Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.XEN_SERVER_XSA-254.NASL
HistoryFeb 20, 2018 - 12:00 a.m.

Xen Multiple Vulnerabilities (Spectre) (Meltdown) (XSA-254)

2018-02-2000:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
39
JSON

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities.

Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(106902);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/08");

  script_cve_id("CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754");
  script_bugtraq_id(102371, 102376, 102378);
  script_xref(name:"IAVA", value:"2018-A-0019");
  script_xref(name:"IAVA", value:"2018-A-0020");

  script_name(english:"Xen Multiple Vulnerabilities (Spectre) (Meltdown) (XSA-254)");
  script_summary(english:"Checks 'xl info' output for the Xen hypervisor version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Xen hypervisor installation is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Xen hypervisor
installed on the remote host is affected by multiple vulnerabilities.

Note that Nessus has checked the changeset versions based on the
xen.git change log. Nessus did not check guest hardware configurations
or if patches were applied manually to the source code before a
recompile and reinstall.");
  script_set_attribute(attribute:"see_also", value:"http://xenbits.xen.org/xsa/advisory-254.html");
  script_set_attribute(attribute:"see_also", value:"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5754");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/20");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:xen:xen");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("xen_server_detect.nbin");
  script_require_keys("installed_sw/Xen Hypervisor", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("install_func.inc");
include("misc_func.inc");

app_name = "Xen Hypervisor";
install  = get_single_install(app_name:app_name);
if (report_paranoia < 2) audit(AUDIT_PARANOID);

version         = install['version'];
display_version = install['display_version'];
path            = install['path'];
managed_status  = install['Managed status'];
changeset       = install['Changeset'];

if (!empty_or_null(changeset))
  display_version += " (changeset " + changeset + ")";

# Installations that are vendor-managed are handled by OS-specific local package checks
if (managed_status == "managed")
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);

fixes['4.6']['fixed_ver']           = '4.6.6';
fixes['4.6']['fixed_ver_display']   = '4.6.6 (changeset 4d21549)';
fixes['4.6']['affected_ver_regex']  = '^4\\.6\\.';
fixes['4.6']['affected_changesets'] = make_list("ff4800c", "2613a1b",
  "8335c8a", "ab20c5c", "9089da9", "8edfc82", "af5b61a", "ec05090",
  "75263f7", "f7e273a", "03c7d2c", "9ce1a71", "a735c7a", "44ad7f6",
  "91dc902", "a065841", "c6e9e60", "f94c11d", "45ddc4e", "1ca93b7",
  "8c0c36e", "6e43623", "47d3e73", "ea80245", "37bb22b", "9b0c2a2",
  "8d3fe28", "be63d66", "9454e30", "aad5a67", "d8b0ebf", "f0208a4",
  "42b2c82", "57318e1", "9f22d72", "e0353b4", "76f1549", "9bac910",
  "c7a43e3", "913d4f8", "c5881c5", "b0239cd", "78fd0c3", "9079e0d",
  "1658a87", "22b6dfa", "a8cd231", "629eddd", "64c03bb", "b4660b4",
  "1ac8162", "747df3c", "5ae011e", "f974d32", "3300ad3", "d708b69");

fixes['4.7']['fixed_ver']           = '4.7.5';
fixes['4.7']['fixed_ver_display']   = '4.7.5-pre (changeset e9220b4)';
fixes['4.7']['affected_ver_regex']  = '^4\\.7\\.';
fixes['4.7']['affected_changesets'] = make_list("f961688", "91f7e46",
  "f291c01", "3cf4e29", "8860219", "62a2624", "c3f8df3", "3877c02",
  "f0ed5f9", "160b53c", "e131309", "9ede1ac", "d0cfbe8", "d596e6a",
  "f50ea84", "de3bdaa", "766990b", "4ac0229", "bafd63f", "d5bb425",
  "003ec3e", "fd884d6", "50c68df", "1bdcc9f", "2914ef5", "62b9706",
  "624abdc", "d7b73ed", "112c49c", "a5b0fa4", "e19d0af", "e19517a",
  "9b76908", "46025e3", "0e6c6fc", "40c4410", "f3b76b6", "4c937e2",
  "2307798", "7089465", "375896d", "99474d1", "f407332", "1c58d74",
  "d02140f", "fae9dd5", "caae052", "c90b5c1", "5b1c9fe", "2e6775e",
  "f2d19fb", "0baeec6", "664433a", "b3dfadc", "8f14027", "1967ced",
  "c3ddeca", "b9c150e", "5a99156", "4f34d9f", "4133de7", "b3981ea",
  "184f259", "67966a9", "af3f585");

fixes['4.8']['fixed_ver']           = '4.8.4';
fixes['4.8']['fixed_ver_display']   = '4.8.4-pre (changeset 532ccf4)';
fixes['4.8']['affected_ver_regex']  = '^4\\.8\\.';
fixes['4.8']['affected_changesets'] = make_list("da49e51", "ca9583d",
  "479b879", "2eefd92", "60c50f2", "1838e21", "5732a8e", "987b08d",
  "eadcd83", "ef2464c", "17bfbc8", "499391b", "87cb0e2", "393de92");

