Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2630-1.NASL
HistoryJun 11, 2015 - 12:00 a.m.

Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2630-1)

2015-06-1100:00:00
Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3209)

Kurt Seifried discovered that QEMU incorrectly handled certain temporary files. A local attacker could use this issue to cause a denial of service. (CVE-2015-4037)

Jan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the host MSI message data field. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04.
(CVE-2015-4103)

Jan Beulich discovered that the QEMU Xen code incorrectly restricted access to the PCI MSI mask bits. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4104)

Jan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X error messages. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4105)

Jan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the PCI config space. A malicious guest could use this issue to cause a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4106).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2630-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84118);
  script_version("2.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2015-3209",
    "CVE-2015-4037",
    "CVE-2015-4103",
    "CVE-2015-4104",
    "CVE-2015-4105",
    "CVE-2015-4106"
  );
  script_bugtraq_id(
    74809,
    74947,
    74948,
    74949,
    74950,
    75123
  );
  script_xref(name:"USN", value:"2630-1");

  script_name(english:"Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2630-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Matt Tait discovered that QEMU incorrectly handled the virtual PCNET
driver. A malicious guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user
running the QEMU process. In the default installation, when QEMU is
used with libvirt, attackers would be isolated by the libvirt AppArmor
profile. (CVE-2015-3209)

Kurt Seifried discovered that QEMU incorrectly handled certain
temporary files. A local attacker could use this issue to cause a
denial of service. (CVE-2015-4037)

Jan Beulich discovered that the QEMU Xen code incorrectly restricted
write access to the host MSI message data field. A malicious guest
could use this issue to cause a denial of service. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04.
(CVE-2015-4103)

Jan Beulich discovered that the QEMU Xen code incorrectly restricted
access to the PCI MSI mask bits. A malicious guest could use this
issue to cause a denial of service. This issue only applied to Ubuntu
14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4104)

Jan Beulich discovered that the QEMU Xen code incorrectly handled
MSI-X error messages. A malicious guest could use this issue to cause
a denial of service. This issue only applied to Ubuntu 14.04 LTS,
Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4105)

Jan Beulich discovered that the QEMU Xen code incorrectly restricted
write access to the PCI config space. A malicious guest could use this
issue to cause a denial of service, obtain sensitive information, or
possibly execute arbitrary code. This issue only applied to Ubuntu
14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4106).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2630-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3209");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-arm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-mips");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-misc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-user");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-user-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qemu-keymaps");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'qemu', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-common', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-guest-agent', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-keymaps', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-kvm', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-system', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-system-aarch64', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-system-arm', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-system-common', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-system-mips', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-system-misc', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-system-ppc', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-system-sparc', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-system-x86', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-user', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-user-static', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'},
    {'osver': '14.04', 'pkgname': 'qemu-utils', 'pkgver': '2.0.0+dfsg-2ubuntu1.13'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'qemu / qemu-common / qemu-guest-agent / qemu-keymaps / qemu-kvm / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxqemu-kvmp-cpe:/a:canonical:ubuntu_linux:qemu-kvm
canonicalubuntu_linuxqemu-systemp-cpe:/a:canonical:ubuntu_linux:qemu-system
canonicalubuntu_linuxqemu-system-aarch64p-cpe:/a:canonical:ubuntu_linux:qemu-system-aarch64
canonicalubuntu_linuxqemu-system-armp-cpe:/a:canonical:ubuntu_linux:qemu-system-arm
canonicalubuntu_linuxqemu-system-commonp-cpe:/a:canonical:ubuntu_linux:qemu-system-common
canonicalubuntu_linuxqemu-system-mipsp-cpe:/a:canonical:ubuntu_linux:qemu-system-mips
canonicalubuntu_linuxqemu-system-miscp-cpe:/a:canonical:ubuntu_linux:qemu-system-misc
canonicalubuntu_linuxqemu-system-ppcp-cpe:/a:canonical:ubuntu_linux:qemu-system-ppc
canonicalubuntu_linuxqemu-system-sparcp-cpe:/a:canonical:ubuntu_linux:qemu-system-sparc
canonicalubuntu_linuxqemu-system-x86p-cpe:/a:canonical:ubuntu_linux:qemu-system-x86
Rows per page:
1-10 of 181

