Lucene search
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6763-1.NASLHistoryMay 07, 2024 - 12:00 a.m.
Ubuntu 24.04 LTS : libvirt vulnerability (USN-6763-1)
2024-05-0700:00:00
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
ubuntu
24.04 lts
libvirt
vulnerability
update
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6763-1 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6763-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(195120);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/08");
script_cve_id("CVE-2024-4418");
script_xref(name:"USN", value:"6763-1");
script_name(english:"Ubuntu 24.04 LTS : libvirt vulnerability (USN-6763-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the
USN-6763-1 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6763-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-4418");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/07");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-libvirt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-clients");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-clients-qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-config-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-config-nwfilter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-lxc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-storage-gluster");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-storage-iscsi-direct");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-storage-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-storage-zfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-vbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-system");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-system-systemd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-system-sysv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-l10n");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-login-shell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-sanlock");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt-wireshark");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libvirt0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('24.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 24.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '24.04', 'pkgname': 'libnss-libvirt', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-clients', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-clients-qemu', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-config-network', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-config-nwfilter', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-driver-lxc', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-driver-qemu', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-driver-storage-gluster', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-driver-storage-iscsi-direct', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-driver-storage-rbd', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-driver-storage-zfs', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-driver-vbox', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-driver-xen', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-system', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-system-systemd', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-daemon-system-sysv', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-dev', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-l10n', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-login-shell', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-sanlock', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt-wireshark', 'pkgver': '10.0.0-2ubuntu8.2'},
{'osver': '24.04', 'pkgname': 'libvirt0', 'pkgver': '10.0.0-2ubuntu8.2'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libnss-libvirt / libvirt-clients / libvirt-clients-qemu / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 24.04 | cpe:/o:canonical:ubuntu_linux:24.04:-:lts |
| canonical | ubuntu_linux | libnss-libvirt | p-cpe:/a:canonical:ubuntu_linux:libnss-libvirt |
| canonical | ubuntu_linux | libvirt-clients | p-cpe:/a:canonical:ubuntu_linux:libvirt-clients |
| canonical | ubuntu_linux | libvirt-clients-qemu | p-cpe:/a:canonical:ubuntu_linux:libvirt-clients-qemu |
| canonical | ubuntu_linux | libvirt-daemon | p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon |
| canonical | ubuntu_linux | libvirt-daemon-config-network | p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-config-network |
| canonical | ubuntu_linux | libvirt-daemon-config-nwfilter | p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-config-nwfilter |
| canonical | ubuntu_linux | libvirt-daemon-driver-lxc | p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-lxc |
| canonical | ubuntu_linux | libvirt-daemon-driver-qemu | p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-qemu |
| canonical | ubuntu_linux | libvirt-daemon-driver-storage-gluster | p-cpe:/a:canonical:ubuntu_linux:libvirt-daemon-driver-storage-gluster |
Related
cbl_mariner
cbl_mariner
CVE-2024-4418 affecting package libvirt for versions less than 7.10.0-10
2024-06-12 22:23:00
fedora
fedora
[SECURITY] Fedora 39 Update: libvirt-9.7.0-4.fc39
2024-06-21 01:16:27
[SECURITY] Fedora 40 Update: libvirt-10.1.0-2.fc40
2024-06-11 01:51:32
ubuntucve
ubuntucve
CVE-2024-4418
2024-05-05 00:00:00
openvas
openvas
Fedora: Security Advisory for libvirt (FEDORA-2024-ee96e0c470)
2024-06-11 00:00:00
Fedora: Security Advisory for libvirt (FEDORA-2024-c2e7b82022)
2024-06-21 00:00:00
openSUSE: Security Advisory for libvirt (SUSE-SU-2024:1962-1)
2024-06-12 00:00:00
redos
redos
ROS-20240607-04
2024-06-07 00:00:00
debiancve
debiancve
CVE-2024-4418
2024-05-08 03:15:07
redhatcve
redhatcve
CVE-2024-4418
2024-05-02 12:59:36
cve
cve
CVE-2024-4418
2024-05-08 03:15:07
osv
osv
libvirt vulnerability
2024-05-07 11:21:40
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libvirt (SUSE-SU-2024:1962-1)
2024-06-11 00:00:00
Fedora 39 : libvirt (2024-c2e7b82022)
2024-06-20 00:00:00
Fedora 40 : libvirt (2024-ee96e0c470)
2024-06-11 00:00:00
cvelist
cvelist
CVE-2024-4418 Libvirt: stack use-after-free in virnetclientioeventloop()
2024-05-08 03:03:05
nvd
nvd
CVE-2024-4418
2024-05-08 03:15:07
ubuntu
ubuntu
libvirt vulnerability
2024-05-07 00:00:00
veracode
veracode
Use After Free
2024-05-09 03:34:43
photon
photon
Moderate Photon OS Security Update - PHSA-2024-4.0-0609
2024-05-13 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0268
2024-05-13 00:00:00
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Related for UBUNTU_USN-6763-1.NASL