fixes['4.9']['fixed_ver']           = '4.9.2';
fixes['4.9']['fixed_ver_display']   = '4.9.2-pre (changeset 7648049)';
fixes['4.9']['affected_ver_regex']  = '^4\\.9\\.';
fixes['4.9']['affected_changesets'] = make_list("602633e", "6fef46d",
  "30b9929", "447dce8", "29df8a5", "6403b50", "628b6af", "237a58b",
  "f0f7ce5", "d6e9725", "9aaa208", "40f9ae9", "ade9554", "a0ed034",
  "4d01dbc", "22379b6", "6e13ad7", "0d32237", "4ba59bd", "2997c5e",
  "751c879", "a2567d6", "9f79e8d", "fba48ef", "3790833", "50450c1",
  "2ec7ccb", "dc7d465", "1e09746", "87ea781", "96990e2", "2213ffe",
  "c3774d1", "f559d50", "f877aab", "0c3d524", "4d190d7", "a4a4abf",
  "432f715", "389df4f", "d6fe186", "6a39a56", "d9ade82", "c09e166",
  "df6db6c", "986fcb8", "da8c866", "47a7e3b", "57205c4", "09d7c30",
  "8edff60", "fe1147d", "78c61ba", "c9afe26", "4bd6306", "a20f838",
  "984bb18", "1b0029c", "32e364c", "d3db9e3", "c553285", "6260c47",
  "d1cca07", "0a0dcdc", "fb51cab", "61c13ed", "52ad651");

fixes['4.10']['fixed_ver']           = '4.10.1';
fixes['4.10']['fixed_ver_display']   = '4.10.1-pre (changeset 65ee6e0)';
fixes['4.10']['affected_ver_regex']  = '^4\\.10\\.';
fixes['4.10']['affected_changesets'] = make_list("129880d", "c513244",
  "0e12c2c", "6aaf353", "32babfc", "47bbcb2", "8743fc2", "1830b20",
  "ab95cb0", "d02ef3d", "e32f814", "c534ab4", "be3138b", "79012ea",
  "bbd093c", "a69a8b5", "f167ebf", "c4c0187", "19ad8a7", "3caf32c",
  "df7be94", "f379b70", "728fadb", "9281129", "cae6e15", "d1f4283",
  "0f7a4fa", "b829d42", "7cccd6f", "234f481", "57dc197", "7209b8b",
  "910dd00", "50d24b9", "c89c622", "3b8d88d", "cdb1fb4", "a401864",
  "a87ec48", "9dc5eda", "135b67e", "682a9d8", "19dcd8e", "e5364c3",
  "e2dc7b5", "c8f4f45", "4150501", "ab7be6c", "f3fb667");

fix = NULL;
foreach ver_branch (keys(fixes))
{
  if (version =~ fixes[ver_branch]['affected_ver_regex'])
  {
    ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);
    if (ret < 0)
      fix = fixes[ver_branch]['fixed_ver_display'];
    else if (ret == 0)
    {
      if (empty_or_null(changeset))
        fix = fixes[ver_branch]['fixed_ver_display'];
      else
        foreach affected_changeset (fixes[ver_branch]['affected_changesets'])
          if (changeset == affected_changeset)
            fix = fixes[ver_branch]['fixed_ver_display'];
    }
  }
}

if (empty_or_null(fix))
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);

items  = make_array(
  "Installed version", display_version,
  "Fixed version", fix,
  "Path", path
);

order  = make_list("Path", "Installed version", "Fixed version");
report = report_items_str(report_items:items, ordered_fields:order) + '\n';

security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);
VendorProductVersionCPE
xenxencpe:/o:xen:xen

