openSUSE Security Update : xen (xen-1239)

2009-09-0200:00:00

www.tenable.com

xend did not properly enforce access control of the xenstore directory tree, therefore allowing guest VM’s to write there. This could lead to security problems if other applications such as libvirt are not prepared for untrusted data in the xenstore directory (CVE-2008-4405).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update xen-1239.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(40844);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-4405");

  script_name(english:"openSUSE Security Update : xen (xen-1239)");
  script_summary(english:"Check for the xen-1239 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"xend did not properly enforce access control of the xenstore directory
tree, therefore allowing guest VM's to write there. This could lead to
security problems if other applications such as libvirt are not
prepared for untrusted data in the xenstore directory (CVE-2008-4405)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=432485"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"xen-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-devel-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-doc-html-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-doc-pdf-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-libs-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-tools-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-tools-domU-3.2.1_16881_04-4.3") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-doc-html / xen-doc-pdf / xen-libs / xen-tools / etc");
}

VendorProductVersionCPE
novellopensusexenp-cpe:/a:novell:opensuse:xen
novellopensusexen-develp-cpe:/a:novell:opensuse:xen-devel
novellopensusexen-doc-htmlp-cpe:/a:novell:opensuse:xen-doc-html
novellopensusexen-doc-pdfp-cpe:/a:novell:opensuse:xen-doc-pdf
novellopensusexen-libsp-cpe:/a:novell:opensuse:xen-libs
novellopensusexen-toolsp-cpe:/a:novell:opensuse:xen-tools
novellopensusexen-tools-domup-cpe:/a:novell:opensuse:xen-tools-domu
novellopensuse11.0cpe:/o:novell:opensuse:11.0

Vendor	Product	Version	CPE
novell	opensuse	xen	p-cpe:/a:novell:opensuse:xen
novell	opensuse	xen-devel	p-cpe:/a:novell:opensuse:xen-devel
novell	opensuse	xen-doc-html	p-cpe:/a:novell:opensuse:xen-doc-html
novell	opensuse	xen-doc-pdf	p-cpe:/a:novell:opensuse:xen-doc-pdf
novell	opensuse	xen-libs	p-cpe:/a:novell:opensuse:xen-libs
novell	opensuse	xen-tools	p-cpe:/a:novell:opensuse:xen-tools
novell	opensuse	xen-tools-domu	p-cpe:/a:novell:opensuse:xen-tools-domu
novell	opensuse	11.0	cpe:/o:novell:opensuse:11.0