Lucene search
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.XEN_SERVER_XSA-308.NASLHistoryDec 20, 2019 - 12:00 a.m.
Xen VMentry Failure Denial Of Service vulnerability (XSA-308)
2019-12-2000:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an denial of service vulnerability due to a mishandling of a certain case by VMX VMEntry. An unauthenticated remote attacker can exploit this issue, to cause a denial of service (DOS).
Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(132339);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/10");
script_cve_id("CVE-2019-19583");
script_xref(name:"IAVB", value:"2019-B-0091-S");
script_name(english:"Xen VMentry Failure Denial Of Service vulnerability (XSA-308)");
script_summary(english:"Checks the 'xl info' output for the Xen hypervisor version.");
script_set_attribute(attribute:"synopsis", value:
"The remote Xen hypervisor installation is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an
denial of service vulnerability due to a mishandling of a certain case by VMX VMEntry. An unauthenticated remote
attacker can exploit this issue, to cause a denial of service (DOS).
Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware
configurations or if patches were applied manually to the source code before a recompile and reinstall.");
# https://xenbits.xen.org/xsa/advisory-308.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3498c20c");
# https://xenbits.xen.org/gitweb/?p=xen.git;a=summary
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5e75f4bb");
script_set_attribute(attribute:"solution", value:
"Apply the appropiate patch according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19583");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/20");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:xen:xen");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("xen_server_detect.nbin");
script_require_keys("installed_sw/Xen Hypervisor", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("install_func.inc");
include("misc_func.inc");
app_name = "Xen Hypervisor";
install = get_single_install(app_name:app_name);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
version = install['version'];
display_version = install['display_version'];
path = install['path'];
managed_status = install['Managed status'];
changeset = install['Changeset'];
if (!empty_or_null(changeset))
display_version += " (changeset " + changeset + ")";
# Installations that are vendor-managed are handled by OS-specific local package checks
if (managed_status == "managed")
audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);
fixes['4.8']['fixed_ver'] = '4.8.5';
fixes['4.8']['fixed_ver_display'] = '4.8.5 (changeset 76dad2e)';
fixes['4.8']['affected_ver_regex'] = '^4\\.8\\.';
fixes['4.8']['affected_changesets'] = make_list("714a65a", "d1d3431",
"a260e93", "ec6c25e", "1486caf", "4c666a7", "a70ba89", "6082eac",
"fb93a9b", "80e67e4", "dc62982", "aca2511", "17c3324", "4ffb12e",
