Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2409-1.NASL
HistoryNov 14, 2014 - 12:00 a.m.

Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2409-1)

2014-11-1400:00:00
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
JSON

Laszlo Ersek discovered that QEMU incorrectly handled memory in the vga device. A malicious guest could possibly use this issue to read arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3615)

Xavier Mehrenberger and Stephane Duverger discovered that QEMU incorrectly handled certain udp packets when using guest networking. A malicious guest could possibly use this issue to cause a denial of service. (CVE-2014-3640)

It was discovered that QEMU incorrectly handled parameter validation in the vmware_vga device. A malicious guest could possibly use this issue to write into memory of the host, leading to privilege escalation. (CVE-2014-3689)

It was discovered that QEMU incorrectly handled USB xHCI controller live migration. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-5263)

Michael S. Tsirkin discovered that QEMU incorrectly handled memory in the ACPI PCI hotplug interface. A malicious guest could possibly use this issue to access memory of the host, leading to information disclosure or privilege escalation. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-5388)

James Spadaro discovered that QEMU incorrectly handled certain VNC bytes_per_pixel values. An attacker having access to a VNC console could possibly use this issue to cause a guest to crash, resulting in a denial of service. (CVE-2014-7815).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2409-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79244);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");

  script_cve_id(
    "CVE-2014-3615",
    "CVE-2014-3640",
    "CVE-2014-3689",
    "CVE-2014-5263",
    "CVE-2014-5388",
    "CVE-2014-7815"
  );
  script_xref(name:"USN", value:"2409-1");

  script_name(english:"Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2409-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Laszlo Ersek discovered that QEMU incorrectly handled memory in the
vga device. A malicious guest could possibly use this issue to read
arbitrary host memory. This issue only affected Ubuntu 14.04 LTS and
Ubuntu 14.10. (CVE-2014-3615)

Xavier Mehrenberger and Stephane Duverger discovered that QEMU
incorrectly handled certain udp packets when using guest networking. A
malicious guest could possibly use this issue to cause a denial of
service. (CVE-2014-3640)

It was discovered that QEMU incorrectly handled parameter validation
in the vmware_vga device. A malicious guest could possibly use this
issue to write into memory of the host, leading to privilege
escalation. (CVE-2014-3689)

It was discovered that QEMU incorrectly handled USB xHCI controller
live migration. An attacker could possibly use this issue to cause a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 LTS. (CVE-2014-5263)

Michael S. Tsirkin discovered that QEMU incorrectly handled memory in
the ACPI PCI hotplug interface. A malicious guest could possibly use
this issue to access memory of the host, leading to information
disclosure or privilege escalation. This issue only affected Ubuntu
14.04 LTS. (CVE-2014-5388)

James Spadaro discovered that QEMU incorrectly handled certain VNC
bytes_per_pixel values. An attacker having access to a VNC console
could possibly use this issue to cause a guest to crash, resulting in
a denial of service. (CVE-2014-7815).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2409-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3689");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2014-3640");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-user");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-user-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-keymaps");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'qemu', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-common', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-guest-agent', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-keymaps', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-kvm', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-system', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-system-aarch64', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-system-arm', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-system-common', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-system-mips', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-system-misc', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-system-ppc', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-system-sparc', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-system-x86', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-user', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-user-static', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'},
    {'osver': '14.04', 'pkgname': 'qemu-utils', 'pkgver': '2.0.0+dfsg-2ubuntu1.7'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu / qemu-common / qemu-guest-agent / qemu-keymaps / qemu-kvm / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxqemu-kvmp-cpe:/a:canonical:ubuntu_linux:qemu-kvm
canonicalubuntu_linuxqemu-systemp-cpe:/a:canonical:ubuntu_linux:qemu-system
canonicalubuntu_linuxqemu-system-aarch64p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64
canonicalubuntu_linuxqemu-system-armp-cpe:/a:canonical:ubuntu_linux:qemu-system-arm
canonicalubuntu_linuxqemu-system-commonp-cpe:/a:canonical:ubuntu_linux:qemu-system-common
canonicalubuntu_linuxqemu-system-mipsp-cpe:/a:canonical:ubuntu_linux:qemu-system-mips
canonicalubuntu_linuxqemu-system-miscp-cpe:/a:canonical:ubuntu_linux:qemu-system-misc
canonicalubuntu_linuxqemu-system-ppcp-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc
canonicalubuntu_linuxqemu-system-sparcp-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc
canonicalubuntu_linuxqemu-system-x86p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86
Rows per page:
1-10 of 181

