Lucene search
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1094-1.NASLHistoryMar 30, 2011 - 12:00 a.m.
Ubuntu 9.10 / 10.04 LTS / 10.10 : libvirt vulnerability (USN-1094-1)
2011-03-3000:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
Petr Matousek discovered that libvirt did not always honor read-only connections. An attacker who is authorized to connect to the libvirt daemon could exploit this to cause a denial of service via application crash.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1094-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include("compat.inc");
if (description)
{
script_id(53218);
script_version("1.10");
script_cvs_date("Date: 2019/09/19 12:54:26");
script_cve_id("CVE-2011-1146");
script_bugtraq_id(46820);
script_xref(name:"USN", value:"1094-1");
script_name(english:"Ubuntu 9.10 / 10.04 LTS / 10.10 : libvirt vulnerability (USN-1094-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"Petr Matousek discovered that libvirt did not always honor read-only
connections. An attacker who is authorized to connect to the libvirt
daemon could exploit this to cause a denial of service via application
crash.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/1094-1/"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt0-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-libvirt");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/15");
script_set_attribute(attribute:"patch_publication_date", value:"2011/03/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 9.10 / 10.04 / 10.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"9.10", pkgname:"libvirt-bin", pkgver:"0.7.0-1ubuntu13.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libvirt-dev", pkgver:"0.7.0-1ubuntu13.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libvirt-doc", pkgver:"0.7.0-1ubuntu13.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libvirt0", pkgver:"0.7.0-1ubuntu13.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libvirt0-dbg", pkgver:"0.7.0-1ubuntu13.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"python-libvirt", pkgver:"0.7.0-1ubuntu13.3")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libvirt-bin", pkgver:"0.7.5-5ubuntu27.9")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libvirt-dev", pkgver:"0.7.5-5ubuntu27.9")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libvirt-doc", pkgver:"0.7.5-5ubuntu27.9")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libvirt0", pkgver:"0.7.5-5ubuntu27.9")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libvirt0-dbg", pkgver:"0.7.5-5ubuntu27.9")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"python-libvirt", pkgver:"0.7.5-5ubuntu27.9")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libvirt", pkgver:"0.8.3-1ubuntu14.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libvirt-bin", pkgver:"0.8.3-1ubuntu14.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libvirt-dev", pkgver:"0.8.3-1ubuntu14.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libvirt-doc", pkgver:"0.8.3-1ubuntu14.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libvirt0", pkgver:"0.8.3-1ubuntu14.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libvirt0-dbg", pkgver:"0.8.3-1ubuntu14.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"python-libvirt", pkgver:"0.8.3-1ubuntu14.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-bin / libvirt-dev / libvirt-doc / libvirt0 / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libvirt | p-cpe:/a:canonical:ubuntu_linux:libvirt |
| canonical | ubuntu_linux | libvirt-bin | p-cpe:/a:canonical:ubuntu_linux:libvirt-bin |
| canonical | ubuntu_linux | libvirt-dev | p-cpe:/a:canonical:ubuntu_linux:libvirt-dev |
| canonical | ubuntu_linux | libvirt-doc | p-cpe:/a:canonical:ubuntu_linux:libvirt-doc |
| canonical | ubuntu_linux | libvirt0 | p-cpe:/a:canonical:ubuntu_linux:libvirt0 |
| canonical | ubuntu_linux | libvirt0-dbg | p-cpe:/a:canonical:ubuntu_linux:libvirt0-dbg |
| canonical | ubuntu_linux | python-libvirt | p-cpe:/a:canonical:ubuntu_linux:python-libvirt |
| canonical | ubuntu_linux | 10.04 | cpe:/o:canonical:ubuntu_linux:10.04:-:lts |
| canonical | ubuntu_linux | 10.10 | cpe:/o:canonical:ubuntu_linux:10.10 |
| canonical | ubuntu_linux | 9.10 | cpe:/o:canonical:ubuntu_linux:9.10 |
Related
nessus
nessus
Oracle Linux 5 / 6 : libvirt (ELSA-2011-0391)
2013-07-12 00:00:00
CentOS 5 : libvirt (CESA-2011:0391)
2011-04-29 00:00:00
openSUSE Security Update : libvirt (openSUSE-SU-2011:0311-1)
2011-05-05 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:56:05
oraclelinux
oraclelinux
libvirt security update
2011-03-28 00:00:00
libvirt security, bug fix, and enhancement update
2011-07-31 00:00:00
openvas
openvas
Ubuntu Update for libvirt vulnerability USN-1094-1
2011-04-01 00:00:00
RedHat Update for libvirt RHSA-2011:0391-01
2012-06-06 00:00:00
CentOS Update for libvirt CESA-2011:0391 centos5 i386
2011-08-09 00:00:00
ubuntu
ubuntu
Libvirt vulnerability
2011-03-29 00:00:00
securityvulns
securityvulns
libvirt protection bypass
2011-03-23 00:00:00
[SECURITY] [DSA 2194-1] libvirt security update
2011-03-23 00:00:00
debian
debian
[SECURITY] [DSA 2194-1] libvirt security update
2011-03-18 07:48:13
redhat
redhat
(RHSA-2011:0391) Important: libvirt security update
2011-03-28 00:00:00
(RHSA-2011:0439) Moderate: rhev-hypervisor security and bug fix update
2011-04-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libvirt version 0.9.0-alt1
2011-04-06 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: libvirt-0.8.8-3.fc15
2011-03-19 05:50:43
[SECURITY] Fedora 14 Update: libvirt-0.8.3-9.fc14
2011-04-11 21:00:16
[SECURITY] Fedora 13 Update: libvirt-0.8.2-6.fc13
2011-04-18 21:23:20
centos
centos
libvirt security update
2011-04-28 14:15:01
ubuntucve
ubuntucve
CVE-2011-1146
2011-03-15 00:00:00
debiancve
debiancve
CVE-2011-1146
2011-03-15 17:55:00
prion
prion
Code injection
2011-03-15 17:55:00
cve
cve
CVE-2011-1146
2011-03-15 17:55:00
gentoo
gentoo
libvirt: Multiple vulnerabilities
2012-02-27 00:00:00
osv
osv
Related for UBUNTU_USN-1094-1.NASL