Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2015-0923-1.NASL
HistoryMay 21, 2015 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:0923-1) (Venom)

2015-05-2100:00:00
This script is Copyright (C) 2015-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
JSON

XEN was updated to fix two security issues and bugs.

Security issues fixed :

  • CVE-2015-3340: Xen did not initialize certain fields, which allowed certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

  • CVE-2015-2751: Xen, when using toolstack disaggregation, allowed remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.

  • CVE-2015-2752: The XEN_DOMCTL_memory_mapping hypercall in Xen, when using a PCI passthrough device, was not preemptable, which allowed local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

  • CVE-2015-3456: Fixed a buffer overflow in the floppy drive emulation, which could be used to denial of service attacks or potential code execution against the host.

Bugs fixed :

  • xentop: Fix memory leak on read failure

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2015:0923-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(83757);
  script_version("2.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/28");

  script_cve_id(
    "CVE-2015-2751",
    "CVE-2015-2752",
    "CVE-2015-3340",
    "CVE-2015-3456"
  );
  script_bugtraq_id(
    73443,
    73448,
    74248,
    74640
  );
  script_xref(name:"IAVA", value:"2015-A-0115-S");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:0923-1) (Venom)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"XEN was updated to fix two security issues and bugs.

Security issues fixed :

  - CVE-2015-3340: Xen did not initialize certain fields,
    which allowed certain remote service domains to obtain
    sensitive information from memory via a (1)
    XEN_DOMCTL_gettscinfo or (2)
    XEN_SYSCTL_getdomaininfolist request.

  - CVE-2015-2751: Xen, when using toolstack disaggregation,
    allowed remote domains with partial management control
    to cause a denial of service (host lock) via unspecified
    domctl operations.

  - CVE-2015-2752: The XEN_DOMCTL_memory_mapping hypercall
    in Xen, when using a PCI passthrough device, was not
    preemptable, which allowed local x86 HVM domain users to
    cause a denial of service (host CPU consumption) via a
    crafted request to the device model (qemu-dm).

  - CVE-2015-3456: Fixed a buffer overflow in the floppy
    drive emulation, which could be used to denial of
    service attacks or potential code execution against the
    host.

Bugs fixed :

  - xentop: Fix memory leak on read failure

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=922705");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=922709");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=927967");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=929339");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2751/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2752/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3340/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3456/");
  # https://www.suse.com/support/update/announcement/2015/suse-su-20150923-1.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bbe2b7e6");
  script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-206=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-206=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-206=1

To bring your system up-to-date, use 'zypper patch'.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/05/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-tools-domU-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-debugsource-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-doc-html-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-kmp-default-4.4.2_04_k3.12.39_47-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-kmp-default-debuginfo-4.4.2_04_k3.12.39_47-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-libs-32bit-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-libs-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-libs-debuginfo-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-tools-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-tools-debuginfo-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-tools-domU-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"xen-tools-domU-debuginfo-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xen-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xen-debugsource-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xen-kmp-default-4.4.2_04_k3.12.39_47-18.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xen-kmp-default-debuginfo-4.4.2_04_k3.12.39_47-18.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xen-libs-32bit-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xen-libs-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.4.2_04-18.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"xen-libs-debuginfo-4.4.2_04-18.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}
VendorProductVersionCPE
novellsuse_linuxxenp-cpe:/a:novell:suse_linux:xen
novellsuse_linuxxen-debugsourcep-cpe:/a:novell:suse_linux:xen-debugsource
novellsuse_linuxxen-doc-htmlp-cpe:/a:novell:suse_linux:xen-doc-html
novellsuse_linuxxen-kmp-defaultp-cpe:/a:novell:suse_linux:xen-kmp-default
novellsuse_linuxxen-kmp-default-debuginfop-cpe:/a:novell:suse_linux:xen-kmp-default-debuginfo
novellsuse_linuxxen-libsp-cpe:/a:novell:suse_linux:xen-libs
novellsuse_linuxxen-libs-debuginfop-cpe:/a:novell:suse_linux:xen-libs-debuginfo
novellsuse_linuxxen-toolsp-cpe:/a:novell:suse_linux:xen-tools
novellsuse_linuxxen-tools-debuginfop-cpe:/a:novell:suse_linux:xen-tools-debuginfo
novellsuse_linuxxen-tools-domup-cpe:/a:novell:suse_linux:xen-tools-domu
Rows per page:
1-10 of 121