"929ec99", "ae9ec06", "6c4efc1", "2867c7e", "611ca5b", "12ac129",
"f1bf612", "422d637", "6699295", "10105fa", "bf78103", "219b64d",
"f03e1b7", "048bbe8", "151406a", "d02aeba", "960670a", "4ed28df",
"c67210f", "d4d3ab3", "d87211e", "a9acbcf", "514de95", "48ab64f",
"181ed91", "c3fdb25", "7feb3cc", "343c611", "257048f", "491e033",
"3683ec2", "a172d06", "52092fc", "e0d6cde", "cc1c9e3", "f6a4af3",
"ece24c0", "175a698", "48f5cf7", "9eb6247", "31cbd18", "fcf002d",
"ecbf88a", "d929136", "8099c04", "752fb21", "a95a103", "3dcb199",
"55da36f", "160f050", "194b7a2", "a556287", "2032f86", "e9d860f",
"a1f8fe0", "5bc841c", "4539dbc", "dcd6efd", "88fb22b", "1c4ab1e",
"40ad83f", "51c3b69", "44aba8b", "067ec7d", "f51d8e5", "b9b0c46", "908e768");
fixes['4.9']['fixed_ver'] = '4.9.4';
fixes['4.9']['fixed_ver_display'] = '4.9.4 (changeset e879bfe)';
fixes['4.9']['affected_ver_regex'] = '^4\\.9\\.';
fixes['4.9']['affected_changesets'] = make_list("ce126c9", "4b69427",
"8d1ee9f", "e60b3a9", "25f5530", "49db55f", "fa34ed5", "704f7ec",
"a930a74", "8c52ee2", "2e15a19", "70639ac", "c3b479d", "e349eae",
"632fb4e", "4608c6d", "7daacca", "859e48e", "5be2dd0", "b0147bd",
"cadd66a", "d3c4b60", "d59f5c4", "44303c6", "79538ba", "80c3157",
"73f1a55", "bc20fb1", "754a531", "7b032c2", "ff4fdf0", "8d2a688",
"b9013d7", "bc8e5ec", "34907f5", "e70bf7e", "fa0b891", "3a8177c",
"04ec835", "8d63ec4", "1ff6b4d", "f092d86", "e4b534f", "87c49fe",
"19becb8", "43775c0", "f6b0f33", "a17e75c", "67530e7", "f804549",
"84f81a8", "56aa239", "105db42", "d9da3ea", "ac90240", "3db28b0",
"9b6f1c0", "0c4bbad", "917d8d3", "3384ea4", "352421f", "04e9dcb",
"1612f15", "f952b1d", "63d9330", "f72414a", "ac3a5f8", "1ae6b8e",
"1dd3dcc", "7390fa1", "7e78dc4", "8fdfb1e", "55d36e2", "045f37c",
"dd7e637", "7a40b5b", "f5acf97");
fixes['4.10']['fixed_ver'] = '4.10.4';
fixes['4.10']['fixed_ver_display'] = '4.10.4 (changeset fefa5f9)';
fixes['4.10']['affected_ver_regex'] = '^4\\.10\\.';
fixes['4.10']['affected_changesets'] = make_list("c9f9ff7", "406d40d",
"e489955", "37139f1", "fde09cb", "804ba02", "e8c3971", "a8c4293",
"aa40452", "1da3dab", "e5632c4", "902e72d", "6a14610", "ea815b2",
"13ad331", "61b75d9", "e70e7bf", "e966e2e", "dfa16a1", "a71e199",
"c98be9e", "a548e10", "d3c0e84", "53b1572", "7203f9a", "6d1659d",
"a782173", "24e90db", "0824bc6", "e6f3135", "3131bf9");
fixes['4.11']['fixed_ver'] = '4.11.4';
fixes['4.11']['fixed_ver_display'] = '4.11.4-pre (changeset d4a67be)';
fixes['4.11']['affected_ver_regex'] = '^4\\.11\\.';
fixes['4.11']['affected_changesets'] = make_list("b8a8278", "06555fd");
fixes['4.12']['fixed_ver'] = '4.12.2';
fixes['4.12']['fixed_ver_display'] = '4.12.2-pre (changeset 268e5f6)';
fixes['4.12']['affected_ver_regex'] = '^4\\.12\\.';
fixes['4.12']['affected_changesets'] = make_list("0e3fd5d", "212b850",
"2590905", "4a0187b", "cfc7ff1", "54e3018", "1e8932f", "3488f26",
"08473cf", "acaf498", "40aaf77", "6ef9471", "dde68d8", "7275095",
