Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20170117_QEMU_KVM_ON_SL7_X.NASL
HistoryJan 18, 2017 - 12:00 a.m.

Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170117)

2017-01-1800:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

Security Fix(es) :

  • An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet’s checksum, because a QEMU function used the packet’s payload length without checking against the data buffer’s size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857)

Bug Fix(es) :

  • Previously, rebooting a guest virtual machine more than 128 times in a short period of time caused the guest to shut down instead of rebooting, because the virtqueue was not cleaned properly. This update ensures that the virtqueue is cleaned more reliably, which prevents the described problem from occurring.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(96600);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2016-2857");

  script_name(english:"Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170117)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Security Fix(es) :

  - An out-of-bounds read-access flaw was found in the QEMU
    emulator built with IP checksum routines. The flaw could
    occur when computing a TCP/UDP packet's checksum,
    because a QEMU function used the packet's payload length
    without checking against the data buffer's size. A user
    inside a guest could use this flaw to crash the QEMU
    process (denial of service). (CVE-2016-2857)

Bug Fix(es) :

  - Previously, rebooting a guest virtual machine more than
    128 times in a short period of time caused the guest to
    shut down instead of rebooting, because the virtqueue
    was not cleaned properly. This update ensures that the
    virtqueue is cleaned more reliably, which prevents the
    described problem from occurring."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1701&L=scientific-linux-errata&F=&S=&P=10144
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c8c4b41a"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-img");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"qemu-img-1.5.3-126.el7_3.3")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"qemu-kvm-1.5.3-126.el7_3.3")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"qemu-kvm-common-1.5.3-126.el7_3.3")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"qemu-kvm-debuginfo-1.5.3-126.el7_3.3")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"qemu-kvm-tools-1.5.3-126.el7_3.3")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-img / qemu-kvm / qemu-kvm-common / qemu-kvm-debuginfo / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxqemu-imgp-cpe:/a:fermilab:scientific_linux:qemu-img
fermilabscientific_linuxqemu-kvmp-cpe:/a:fermilab:scientific_linux:qemu-kvm
fermilabscientific_linuxqemu-kvm-commonp-cpe:/a:fermilab:scientific_linux:qemu-kvm-common
fermilabscientific_linuxqemu-kvm-debuginfop-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo
fermilabscientific_linuxqemu-kvm-toolsp-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

nessus 29
openvas 18
cve 1
centos 2
ubuntucve 1
redhat 10
prion 1
debiancve 1
oraclelinux 4
veracode 1
fedora 5
osv 3
debian 3
ubuntu 1
mageia 1
ibm 1
suse 5
nessus
nessus
RHEL 7 : qemu-kvm (RHSA-2017:0083)
2017-01-18 00:00:00
Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-0083)
2017-07-13 00:00:00
Oracle Linux 7 : qemu-kvm (ELSA-2017-0083)
2017-01-18 00:00:00
openvas
openvas
RedHat Update for qemu-kvm RHSA-2017:0083-01
2017-01-18 00:00:00
CentOS Update for qemu-img CESA-2017:0083 centos7
2017-01-19 00:00:00
RedHat Update for qemu-kvm RHSA-2017:0309-01
2017-03-03 00:00:00
cve
cve
CVE-2016-2857
2016-04-12 02:00:00
centos
centos
qemu security update
2017-01-18 14:15:56
qemu security update
2017-02-24 20:51:12
ubuntucve
ubuntucve
CVE-2016-2857
2016-04-11 00:00:00
redhat
redhat
(RHSA-2017:0083) Low: qemu-kvm security and bug fix update
2017-01-17 15:24:22
(RHSA-2017:0344) Important: qemu-kvm-rhev security update
2017-02-28 14:14:34
(RHSA-2017:0309) Important: qemu-kvm security and bug fix update
2017-02-23 16:14:53
prion
prion
Out-of-bounds
2016-04-12 02:00:00
debiancve
debiancve
CVE-2016-2857
2016-04-12 02:00:00
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2017-01-17 00:00:00
qemu-kvm security and bug fix update
2017-02-23 00:00:00
qemu-kvm security and bug fix update
2017-03-27 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:15:55
fedora
fedora
[SECURITY] Fedora 23 Update: qemu-2.4.1-8.fc23
2016-03-23 22:28:28
[SECURITY] Fedora 22 Update: qemu-2.3.1-13.fc22
2016-04-08 20:27:09
[SECURITY] Fedora 24 Update: qemu-2.5.0-10.fc24
2016-03-27 00:30:34
osv
osv
qemu-kvm - security update
2016-07-30 00:00:00
qemu - security update
2016-07-30 00:00:00
qemu - security update
2018-11-29 00:00:00
debian
debian
[SECURITY] [DLA 574-1] qemu-kvm security update
2016-07-30 10:43:04
[SECURITY] [DLA 573-1] qemu security update
2016-07-30 10:22:30
[SECURITY] [DLA 1599-1] qemu security update
2018-11-30 14:28:32
ubuntu
ubuntu
QEMU vulnerabilities
2016-05-12 00:00:00
mageia
mageia
Updated qemu packages fix security vulnerabilities
2016-05-18 23:14:22
ibm
ibm
Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM
2018-06-18 01:33:29
suse
suse
Security update for kvm (important)
2016-07-11 16:39:09
Security update for qemu (important)
2016-06-29 11:07:43
Security update for qemu (important)
2016-07-06 22:04:21
JSON
Related for SL_20170117_QEMU_KVM_ON_SL7_X.NASL
nessus29openvas18cve1centos2ubuntucve1redhat10prion1debiancve1oraclelinux4veracode1fedora5osv3debian3ubuntu1mageia1ibm1suse5