Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.VIRTUOZZO_VZLSA-2017-1206.NASL
HistoryJul 13, 2017 - 12:00 a.m.

Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2017-1206)

2017-07-1300:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.

Security Fix(es) :

  • A heap buffer overflow flaw was found in QEMU’s Cirrus CLGD 54xx VGA emulator’s VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
    (CVE-2016-9603)

  • An out-of-bounds r/w access issue was found in QEMU’s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)

  • An out-of-bounds memory access issue was found in QEMU’s VNC display driver support. The vulnerability could occur while refreshing the VNC display surface area in the ‘vnc_refresh_server_surface’. A user/process inside a guest could use this flaw to crash the QEMU process, resulting in a denial of service. (CVE-2017-2633)

  • An out-of-bounds access issue was found in QEMU’s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)

Red Hat would like to thank Jiangxin (PSIRT Huawei Inc.) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc.) for reporting CVE-2017-7718.

Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(101463);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id(
    "CVE-2016-9603",
    "CVE-2017-2633",
    "CVE-2017-7718",
    "CVE-2017-7980"
  );

  script_name(english:"Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2017-1206)");
  script_summary(english:"Checks the rpm output for the updated package.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Virtuozzo host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"An update for qemu-kvm is now available for Red Hat Enterprise Linux
6.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution
for Linux on a variety of architectures. The qemu-kvm package provides
the user-space component for running virtual machines that use KVM.

Security Fix(es) :

* A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA
emulator's VNC display driver support; the issue could occur when a
VNC client attempted to update its display after a VGA operation is
performed by a guest. A privileged user/process inside a guest could
use this flaw to crash the QEMU process or, potentially, execute
arbitrary code on the host with privileges of the QEMU process.
(CVE-2016-9603)

* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD
54xx VGA Emulator support. The vulnerability could occur while copying
VGA data via various bitblt functions. A privileged user inside a
guest could use this flaw to crash the QEMU process or, potentially,
execute arbitrary code on the host with privileges of the QEMU
process. (CVE-2017-7980)

* An out-of-bounds memory access issue was found in QEMU's VNC display
driver support. The vulnerability could occur while refreshing the VNC
display surface area in the 'vnc_refresh_server_surface'. A
user/process inside a guest could use this flaw to crash the QEMU
process, resulting in a denial of service. (CVE-2017-2633)

* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx
VGA Emulator support. The vulnerability could occur while copying VGA
data using bitblt functions (for example,
cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could
use this flaw to crash the QEMU process, resulting in denial of
service. (CVE-2017-7718)

Red Hat would like to thank Jiangxin (PSIRT Huawei Inc.) and Li Qiang
(Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT
Huawei Inc.) for reporting CVE-2017-7718.

Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues.");
  # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-1206.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e16ea1b5");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017-1206");
  script_set_attribute(attribute:"solution", value:
"Update the affected qemu-guest-agent / qemu-img / qemu-kvm / etc package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:qemu-guest-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:qemu-img");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:6");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Virtuozzo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/Virtuozzo/release");
if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 6.x", "Virtuozzo " + os_ver);

if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);

flag = 0;

pkgs = ["qemu-guest-agent-0.12.1.2-2.503.vl6.3",
        "qemu-img-0.12.1.2-2.503.vl6.3",
        "qemu-kvm-0.12.1.2-2.503.vl6.3",
        "qemu-kvm-tools-0.12.1.2-2.503.vl6.3"];

foreach (pkg in pkgs)
  if (rpm_check(release:"Virtuozzo-6", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-guest-agent / qemu-img / qemu-kvm / etc");
}
VendorProductVersionCPE
virtuozzovirtuozzoqemu-guest-agentp-cpe:/a:virtuozzo:virtuozzo:qemu-guest-agent
virtuozzovirtuozzoqemu-imgp-cpe:/a:virtuozzo:virtuozzo:qemu-img
virtuozzovirtuozzoqemu-kvmp-cpe:/a:virtuozzo:virtuozzo:qemu-kvm
virtuozzovirtuozzoqemu-kvm-toolsp-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-tools
virtuozzovirtuozzo6cpe:/o:virtuozzo:virtuozzo:6

