openSUSE Security Update : xen (xen-1239)

2009-09-02T00:00:00
ID SUSE_11_0_XEN-090821.NASL
Type nessus
Reporter Tenable
Modified 2014-06-13T00:00:00

Description

xend did not properly enforce access control of the xenstore directory tree, therefore allowing guest VM's to write there. This could lead to security problems if other applications such as libvirt are not prepared for untrusted data in the xenstore directory (CVE-2008-4405).

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update xen-1239.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(40844);
  script_version("$Revision: 1.6 $");
  script_cvs_date("$Date: 2014/06/13 19:44:04 $");

  script_cve_id("CVE-2008-4405");

  script_name(english:"openSUSE Security Update : xen (xen-1239)");
  script_summary(english:"Check for the xen-1239 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"xend did not properly enforce access control of the xenstore directory
tree, therefore allowing guest VM's to write there. This could lead to
security problems if other applications such as libvirt are not
prepared for untrusted data in the xenstore directory (CVE-2008-4405)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=432485"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.0", reference:"xen-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-devel-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-doc-html-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-doc-pdf-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-libs-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-tools-3.2.1_16881_04-4.3") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"xen-tools-domU-3.2.1_16881_04-4.3") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-doc-html / xen-doc-pdf / xen-libs / xen-tools / etc");
}