Related

suse 12
openvas 46
nessus 59
fedora 7
cve 4
ubuntucve 4
debiancve 4
freebsd 4
prion 4
xen 4
kaspersky 1
redhat 9
ibm 4
myhack58 1
oraclelinux 4
f5 2
veracode 1
osv 5
debian 4
centos 4
checkpoint_security 1
lenovo 2
archlinux 1
fortinet 1
altlinux 1
huawei 1
threatpost 3
mageia 2
arista 1
symantec 1
thn 2
suse
suse
Security update for xen (important)
2015-05-21 09:04:52
Security update for Xen (important)
2015-05-22 00:04:46
Security update for Xen (important)
2015-05-26 14:04:56
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0923-1)
2021-04-19 00:00:00
SUSE: Security Advisory for xen (SUSE-SU-2015:0923-1)
2015-10-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0940-1)
2021-06-09 00:00:00
nessus
nessus
OracleVM 3.3 : xen (OVMSA-2015-0057) (Venom)
2015-05-15 00:00:00
SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0940-1) (Venom)
2015-05-27 00:00:00
openSUSE Security Update : xen (openSUSE-2015-391) (Venom)
2015-06-03 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: xen-4.5.0-7.fc22
2015-04-21 18:51:14
[SECURITY] Fedora 22 Update: xen-4.5.0-8.fc22
2015-04-26 12:50:51
[SECURITY] Fedora 22 Update: xen-4.5.0-9.fc22
2015-05-26 03:43:40
cve
cve
CVE-2015-3340
2015-04-28 14:59:00
CVE-2015-2751
2015-04-01 14:59:00
CVE-2015-3456
2015-05-13 18:59:00
ubuntucve
ubuntucve
CVE-2015-2751
2015-04-01 00:00:00
CVE-2015-3340
2015-04-28 00:00:00
CVE-2015-3456
2015-05-13 00:00:00
debiancve
debiancve
CVE-2015-3340
2015-04-28 14:59:00
CVE-2015-2751
2015-04-01 14:59:00
CVE-2015-3456
2015-05-13 18:59:00
freebsd
freebsd
xen-kernel -- Information leak through XEN_DOMCTL_gettscinfo
2015-04-20 00:00:00
xen-kernel -- Certain domctl operations may be abused to lock up the host
2015-03-31 00:00:00
qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")
2015-04-29 00:00:00
prion
prion
Design/Logic Flaw
2015-04-01 14:59:00
Cross site request forgery (csrf)
2015-04-28 14:59:00
Cross site request forgery (csrf)
2015-04-01 14:59:00
xen
xen
Certain domctl operations may be abused to lock up the host
2015-03-31 12:00:00
Information leak through XEN_DOMCTL_gettscinfo
2015-04-20 17:10:00
Long latency MMIO mapping operations are not preemptible
2015-03-31 12:00:00
kaspersky
kaspersky
KLA10527 Multiple vulnerabilities in different versions of Xen
2015-04-01 00:00:00
redhat
redhat
(RHSA-2015:1000) Important: qemu-kvm-rhev security update
2015-05-13 10:57:32
(RHSA-2015:0999) Important: qemu-kvm security update
2015-05-13 00:00:00
(RHSA-2015:1002) Important: xen security update
2015-05-13 00:00:00
ibm
ibm
Security Bulletin: Venom vulnerability affects IBM Flex System Manager (FSM) (CVE-2015-3456)
2019-01-31 02:10:01
Security Bulletin:Venom qemu vulnerability affects PowerKVM (CVE-2015-3456)
2018-06-18 01:28:20
Security Bulletin: Venom vulnerability affects IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance
2018-06-17 22:30:13
myhack58
myhack58
Vulnerability warning:“venom(VENOM”the vulnerability affects millions worldwide virtual machine security-vulnerability warning-the black bar safety net
2015-05-15 00:00:00
oraclelinux
oraclelinux
xen security update
2015-05-13 00:00:00
qemu-kvm security update
2015-05-13 00:00:00
kvm security update
2015-05-13 00:00:00
f5
f5
K16620 : QEMU vulnerability CVE-2015-3456
2015-10-03 00:00:00
SOL16620 - QEMU vulnerability CVE-2015-3456
2015-05-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:05:54
osv
osv
qemu - security update
2015-06-19 00:00:00
virtualbox - security update
2015-05-28 00:00:00
qemu-kvm - security update
2015-06-19 00:00:00
debian
debian
[SECURITY] [DLA 249-1] qemu-kvm security update
2015-06-19 15:19:48
[SECURITY] [DSA 3274-1] virtualbox security update
2015-05-28 21:17:43
[SECURITY] [DLA 248-1] qemu security update
2015-06-19 15:05:33
centos
centos
xen security update
2015-05-13 15:16:55
qemu security update
2015-05-13 15:37:07
libcacard, qemu security update
2015-05-13 16:57:36
checkpoint_security
checkpoint_security
Check Point response to CVE-2015-3456 (VENOM)
2015-05-12 21:00:00
lenovo
lenovo
Venom
2017-01-23 00:00:00
Venom - Lenovo Support US
2017-01-23 00:00:00
archlinux
archlinux
qemu: arbitrary code execution
2015-05-14 00:00:00
fortinet
fortinet
CVE-2015-3456 "VENOM" vulnerability
2015-05-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package qemu version 1.4.0-alt1.1.M70P.1
2015-05-15 00:00:00
huawei
huawei
Security Advisory - VENOM Vulnerability in Huawei Products
2015-06-09 00:00:00
threatpost
threatpost
Oracle Patches VENOM Vulnerability
2015-05-18 10:49:00
Flaw in Virtualization Software Could Lead to VM Escapes, Data Theft
2015-05-13 09:34:43
Oracle Patches Java Zero Day
2015-07-15 09:44:12
mageia
mageia
Updated virtualbox packages fix security vulnerabilities
2015-05-15 21:23:49
Updated qemu packages fix CVE-2015-3456
2015-05-13 18:54:07
arista
arista
Security Advisory 0010
2015-05-14 00:00:00
symantec
symantec
SA95 : VENOM Vulnerability in Virtualization Platforms
2015-05-15 08:00:00
thn
thn
Venom Vulnerability Exposes Most Data Centers to Cyber Attacks
2015-05-14 05:32:00
Why You Should Consider QEMU Live Patching
2021-09-23 11:16:00
JSON
Related for SUSE_SU-2015-0923-1.NASL
suse12openvas46nessus59fedora7cve4ubuntucve4debiancve4freebsd4prion4xen4kaspersky1redhat9ibm4myhack581oraclelinux4f52veracode1osv5debian4centos4checkpoint_security1lenovo2archlinux1fortinet1altlinux1huawei1threatpost3mageia2arista1symantec1thn2