Related

nessus 66
oraclelinux 6
redhat 14
centos 4
openvas 43
suse 18
debian 4
osv 8
ibm 1
cve 4
ubuntucve 4
xen 1
freebsd 1
prion 4
citrix 2
redhatcve 4
debiancve 4
veracode 4
ubuntu 2
fedora 4
gentoo 1
nessus
nessus
RHEL 6 : qemu-kvm (RHSA-2017:1206)
2017-05-10 00:00:00
Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20170509)
2017-05-10 00:00:00
CentOS 6 : qemu-kvm (CESA-2017:1206)
2017-05-10 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2017-05-09 00:00:00
qemu-kvm security and bug fix update
2017-06-13 00:00:00
qemu-kvm security update
2018-07-10 00:00:00
redhat
redhat
(RHSA-2017:1441) Important: qemu-kvm-rhev security and bug fix update
2017-06-14 14:59:37
(RHSA-2017:1206) Important: qemu-kvm security update
2017-05-09 11:36:59
(RHSA-2017:1205) Important: qemu-kvm-rhev security update
2017-05-09 10:53:07
centos
centos
qemu security update
2017-05-09 16:59:13
qemu security update
2017-06-13 18:32:57
qemu security update
2017-04-19 16:57:39
openvas
openvas
RedHat Update for qemu-kvm RHSA-2017:1206-01
2017-05-10 00:00:00
CentOS Update for qemu-guest-agent CESA-2017:1206 centos6
2017-05-10 00:00:00
Debian: Security Advisory (DLA-939-1)
2018-01-24 00:00:00
suse
suse
Security update for xen (important)
2017-05-02 18:11:58
Security update for xen (important)
2017-05-02 18:14:46
Security update for xen (important)
2017-05-02 18:13:29
debian
debian
[SECURITY] [DLA 939-1] qemu-kvm security update
2017-05-11 10:00:48
[SECURITY] [DLA 1035-1] qemu security update
2017-07-21 15:17:41
[SECURITY] [DLA 1270-1] xen security update
2018-02-06 12:35:00
osv
osv
qemu-kvm - security update
2017-05-11 00:00:00
qemu - security update
2017-07-21 00:00:00
CVE-2016-9603
2018-07-27 21:29:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in qemu-kvm and libguestfs affect SmartCloud Entry (CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980 CVE-2015-8869)
2020-07-19 00:49:12
cve
cve
CVE-2016-9603
2018-07-27 21:29:00
CVE-2017-7980
2017-07-25 14:29:00
CVE-2017-7718
2017-04-20 17:59:00
ubuntucve
ubuntucve
CVE-2016-9603
2016-12-31 00:00:00
CVE-2017-7980
2017-04-21 00:00:00
CVE-2017-7718
2017-04-20 00:00:00
xen
xen
Cirrus VGA Heap overflow via display refresh
2017-03-14 11:58:00
freebsd
freebsd
xen-tools -- Cirrus VGA Heap overflow via display refresh
2017-03-14 00:00:00
prion
prion
Heap overflow
2018-07-27 21:29:00
Heap overflow
2017-07-25 14:29:00
Out-of-bounds
2017-04-20 17:59:00
citrix
citrix
CVE-2016-9603 - Citrix XenServer Security Update
2017-03-14 04:00:00
Citrix XenServer Multiple Security Updates
2017-12-01 05:00:00
redhatcve
redhatcve
CVE-2016-9603
2021-03-20 20:36:40
CVE-2017-7718
2019-11-03 10:16:22
CVE-2017-7980
2019-10-10 15:19:59
debiancve
debiancve
CVE-2016-9603
2018-07-27 21:29:00
CVE-2017-7980
2017-07-25 14:29:00
CVE-2017-7718
2017-04-20 17:59:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:16:24
Heap-Based Buffer Overflow
2019-05-02 06:09:48
Denial Of Service (DoS)
2019-01-15 09:17:12
ubuntu
ubuntu
QEMU vulnerabilities
2017-05-16 00:00:00
QEMU vulnerabilities
2017-04-25 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: xen-4.7.2-2.fc25
2017-03-21 03:23:43
[SECURITY] Fedora 25 Update: qemu-2.7.1-7.fc25
2017-07-25 21:29:02
[SECURITY] Fedora 26 Update: xen-4.8.1-6.fc26
2017-08-22 20:46:11
gentoo
gentoo
QEMU: Multiple vulnerabilities
2017-06-06 00:00:00
JSON
Related for VIRTUOZZO_VZLSA-2017-1206.NASL
nessus66oraclelinux6redhat14centos4openvas43suse18debian4osv8ibm1cve4ubuntucve4xen1freebsd1prion4citrix2redhatcve4debiancve4veracode4ubuntu2fedora4gentoo1