticated local user with storage_vol:create permission but without\n domain:write permission maybe able to create or access arbitrary files\n outside of the storage pool.\n \nWorkaround :\n\n Don’t make use of fine-grained Access Control Lists (ACL) in libvirt;\n In Gentoo, libvirt’s ACL support is disable by default unless you\n enable the “policykit” USE flag.", "edition": 23, "cvss3": {"score": 2.5, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-12-05T00:00:00", "title": "GLSA-201612-10 : libvirt: Directory traversal", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5313"], "modified": "2016-12-05T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libvirt"], "id": "GENTOO_GLSA-201612-10.NASL", "href": "https://www.tenable.com/plugins/nessus/95525", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95525);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5313\");\n script_xref(name:\"GLSA\", value:\"201612-10\");\n\n script_name(english:\"GLSA-201612-10 : libvirt: Directory traversal\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-10\n(libvirt: Directory traversal)\n\n Normally, only privileged users can coerce libvirt into creating or\n opening existing files using the virStorageVol APIs; and such users\n already have full privilege to create any domain XML.\n But in the case of fine-grained ACLs, it is feasible that a user can be\n granted storage_vol:create but not domain:write, and it violates\n assumptions if such a user can abuse libvirt to access files outside of\n the storage pool.\n \nImpact :\n\n When fine-grained Access Control Lists (ACL) are in effect, an\n authenticated local user with storage_vol:create permission but without\n domain:write permission maybe able to create or access arbitrary files\n outside of the storage pool.\n \nWorkaround :\n\n Don’t make use of fine-grained Access Control Lists (ACL) in libvirt;\n In Gentoo, libvirt’s ACL support is disable by default unless you\n enable the “policykit” USE flag.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libvirt users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/libvirt-1.2.21-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/libvirt\", unaffected:make_list(\"ge 1.2.21-r1\"), vulnerable:make_list(\"lt 1.2.21-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T14:23:45", "description": "This update for libvirt fixes the following issues :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 2.5, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-04-05T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : libvirt (SUSE-SU-2016:0931-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5313"], "modified": "2016-04-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libvirt-client", "p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libvirt-doc", "p-cpe:/a:novell:suse_linux:libvirt"], "id": "SUSE_SU-2016-0931-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90346", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0931-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90346);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5313\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : libvirt (SUSE-SU-2016:0931-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libvirt fixes the following issues :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5313/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160931-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf85d75b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-libvirt-12487=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-libvirt-12487=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-libvirt-12487=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-libvirt-12487=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-client-32bit-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libvirt-client-32bit-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libvirt-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libvirt-client-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libvirt-doc-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libvirt-lock-sanlock-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-client-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-doc-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"libvirt-client-32bit-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libvirt-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libvirt-client-1.2.5-12.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"libvirt-doc-1.2.5-12.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:13:29", "description": " - Rebased to version 1.2.13.2 * disk backend is not\n removed properly when disk frontent hotplug fails (bz\n #1265968) * Fix TPM cancel path on newer kernels (bz\n #1244895) * Remove timeout for libvirt-guests.service\n (bz #1195544) * CVE-2015-5313 libvirt: filesystem\n storage volume names path traversal flaw (bz #1291433) *\n Fix VM names with non-ascii (bz #1062943) * Fix\n backwards migration with graphics listen address (bz\n #1276883)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 2.5, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-03-04T00:00:00", "title": "Fedora 22 : libvirt-1.2.13.2-1.fc22 (2015-2c9678da8c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5313"], "modified": "2016-03-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libvirt", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-2C9678DA8C.NASL", "href": "https://www.tenable.com/plugins/nessus/89191", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2c9678da8c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89191);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5313\");\n