SuSE 11.3 Security Update : kvm (SAT Patch Number 9739)

2014-10-0900:00:00

www.tenable.com

JSON

kvm has been updated to fix issues in the embedded qemu :

An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could potentially have resulted in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0223)
A user able to alter the savevm data (either on the disk or over the wire during migration) could have used this flaw to to corrupt QEMU process memory on the (destination) host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-3461)
An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0222)

Non-security bugs fixed :

Fix exceeding IRQ routes that could have caused freezes of guests. (bnc#876842)
Fix CPUID emulation bugs that may have broken Windows guests with newer -cpu types (bnc#886535)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(78105);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-0222", "CVE-2014-0223", "CVE-2014-3461");

  script_name(english:"SuSE 11.3 Security Update : kvm (SAT Patch Number 9739)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"kvm has been updated to fix issues in the embedded qemu :

  - An integer overflow flaw was found in the QEMU block
    driver for QCOW version 1 disk images. A user able to
    alter the QEMU disk image files loaded by a guest could
    have used this flaw to corrupt QEMU process memory on
    the host, which could potentially have resulted in
    arbitrary code execution on the host with the privileges
    of the QEMU process. (CVE-2014-0223)

  - A user able to alter the savevm data (either on the disk
    or over the wire during migration) could have used this
    flaw to to corrupt QEMU process memory on the
    (destination) host, which could have potentially
    resulted in arbitrary code execution on the host with
    the privileges of the QEMU process. (CVE-2014-3461)

  - An integer overflow flaw was found in the QEMU block
    driver for QCOW version 1 disk images. A user able to
    alter the QEMU disk image files loaded by a guest could
    have used this flaw to corrupt QEMU process memory on
    the host, which could have potentially resulted in
    arbitrary code execution on the host with the privileges
    of the QEMU process. (CVE-2014-0222)

Non-security bugs fixed :

  - Fix exceeding IRQ routes that could have caused freezes
    of guests. (bnc#876842)

  - Fix CPUID emulation bugs that may have broken Windows
    guests with newer -cpu types (bnc#886535)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=876842"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=877642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=877645"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=878541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=886535"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-0222.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-0223.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-3461.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9739.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kvm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kvm-1.4.2-0.17.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kvm-1.4.2-0.17.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kvm-1.4.2-0.17.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:kvm
novellsuse_linux11cpe:/o:novell:suse_linux:11

Vendor	Product	Version	CPE
novell	suse_linux	11	p-cpe:/a:novell:suse_linux:11:kvm
novell	suse_linux	11	cpe:/o:novell:suse_linux:11

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461

support.novell.com/security/cve/CVE-2014-0222.html

support.novell.com/security/cve/CVE-2014-0223.html

support.novell.com/security/cve/CVE-2014-3461.html

bugzilla.novell.com/show_bug.cgi?id=876842

bugzilla.novell.com/show_bug.cgi?id=877642

bugzilla.novell.com/show_bug.cgi?id=877645

bugzilla.novell.com/show_bug.cgi?id=878541

bugzilla.novell.com/show_bug.cgi?id=886535

JSON

Related for SUSE_11_KVM-140919.NASL