Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-089)

2019-11-2200:00:00

www.tenable.com

7.8 High

AI Score

Confidence

High

JSON

According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :

hw: Machine Check Error on Page Size Change (IFU)
hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write
Kernel: vhost_net: infinite loop while receiving packets leads to DoS
Kernel: vhost-net: guest to host kernel escape during migration
hw: Intel GPU Denial Of Service while accessing MMIO in lower power state
hw: TSX Transaction Asynchronous Abort (TAA)

Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(131227);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/10");

  script_cve_id(
    "CVE-2018-12207",
    "CVE-2019-0154",
    "CVE-2019-0155",
    "CVE-2019-11135",
    "CVE-2019-14835",
    "CVE-2019-3900"
  );
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-089)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Virtuozzo host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the parallels-server-bm-release /
vzkernel / etc packages installed, the Virtuozzo installation on the
remote host is affected by the following vulnerabilities :

  - hw: Machine Check Error on Page Size Change (IFU)

  - hw: Intel GPU blitter manipulation can allow for
    arbitrary kernel memory write

  - Kernel: vhost_net: infinite loop while receiving
    packets leads to DoS

  - Kernel: vhost-net: guest to host kernel escape during
    migration

  - hw: Intel GPU Denial Of Service while accessing MMIO in
    lower power state

  - hw: TSX Transaction Asynchronous Abort (TAA)

Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://virtuozzosupport.force.com/s/article/VZA-2019-089");
  script_set_attribute(attribute:"solution", value:
"Update the affected parallels-server-bm-release / vzkernel / etc packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14835");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzkernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzmodules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Virtuozzo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/Virtuozzo/release");
if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 6.x", "Virtuozzo " + os_ver);

if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);

flag = 0;

pkgs = ["parallels-server-bm-release-6.0.12-3753",
        "vzkernel-2.6.32-042stab141.3",
        "vzkernel-devel-2.6.32-042stab141.3",
        "vzkernel-firmware-2.6.32-042stab141.3",
        "vzmodules-2.6.32-042stab141.3",
        "vzmodules-devel-2.6.32-042stab141.3"];

foreach (pkg in pkgs)
  if (rpm_check(release:"Virtuozzo-6", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "parallels-server-bm-release / vzkernel / etc");
}

VendorProductVersionCPE
virtuozzovirtuozzoparallels-server-bm-releasep-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release
virtuozzovirtuozzovzkernelp-cpe:/a:virtuozzo:virtuozzo:vzkernel
virtuozzovirtuozzovzkernel-develp-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel
virtuozzovirtuozzovzkernel-firmwarep-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware
virtuozzovirtuozzovzmodulesp-cpe:/a:virtuozzo:virtuozzo:vzmodules
virtuozzovirtuozzovzmodules-develp-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel
virtuozzovirtuozzo6cpe:/o:virtuozzo:virtuozzo:6

Vendor	Product	Version	CPE
virtuozzo	virtuozzo	parallels-server-bm-release	p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release
virtuozzo	virtuozzo	vzkernel	p-cpe:/a:virtuozzo:virtuozzo:vzkernel
virtuozzo	virtuozzo	vzkernel-devel	p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel
virtuozzo	virtuozzo	vzkernel-firmware	p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware
virtuozzo	virtuozzo	vzmodules	p-cpe:/a:virtuozzo:virtuozzo:vzmodules
virtuozzo	virtuozzo	vzmodules-devel	p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel
virtuozzo	virtuozzo	6	cpe:/o:virtuozzo:virtuozzo:6