Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 Tenable Network Security, Inc.SUSE_11_XEN-121205.NASL
HistoryJan 25, 2013 - 12:00 a.m.

SuSE 11.2 Security Update : Xen (SAT Patch Number 7133)

2013-01-2500:00:00
This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
www.tenable.com
21
JSON

This update fixes the following security issues in xen :

  • Grant table version switch list corruption vulnerability (XSA-26). (CVE-2012-5510)

  • Several HVM operations do not validate the range of their inputs (XSA-27). (CVE-2012-5511)

  • HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak (XSA-28). (CVE-2012-5512)

  • XENMEM_exchange may overwrite hypervisor memory (XSA-29). (CVE-2012-5513)

  • Missing unlock in guest_physmap_mark_populate_on_demand() (XSA-30).
    (CVE-2012-5514)

  • Several memory hypercall operations allow invalid extent order values (XSA-31) Also the following bugs have been fixed and upstream patches have been applied:.
    (CVE-2012-5515)

  • FATAL PAGE FAULT in hypervisor (arch_do_domctl)

  • 25931-x86-domctl-iomem-mapping-checks.patch

  • 26132-tmem-save-NULL-check.patch

  • 26134-x86-shadow-invlpg-check.patch

  • 26148-vcpu-timer-overflow.patch (Replaces CVE-2012-4535-xsa20.patch)

  • 26149-x86-p2m-physmap-error-path.patch (Replaces CVE-2012-4537-xsa22.patch)

  • 26150-x86-shadow-unhook-toplevel-check.patch (Replaces CVE-2012-4538-xsa23.patch)

  • 26151-gnttab-compat-get-status-frames.patch (Replaces CVE-2012-4539-xsa24.patch)

  • efi files missing in latest XEN update. (bnc#792476)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64232);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2012-4535", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539", "CVE-2012-5510", "CVE-2012-5511", "CVE-2012-5512", "CVE-2012-5513", "CVE-2012-5514", "CVE-2012-5515");

  script_name(english:"SuSE 11.2 Security Update : Xen (SAT Patch Number 7133)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes the following security issues in xen :

  - Grant table version switch list corruption vulnerability
    (XSA-26). (CVE-2012-5510)

  - Several HVM operations do not validate the range of
    their inputs (XSA-27). (CVE-2012-5511)

  - HVMOP_get_mem_access crash / HVMOP_set_mem_access
    information leak (XSA-28). (CVE-2012-5512)

  - XENMEM_exchange may overwrite hypervisor memory
    (XSA-29). (CVE-2012-5513)

  - Missing unlock in
    guest_physmap_mark_populate_on_demand() (XSA-30).
    (CVE-2012-5514)

  - Several memory hypercall operations allow invalid extent
    order values (XSA-31) Also the following bugs have been
    fixed and upstream patches have been applied:.
    (CVE-2012-5515)

  - FATAL PAGE FAULT in hypervisor (arch_do_domctl)

  - 25931-x86-domctl-iomem-mapping-checks.patch

  - 26132-tmem-save-NULL-check.patch

  - 26134-x86-shadow-invlpg-check.patch

  - 26148-vcpu-timer-overflow.patch (Replaces
    CVE-2012-4535-xsa20.patch)

  - 26149-x86-p2m-physmap-error-path.patch (Replaces
    CVE-2012-4537-xsa22.patch)

  - 26150-x86-shadow-unhook-toplevel-check.patch (Replaces
    CVE-2012-4538-xsa23.patch)

  - 26151-gnttab-compat-get-status-frames.patch (Replaces
    CVE-2012-4539-xsa24.patch)

  - efi files missing in latest XEN update. (bnc#792476)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=777628"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789940"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789944"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789948"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789951"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=789988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=792476"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4535.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4538.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4539.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5510.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5512.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5513.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5514.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-5515.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7133.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/12/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");


flag = 0;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-doc-html-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-doc-pdf-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.3_06_3.0.51_0.7.9-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-libs-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-libs-32bit-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-tools-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-tools-domU-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-doc-html-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-doc-pdf-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.3_06_3.0.51_0.7.9-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.3_06_3.0.51_0.7.9-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-libs-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-libs-32bit-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-tools-4.1.3_06-0.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-tools-domU-4.1.3_06-0.7.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:xen
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:xen-doc-html
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:xen-doc-pdf
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:xen-kmp-default
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:xen-kmp-trace
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:xen-libs
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:xen-libs-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:xen-tools
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:xen-tools-domu
novellsuse_linux11cpe:/o:novell:suse_linux:11