Related

openvas 56
ubuntu 1
nessus 55
gentoo 2
mageia 2
debian 6
securityvulns 3
fedora 9
osv 2
centos 2
redhat 5
prion 6
ubuntucve 6
checkpoint_advisories 1
veracode 2
talosblog 1
debiancve 6
cve 6
oraclelinux 2
suse 20
openvas
openvas
Ubuntu: Security Advisory (USN-2409-1)
2014-11-14 00:00:00
Gentoo Security Advisory GLSA 201412-01
2015-09-29 00:00:00
Mageia: Security Advisory (MGASA-2014-0467)
2022-01-28 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2014-11-13 00:00:00
nessus
nessus
GLSA-201412-01 : QEMU: Multiple Vulnerabilities
2014-12-09 00:00:00
Fedora 20 : qemu-1.6.2-10.fc20 (2014-14033)
2014-11-11 00:00:00
Fedora 21 : qemu-2.1.2-6.fc21 (2014-13993)
2014-11-10 00:00:00
gentoo
gentoo
QEMU: Multiple Vulnerabilities
2014-12-08 00:00:00
QEMU: Multiple Vulnerabilities
2014-12-24 00:00:00
mageia
mageia
Updated qemu packages fix security vulnerabilities
2014-11-21 15:44:16
Updated qemu packages fix multiple security vulnerabilities
2014-10-28 14:33:36
debian
debian
[SECURITY] [DSA 3066-1] qemu security update
2014-11-06 15:58:54
[SECURITY] [DSA 3067-1] qemu-kvm security update
2014-11-06 15:58:59
[SECURITY] [DSA 3066-1] qemu security update
2014-11-06 15:58:54
securityvulns
securityvulns
[SECURITY] [DSA 3066-1] qemu security update
2014-11-10 00:00:00
qemu multiple security vulnerabilities
2014-12-08 00:00:00
[SECURITY] [DSA 3045-1] qemu security update
2014-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: qemu-2.1.2-6.fc21
2014-11-10 06:22:24
[SECURITY] Fedora 21 Update: qemu-2.1.1-1.fc21
2014-09-23 05:07:12
[SECURITY] Fedora 20 Update: qemu-1.6.2-10.fc20
2014-11-10 06:48:10
osv
osv
qemu-kvm - security update
2014-11-06 00:00:00
qemu - security update
2014-11-06 00:00:00
centos
centos
libcacard, qemu security update
2015-03-17 13:29:43
libcacard, qemu security update
2014-10-21 17:21:12
redhat
redhat
(RHSA-2015:0349) Important: qemu-kvm security, bug fix, and enhancement update
2015-03-05 00:00:00
(RHSA-2015:0624) Important: qemu-kvm-rhev security, bug fix, and enhancement update
2015-03-05 09:19:16
(RHSA-2014:1670) Low: qemu-kvm-rhev security and bug fix update
2014-10-20 00:00:00
prion
prion
Memory corruption
2014-08-26 14:55:00
Format string
2014-11-14 15:59:00
Memory corruption
2014-11-14 15:59:00
ubuntucve
ubuntucve
CVE-2014-5263
2014-08-26 00:00:00
CVE-2014-7815
2014-10-29 00:00:00
CVE-2014-3689
2014-10-17 00:00:00
checkpoint_advisories
checkpoint_advisories
QEMU vnc set_pixel_format bits_per_pixel Null Pointer Dereference (CVE-2014-7815)
2014-12-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:12:34
Denial Of Service (DoS)
2019-01-15 09:05:01
talosblog
talosblog
The Mutiny Fuzzing Framework and Decept Proxy
2017-12-07 10:06:00
debiancve
debiancve
CVE-2014-7815
2014-11-14 15:59:00
CVE-2014-5263
2014-08-26 14:55:00
CVE-2014-3689
2014-11-14 15:59:00
cve
cve
CVE-2014-7815
2014-11-14 15:59:00
CVE-2014-5263
2014-08-26 14:55:00
CVE-2014-3689
2014-11-14 15:59:00
oraclelinux
oraclelinux
qemu-kvm security and bug fix update
2014-10-20 00:00:00
qemu-kvm security, bug fix, and enhancement update
2015-03-11 00:00:00
suse
suse
Security update for qemu (important)
2015-10-20 10:09:58
Security update for xen (important)
2016-04-26 16:08:08
Security update for xen (important)
2015-04-20 16:04:56
JSON
Related for UBUNTU_USN-2409-1.NASL
openvas56ubuntu1nessus55gentoo2mageia2debian6securityvulns3fedora9osv2centos2redhat5prion6ubuntucve6checkpoint_advisories1veracode2talosblog1debiancve6cve6oraclelinux2suse20