Related

nessus 51
debian 5
openvas 53
ubuntu 1
securityvulns 3
osv 3
suse 16
mageia 2
fedora 14
ubuntucve 6
cve 6
prion 6
freebsd 5
xen 5
debiancve 6
f5 3
oraclelinux 2
redhat 4
centos 2
veracode 1
ibm 2
gentoo 2
arista 1
nessus
nessus
Debian DSA-3284-1 : qemu - security update
2015-06-15 00:00:00
OracleVM 3.3 : xen (OVMSA-2015-0064)
2015-06-03 00:00:00
Fedora 21 : xen-4.4.2-5.fc21 (2015-9466)
2015-06-15 00:00:00
debian
debian
[SECURITY] [DSA 3284-1] qemu security update
2015-06-12 22:51:17
[SECURITY] [DSA 3284-1] qemu security update
2015-06-12 22:50:58
[SECURITY] [DSA 3286-1] xen security update
2015-06-13 14:13:29
openvas
openvas
Ubuntu: Security Advisory (USN-2630-1)
2015-06-11 00:00:00
Debian Security Advisory DSA 3284-1 (qemu - security update)
2015-06-13 00:00:00
Debian: Security Advisory (DSA-3284-1)
2015-06-12 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2015-06-10 00:00:00
securityvulns
securityvulns
[USN-2630-1] QEMU vulnerabilities
2015-06-13 00:00:00
libvirt / qemu / Xen multiple security vulnerabilities
2015-06-21 00:00:00
[SECURITY] [DSA 3286-1] xen security update
2015-06-21 00:00:00
osv
osv
qemu - security update
2015-06-13 00:00:00
xen - security update
2015-06-13 00:00:00
qemu-kvm - security update
2015-06-13 00:00:00
suse
suse
Security update for Xen (important)
2015-06-29 14:05:20
Security update for xen (important)
2015-06-11 17:05:28
Security update for Xen (important)
2015-06-29 15:05:16
mageia
mageia
Updated qemu package fixes security vulnerability
2015-08-11 23:22:53
Updated xen packages fix security vulnerabilities
2016-03-07 14:20:30
fedora
fedora
[SECURITY] Fedora 22 Update: xen-4.5.0-10.fc22
2015-06-14 17:31:06
[SECURITY] Fedora 22 Update: xen-4.5.0-11.fc22
2015-06-24 16:01:05
[SECURITY] Fedora 22 Update: xen-4.5.1-2.fc22
2015-07-19 01:58:20
ubuntucve
ubuntucve
CVE-2015-4106
2015-06-03 00:00:00
CVE-2015-4103
2015-06-03 00:00:00
CVE-2015-4105
2015-06-03 00:00:00
cve
cve
CVE-2015-4106
2015-06-03 20:59:00
CVE-2015-4105
2015-06-03 20:59:00
CVE-2015-4103
2015-06-03 20:59:00
prion
prion
Design/Logic Flaw
2015-06-03 20:59:00
Code injection
2015-06-03 20:59:00
Type confusion
2015-06-03 20:59:00
freebsd
freebsd
xen-tools -- Potential unintended writes to host MSI message data field via qemu
2015-06-02 00:00:00
xen-tools -- Unmediated PCI register access in qemu
2015-06-02 00:00:00
xen-tools -- Guest triggerable qemu MSI-X pass-through error messages
2015-06-02 00:00:00
xen
xen
Unmediated PCI register access in qemu
2015-06-02 12:00:00
Potential unintended writes to host MSI message data field via qemu
2015-06-02 12:00:00
Guest triggerable qemu MSI-X pass-through error messages
2015-06-02 12:00:00
debiancve
debiancve
CVE-2015-4106
2015-06-03 20:59:00
CVE-2015-4105
2015-06-03 20:59:00
CVE-2015-4103
2015-06-03 20:59:00
f5
f5
K64765350 : QEMU vulnerability CVE-2015-4037
2019-03-07 00:00:00
SOL63519101 - Multiple QEMU vulnerabilities
2016-02-16 00:00:00
K63519101 : Multiple QEMU vulnerabilities
2016-02-16 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2015-06-10 00:00:00
kvm security update
2015-06-25 00:00:00
redhat
redhat
(RHSA-2015:1189) Important: kvm security update
2015-06-25 00:00:00
(RHSA-2015:1087) Important: qemu-kvm security update
2015-06-10 00:00:00
(RHSA-2015:1089) Important: qemu-kvm-rhev security update
2015-06-10 14:50:31
centos
centos
kmod, kvm security update
2015-06-26 12:05:54
qemu security update
2015-06-10 15:32:54
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:06:09
ibm
ibm
Security Bulletin: PowerKVM is affected by two Qemu vulnerabilities
2018-06-18 01:28:53
Security Bulletin: Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:33:00
gentoo
gentoo
QEMU: Arbitrary code execution
2015-10-31 00:00:00
Xen: Multiple vulnerabilities
2016-04-05 00:00:00
arista
arista
Security Advisory 0013
2015-09-04 00:00:00
JSON
Related for UBUNTU_USN-2630-1.NASL
nessus51debian5openvas53ubuntu1securityvulns3osv3suse16mageia2fedora14ubuntucve6cve6prion6freebsd5xen5debiancve6f53oraclelinux2redhat4centos2veracode1ibm2gentoo2arista1