References

Related

suse 12
openvas 63
nessus 42
securityvulns 2
osv 2
debian 1
fedora 18
oraclelinux 4
redhat 2
centos 2
ubuntucve 11
cve 10
debiancve 10
xen 6
prion 10
googleprojectzero 1
exploitpack 1
seebug 1
gentoo 1
suse
suse
Security update for Xen (important)
2012-12-06 17:08:57
xen to fix various denial of service issues (important)
2012-12-23 20:16:24
xen to fix various denial of service issues (important)
2012-12-23 20:08:36
openvas
openvas
SuSE Update for xen openSUSE-SU-2012:1685-1 (xen)
2013-03-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1615-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for xen (openSUSE-SU-2012:1685-1)
2013-03-11 00:00:00
nessus
nessus
openSUSE Security Update : xen (openSUSE-SU-2012:1685-1)
2014-06-13 00:00:00
openSUSE Security Update : xen (openSUSE-SU-2012:1687-1)
2014-06-13 00:00:00
Debian DSA-2582-1 : xen - several vulnerabilities
2012-12-09 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2582-1] xen security update
2012-12-09 00:00:00
xen multiple security vulnerabilities
2012-12-09 00:00:00
osv
osv
xen - denial of service
2012-12-07 00:00:00
xen - several
2013-03-03 00:00:00
debian
debian
[SECURITY] [DSA 2582-1] xen security update
2012-12-07 15:40:44
fedora
fedora
[SECURITY] Fedora 18 Update: xen-4.2.0-4.fc18
2012-11-23 07:20:59
[SECURITY] Fedora 18 Update: xen-4.2.0-6.fc18
2012-12-12 00:16:38
[SECURITY] Fedora 17 Update: xen-4.1.4-2.fc17
2013-01-23 01:28:58
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2012-12-04 00:00:00
1
2012-12-05 00:00:00
1
2013-01-22 00:00:00
redhat
redhat
(RHSA-2012:1540) Important: kernel security, bug fix, and enhancement update
2012-12-04 00:00:00
(RHSA-2013:0168) Moderate: kernel security and bug fix update
2013-01-22 00:00:00
centos
centos
kernel security update
2012-12-05 10:07:09
kernel security update
2013-01-23 11:37:33
ubuntucve
ubuntucve
CVE-2012-5514
2012-12-13 00:00:00
CVE-2012-5515
2012-12-13 00:00:00
CVE-2012-4535
2012-11-21 00:00:00
cve
cve
CVE-2012-5514
2012-12-13 11:53:00
CVE-2012-5515
2012-12-13 11:53:00
CVE-2012-4535
2012-11-21 23:55:00
debiancve
debiancve
CVE-2012-5514
2012-12-13 11:53:00
CVE-2012-5515
2012-12-13 11:53:00
CVE-2012-4535
2012-11-21 23:55:00
xen
xen
Broken error handling in guest_physmap_mark_populate_on_demand()
2012-12-03 17:51:00
Several memory hypercall operations allow invalid extent order values
2012-12-03 17:51:00
Grant table version switch list corruption vulnerability
2012-12-03 17:51:00
prion
prion
Command injection
2012-12-13 11:53:00
Design/Logic Flaw
2012-12-13 11:53:00
Code injection
2012-11-21 23:55:00
googleprojectzero
googleprojectzero
Pandavirtualization: Exploiting the Xen hypervisor
2017-04-07 00:00:00
exploitpack
exploitpack
Xen - Broken Check in memory_exchange() Permits PV Guest Breakout
2017-04-11 00:00:00
seebug
seebug
Xen: broken check in memory_exchange() permits PV guest breakout(CVE-2017-7228)
2017-04-09 00:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2013-09-27 00:00:00
JSON
Related for SUSE_11_XEN-121205.NASL
suse12openvas63nessus42securityvulns2osv2debian1fedora18oraclelinux4redhat2centos2ubuntucve11cve10debiancve10xen6prion10googleprojectzero1exploitpack1seebug1gentoo1