Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.SUSE_XEN-4616.NASL
HistoryNov 14, 2007 - 12:00 a.m.

openSUSE 10 Security Update : xen (xen-4616)

2007-11-1400:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
11

6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:N/I:C/A:C

0.0004 Low

EPSS

Percentile

10.2%

JSON

This update merges back the Xen version from SLES 10 Service Pack 1 to the 10.1 codebase, which should make it work again.

Nevertheless we recommend Xen users to use the latest openSUSE release (10.3) for Xen usage.

Additionaly a /tmp race was fixed (CVE-2007-3919).

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update xen-4616.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(28207);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-3919");

  script_name(english:"openSUSE 10 Security Update : xen (xen-4616)");
  script_summary(english:"Check for the xen-4616 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update merges back the Xen version from SLES 10 Service Pack 1 to
the 10.1 codebase, which should make it work again.

Nevertheless we recommend Xen users to use the latest openSUSE release
(10.3) for Xen usage.

Additionaly a /tmp race was fixed (CVE-2007-3919)."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:N/I:C/A:C");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-ps");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-ioemu");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/10/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"xen-3.0.4_13138-0.57") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"xen-devel-3.0.4_13138-0.57") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"xen-doc-html-3.0.4_13138-0.57") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"xen-doc-pdf-3.0.4_13138-0.57") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"xen-doc-ps-3.0.4_13138-0.57") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"xen-libs-3.0.4_13138-0.57") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"xen-tools-3.0.4_13138-0.57") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"xen-tools-ioemu-3.0.4_13138-0.57") ) flag++;
if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"xen-libs-32bit-3.0.4_13138-0.57") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}
VendorProductVersionCPE
novellopensusexenp-cpe:/a:novell:opensuse:xen
novellopensusexen-develp-cpe:/a:novell:opensuse:xen-devel
novellopensusexen-doc-htmlp-cpe:/a:novell:opensuse:xen-doc-html
novellopensusexen-doc-pdfp-cpe:/a:novell:opensuse:xen-doc-pdf
novellopensusexen-doc-psp-cpe:/a:novell:opensuse:xen-doc-ps
novellopensusexen-libsp-cpe:/a:novell:opensuse:xen-libs
novellopensusexen-libs-32bitp-cpe:/a:novell:opensuse:xen-libs-32bit
novellopensusexen-toolsp-cpe:/a:novell:opensuse:xen-tools
novellopensusexen-tools-ioemup-cpe:/a:novell:opensuse:xen-tools-ioemu
novellopensuse10.1cpe:/o:novell:opensuse:10.1

Related

openvas 13
osv 1
nvd 1
cve 1
nessus 9
cvelist 1
debian 1
fedora 3
prion 1
ubuntucve 1
veracode 1
redhat 1
centos 1
oraclelinux 1
openvas
openvas
Fedora Update for xen FEDORA-2007-737
2009-02-27 00:00:00
Debian: Security Advisory (DSA-1395-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1395-1 (xen-utils)
2008-01-17 00:00:00
osv
osv
xen-3.0 - insecure temporary files
2007-10-25 00:00:00
nvd
nvd
CVE-2007-3919
2007-10-28 17:08:00
cve
cve
CVE-2007-3919
2007-10-28 17:08:00
nessus
nessus
Fedora Core 6 : xen-3.0.3-13.fc6 (2007-737)
2007-11-06 00:00:00
Debian DSA-1395-1 : xen-utils - insecure temporary files
2007-10-26 00:00:00
Fedora 7 : xen-3.1.0-8.fc7 (2007-2708)
2007-11-06 00:00:00
cvelist
cvelist
CVE-2007-3919
2007-10-28 16:00:00
debian
debian
[SECURITY] [DSA 1395-1] New xen-utils packages fix file truncation
2007-10-25 14:55:50
fedora
fedora
[SECURITY] Fedora Core 6 Update: xen-3.0.3-13.fc6
2007-11-05 14:45:21
[SECURITY] Fedora 7 Update: xen-3.1.0-8.fc7
2007-11-01 21:13:20
[SECURITY] Fedora 7 Update: xen-3.1.2-2.fc7
2008-02-28 21:40:53
prion
prion
Code injection
2007-10-28 17:08:00
ubuntucve
ubuntucve
CVE-2007-3919
2007-10-28 00:00:00
veracode
veracode
Symbolic Link Attack
2020-04-10 00:26:28
redhat
redhat
(RHSA-2008:0194) Important: xen security and bug fix update
2008-05-13 00:00:00
centos
centos
xen security update
2008-05-16 01:20:08
oraclelinux
oraclelinux
xen security and bug fix update
2008-05-13 00:00:00

6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:N/I:C/A:C

0.0004 Low

EPSS

Percentile

10.2%

JSON
Related for SUSE_XEN-4616.NASL
openvas13osv1nvd1cve1nessus9cvelist1debian1fedora3prion1ubuntucve1veracode1redhat1centos1oraclelinux1