Related

ibm 27
nessus 62
qualysblog 6
threatpost 3
lenovo 2
suse 5
symantec 3
f5 1
redhat 23
openvas 25
vmware 2
huawei 2
virtuozzo 4
ubuntu 6
arista 1
redhatcve 1
seebug 1
nvidia 7
mageia 1
paloalto 1
malwarebytes 2
kitploit 1
cloudfoundry 1
cisco 1
centos 2
securelist 1
thn 2
citrix 1
talosblog 1
oraclelinux 2
veeam 1
cert 1
ibm
ibm
Security Bulletin: IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown.
2018-06-16 14:18:58
Security Bulletin: IBM QRadar SIEM has released 7.3.1 Patch 4, and 7.2.8 Patch 13 in response to the vulnerabilities known as Spectre and Meltdown.
2018-08-15 16:21:39
Security Bulletin: IBM Db2 Hosted is affected by the vulnerabilities known as Spectre and Meltdown
2018-06-16 14:18:59
nessus
nessus
AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)
2018-01-25 00:00:00
Ubuntu 17.10 : linux vulnerabilities (USN-3541-1) (Meltdown) (Spectre)
2018-01-23 00:00:00
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1236)
2018-09-18 00:00:00
qualysblog
qualysblog
Apple in the InfoSec Spotlight, as GitHub Falls Prey to Amplified DDoS Attack
2018-03-02 14:48:53
Meltdown/Spectre and Qualys Cloud Platform
2018-01-09 02:36:19
Processor Vulnerabilities – Meltdown and Spectre
2018-01-04 02:17:43
threatpost
threatpost
Experts Weigh In On Spectre Patch Challenges
2018-01-07 23:21:34
Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts
2018-01-04 13:01:52
Google Releases Spectre PoC Exploit For Chrome
2021-03-16 14:01:06
lenovo
lenovo
Reading Privileged Memory with a Side Channel - US
2018-10-24 12:22:52
Reading Privileged Memory with a Side Channel - Lenovo Support US
2018-10-24 12:22:52
suse
suse
Security update for the Linux Kernel (important)
2018-01-16 21:08:19
Security update for the Linux Kernel (important)
2018-01-11 18:10:26
Security update for the Linux Kernel (important)
2018-01-16 21:08:59
symantec
symantec
Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-01-03 00:00:00
SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks
2018-01-08 08:00:00
Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-01-03 00:00:00
f5
f5
Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
2018-01-04 04:46:00
redhat
redhat
(RHSA-2018:0182) Important: kernel security and bug fix update
2018-01-25 11:23:54
(RHSA-2018:0496) Important: kernel security and bug fix update
2018-03-13 14:14:17
(RHSA-2018:0047) Important: redhat-virtualization-host security update
2018-01-05 15:36:05
openvas
openvas
Microsoft Windows Speculative Execution Side-Channel Vulnerabilities (KB4073291)
2018-01-22 00:00:00
Ubuntu: Security Advisory (USN-3541-1)
2018-01-23 00:00:00
Mageia: Security Advisory (MGASA-2018-0080)
2022-01-28 00:00:00
vmware
vmware
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-02-08 00:00:00
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-02-08 00:00:00
huawei
huawei
Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre'
2018-01-06 00:00:00
Security Advisory - CPU Vulnerabilities Meltdown and Spectre
2018-06-06 00:00:00
virtuozzo
virtuozzo
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2, Virtuozzo 6.0 Update 12 Hotfix 20 (6.0.12-3690)
2018-01-06 00:00:00
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 3.10.0-693.11.6.vz7.40.4, Virtuozzo 7.0 Update 6 Hotfix 3 (7.0.6-710)
2018-01-08 00:00:00
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-01-06 00:00:00
ubuntu
ubuntu
Linux kernel (HWE) vulnerabilities
2018-03-15 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2018-01-23 00:00:00
Linux kernel vulnerabilities
2018-01-23 00:00:00
arista
arista
Security Advisory 0031
2018-01-03 00:00:00
redhatcve
redhatcve
CVE-2017-5715
2021-07-20 18:54:09
seebug
seebug
Reading privileged memory with a side-channel (Meltdown & Spectre)
2018-01-04 00:00:00
nvidia
nvidia
Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-05 00:00:00
Security Bulletin: NVIDIA GeForce Experience (GFE) Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-09 00:00:00
Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-04 00:00:00
mageia
mageia
Updated nvidia-current packages mitigates security issues
2018-01-13 17:28:36
paloalto
paloalto
Information about Meltdown and Spectre findings
2018-01-04 00:00:00
malwarebytes
malwarebytes
Meltdown and Spectre fallout: patching problems persist
2018-01-11 14:00:00
Meltdown and Spectre: what you need to know
2018-01-04 15:53:24
kitploit
kitploit
Spectre-Meltdown-Checker - Spectre & Meltdown Vulnerability/Mitigation Checker For Linux
2018-01-08 12:43:00
cloudfoundry
cloudfoundry
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-01-23 00:00:00
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities
2018-01-04 22:20:00
centos
centos
kernel, perf, python security update
2018-01-04 11:36:27
kernel, perf, python security update
2018-01-04 19:46:26
securelist
securelist
IT threat evolution Q1 2018
2018-05-14 10:00:08
thn
thn
[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks
2018-01-04 21:18:00
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors
2018-01-03 19:34:00
citrix
citrix
Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
2018-01-03 04:00:00
talosblog
talosblog
Meltdown and Spectre
2018-01-08 09:16:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-01-19 00:00:00
kernel security update
2018-01-04 00:00:00
veeam
veeam
Meltdown and Spectre vulnerabilities
2018-01-09 00:00:00
cert
cert
CPU hardware vulnerable to side-channel attacks
2018-01-04 00:00:00
JSON
Related for XEN_SERVER_XSA-254.NASL
ibm27nessus62qualysblog6threatpost3lenovo2suse5symantec3f51redhat23openvas25vmware2huawei2virtuozzo4ubuntu6arista1redhatcve1seebug1nvidia7mageia1paloalto1malwarebytes2kitploit1cloudfoundry1cisco1centos2securelist1thn2citrix1talosblog1oraclelinux2veeam1cert1