script_xref(name:\"FEDORA\", value:\"2015-2c9678da8c\");\n\n script_name(english:\"Fedora 22 : libvirt-1.2.13.2-1.fc22 (2015-2c9678da8c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Rebased to version 1.2.13.2 * disk backend is not\n removed properly when disk frontent hotplug fails (bz\n #1265968) * Fix TPM cancel path on newer kernels (bz\n #1244895) * Remove timeout for libvirt-guests.service\n (bz #1195544) * CVE-2015-5313 libvirt: filesystem\n storage volume names path traversal flaw (bz #1291433) *\n Fix VM names with non-ascii (bz #1062943) * Fix\n backwards migration with graphics listen address (bz\n #1276883)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1277121\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175206.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f9759eb0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvirt package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"libvirt-1.2.13.2-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvirt\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5313"], "description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. ", "modified": "2015-12-28T23:01:08", "published": "2015-12-28T23:01:08", "id": "FEDORA:383256087C12", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: libvirt-1.2.18.2-1.fc23", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5313"], "description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. ", "modified": "2016-01-08T03:35:48", "published": "2016-01-08T03:35:48", "id": "FEDORA:263256124F9A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: libvirt-1.2.13.2-1.fc22", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5008"], "description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. ", "modified": "2016-07-22T16:00:38", "published": "2016-07-22T16:00:38", "id": "FEDORA:534846092206", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: libvirt-1.3.3.2-1.fc24", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5008"], "description": "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The main package includes the libvirtd server exporting the virtualization support. ", "modified": "2016-07-27T20:55:52", "published": "2016-07-27T20:55:52", "id": "FEDORA:C70A6607925A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: libvirt-1.2.18.4-1.fc23", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5313"], "description": "\nLibvit development team reports:\n\nVarious virStorageVol* API operate on user-supplied volume names by\n\t concatenating the volume name to the pool location. Note that the\n\t virStoragePoolListVolumes API, when used on a storage pool backed by\n\t a directory in a file system, will only list volumes immediately in\n\t that directory (there is no traversal into subdirectories). However,\n\t other APIs such as virStorageVolCreateXML were not checking if a\n\t potential volume name represented one of the volumes that could be\n\t returned by virStoragePoolListVolumes; because they were not rejecting\n\t the use of '/' in a volume name.\nBecause no checking was done on volume names, a user could supply\n\t a potential volume name of something like '../../../etc/passwd' to\n\t attempt to access a file not belonging to the storage pool. When\n\t fine-grained Access Control Lists (ACL) are in effect, a user with\n\t storage_vol:create ACL permission but lacking domain:write permission\n\t could thus abuse virStorageVolCreateXML and similar APIs to gain\n\t access to files not normally permitted to that user. Fortunately, it\n\t appears that the only APIs that could leak information or corrupt\n\t files require read-write connection to libvirtd; and when ACLs are not\n\t in use (the default without any further configuration), a user with\n\t read-write access can already be considered to have full access to the\n\t machine, and without an escalation of privilege there is no security\n\t problem.\n\n", "edition": 5, "modified": "2015-10-30T00:00:00", "published": "2015-10-30T00:00:00", "id": "F714B4C9-A6C1-11E5-88D7-047D7B492D07", "href": "https://vuxml.freebsd.org/freebsd/f714b4c9-a6c1-11e5-88d7-047d7b492d07.html", "title": "libvirt -- ACL bypass using ../ to access beyond storage pool", "type": "freebsd", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-12-04T12:54:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5313"], "edition": 1, "description": "### Background\n\nlibvirt is a C toolkit for manipulating virtual machines.\n\n### Description\n\nNormally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML. \n\nBut in the case of fine-grained ACLs, it is feasible that a user can be granted storage_vol:create but not domain:write, and it violates assumptions if such a user can abuse libvirt to access files outside of the storage pool. \n\n### Impact\n\nWhen fine-grained Access Control Lists (ACL) are in effect, an authenticated local user with storage_vol:create permission but without domain:write permission maybe able to create or access arbitrary files outside of the storage pool. \n\n### Workaround\n\nDon\u2019t make use of fine-grained Access Control Lists (ACL) in libvirt; In Gentoo, libvirt\u2019s ACL support is disable by default unless you enable the \u201cpolicykit\u201d USE flag. \n\n### Resolution\n\nAll libvirt users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulation/libvirt-1.2.21-r1\"", "modified": "2016-12-04T00:00:00", "published": "2016-12-04T00:00:00", "href": "https://security.gentoo.org/glsa/201612-10", "id": "GLSA-201612-10", "type": "gentoo", "title": "libvirt: Directory traversal", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5008"], "description": "Package : libvirt\nVersion : 0.9.12.3-1+deb7u2\nCVE ID : CVE-2016-5008\n\nIt was discovered that there was a password policy issue in libvirt, a\nlibrary for interfacing with different virtualization systems.\n\nSetting an empty graphics password is documented as a way to disable\nVNC/SPICE access, but QEMU does not always behave like that. VNC would\nhappily accept the empty password. We enforce the behavior by setting\npassword expiration to "now".\n\nFor Debian 7 "Wheezy", this issue has been fixed in libvirt version\n0.9.12.3-1+deb7u2.\n\nWe recommend that you upgrade your libvirt packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 3, "modified": "2016-07-01T09:07:27", "published": "2016-07-01T09:07:27", "id": "DEBIAN:DLA-541-1:58ED7", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201607/msg00001.html", "title": "[SECURITY] [DLA 541-1] libvirt security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-22T13:25:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5008"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3613-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 02, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libvirt\nCVE ID : CVE-2016-5008\n\nVivian Zhang and Christoph Anton Mitterer discovered that setting an\nempty VNC password does not work as documented in Libvirt, a\nvirtualisation abstraction library. When the password on a VNC server is\nset to the empty string, authentication on the VNC server will be\ndisabled, allowing any user to connect, despite the documentation\ndeclaring that setting an empty password for the VNC server prevents all\nclient connections. With this update the behaviour is enforced by\nsetting the password expiration to "now".\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.2.9-9+deb8u3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0-1.\n\nWe recommend that you upgrade your libvirt packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2016-07-02T07:49:15", "published": "2016-07-02T07:49:15", "id": "DEBIAN:DSA-3613-1:9FF39", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00191.html", "title": "[SECURITY] [DSA 3613-1] libvirt security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:44:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5748", "CVE-2016-5008", "CVE-2018-6764", "CVE-2017-1000256"], "description": "Vivian Zhang and Christoph Anton Mitterer discovered that libvirt \nincorrectly disabled password authentication when the VNC password was set \nto an empty string. A remote attacker could possibly use this issue to \nbypass authentication, contrary to expectations. This issue only affected \nUbuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5008)\n\nDaniel P. Berrange discovered that libvirt incorrectly handled validating \nSSL/TLS certificates. A remote attacker could possibly use this issue to \nobtain sensitive information. This issue only affected Ubuntu 17.10. \n(CVE-2017-1000256)\n\nDaniel P. Berrange and Peter Krempa discovered that libvirt incorrectly \nhandled large QEMU replies. An attacker could possibly use this issue to \ncause libvirt to crash, resulting in a denial of service. (CVE-2018-5748)\n\nPedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.so \nmodule. An attacker in a libvirt_lxc session could possibly use this issue \nto execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and \nUbuntu 17.10. (CVE-2018-6764)", "edition": 5, "modified": "2018-02-20T00:00:00", "published": "2018-02-20T00:00:00", "id": "USN-3576-1", "href": "https://ubuntu.com/security/notices/USN-3576-1", "title": "libvirt vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:37:58", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5313", "CVE-2014-8136", "CVE-2015-0236", "CVE-2011-4600", "CVE-2015-5247"], "description": "It was discovered that libvirt incorrectly handled the firewall rules on \nbridge networks when the daemon was restarted. This could result in an \nunintended firewall configuration. This issue only applied to Ubuntu 12.04 \nLTS. (CVE-2011-4600)\n\nPeter Krempa discovered that libvirt incorrectly handled locking when \ncertain ACL checks failed. A local attacker could use this issue to cause \nlibvirt to stop responding, resulting in a denial of service. This issue \nonly applied to Ubuntu 14.04 LTS. (CVE-2014-8136)\n\nLuyao Huang discovered that libvirt incorrectly handled VNC passwords in \nshapshot and image files. A remote authenticated user could use this issue \nto possibly obtain VNC passwords. This issue only affected Ubuntu 14.04 \nLTS. (CVE-2015-0236)\n\nHan Han discovered that libvirt incorrectly handled volume creation \nfailure when used with NFS. A remote authenticated user could use this \nissue to cause libvirt to crash, resulting in a denial of service. This \nissue only applied to Ubuntu 15.10. (CVE-2015-5247)\n\nOssi Herrala and Joonas Kuorilehto discovered that libvirt incorrectly \nperformed storage pool name validation. A remote authenticated user could \nuse this issue to bypass ACLs and gain access to unintended files. This \nissue only applied to Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. \n(CVE-2015-5313)", "edition": 5, "modified": "2016-01-12T00:00:00", "published": "2016-01-12T00:00:00", "id": "USN-2867-1", "href": "https://ubuntu.com/security/notices/USN-2867-1", "title": "libvirt vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}