"3f224c9", "1f6bbde", "99bc12e", "0a69b62", "e10c1fb", "e3ea01d",
"c5a0891", "1f86e9a", "ee55d9e", "b971da6", "28f34ab", "2caa419",
"26d307a", "6b88ada", "4e893a4", "3236f62", "c88640c", "a00325a",
"6a66c54", "0b22b83", "f0b9b67", "a387799", "1cb2d60", "875879a",
"a008435", "3b448cb", "1d64dc7", "d1a06c9", "1a69ef0", "18f988a",
"88d4e37", "36d2ecb", "ee37d67", "ece1cb0", "f4a82a3", "cf47a0e",
"3334cb1", "08fde90", "16f03e0", "58668f1", "0138da1", "12a1ff9",
"a457425", "7f10403", "b29848b", "278e46a", "7412e27", "58d59b9",
"16bc9c0", "694fa9c", "df67757", "bbcd6c5", "7575728", "db91ac4",
"5698505", "28c209e", "1b1295e", "94ff3cf", "3918f99", "81a0e12",
"113282b", "828e277", "f5af2b9", "09513ab", "3dc7b91", "3d83e00",
"26b8dd7", "5572ba9", "bb4c1a8", "81feea0", "9f74689", "5f1c9e4",
"4b5cc95", "ab1e6a7", "801acf8", "97b4698", "e28f7d6", "4fe70a1",
"c288534", "2a8209f", "bc87a2d", "8fbf991", "8382d02", "e142459",
"0d210c0", "89de994", "9187046", "634a4d3", "b6ee060", "61770e7",
"599d6d2", "9d73672", "e6ccef1", "2b84ade", "d2ca39f", "04a2fe9",
"3c10d06", "4e145fd", "07ec556", "847fc70", "5ea346e", "d42fb06",
"32443f6", "a5fc553", "b465705", "d04466f", "be2cd69", "50b9123",
"8b129ba", "b527557");
fixes['4.13']['fixed_ver'] = '4.13.0';
fixes['4.13']['fixed_ver_display'] = '4.13.0-rc (changeset f919dca)';
fixes['4.13']['affected_ver_regex'] = '^4\\.13\\.';
fixes['4.13']['affected_changesets'] = make_list("d8538f7", "fd31193",
"b0f0bbc", "c6c74e3", "b789dd9", "fd9bfab", "8ba4cd9", "c1299c1",
"d7abfd2", "ea6a2c4", "78e7c2e", "8ba357f", "7a0e35f", "b9d5e03",
"308d78b", "eb6b000", "d4d4c87", "1d758bc", "e2585f8", "943c74b",
"81ecb38", "5655ce8", "56348df", "9a400d1", "72580a8", "195b79a",
"34c1172", "5530782", "3f1a53b", "4859911", "ba2ab00", "8c79c12",
"77beba7", "8f48634", "c568b11", "183f354", "ca4cd36", "d7cd999",
"df7a193", "83ac5ab", "a7b88f0", "9678167", "7059afb", "534f9e2",
"a0bfdf6", "0d2791b", "bad237d", "0273d8e", "f710b76", "dde3135",
"3afbd23", "e28eed5", "5a870b0", "f3e4fb5", "66b9765", "31c16a8",
"5f7e950", "e7c3202", "4abbac1", "b92a286", "65d1049", "f06d11d",
"a72c508", "f43afb0", "7b4c3d0", "09242da", "85e1424", "c67c43c",
"8c43308", "070e8ce", "0cafb89", "59e89cd", "6dacdcd", "d13dfb0",
"8f1d6c0", "aaef3d9", "3683290", "cda8f7e", "0c2a550", "0aaad75",
"ad59145", "dedcb10", "6de848f", "70fcd1e", "a458d3b", "2e2356c",
"f9e10a9", "f11fda9", "7afbbca", "6378a4c", "ba165e7", "92f91d2",
"efee8ba", "df12595", "adaecef", "354b0f2", "32e1956", "38533d9",
"0ae2491", "dfdb006", "ae2f94c", "abb234b", "5751861", "0f45bbb",
"ed13221", "7e4404f", "3ed885a", "61b6835", "a7b81b0", "6eeef7e",
"319f9a0", "31b4f4a", "6e8e163", "88aaf40", "c40b33d", "3c15a2d",
"2f12624", "d28fe10", "18b0ab6", "ff0b9a5", "2aab06d", "0121588",
"1b6fa63", "bf656e0", "3165ffe", "93021cb", "0bf9f8d", "ece1d5c",
"b362c51", "2d6f36d", "8a74707", "f51d4a1", "1a3b393", "cbe572d",
"368375d", "2a474dc", "7d2655f", "07149d9", "1666939", "dfcccc6",
"4945041", "86cf0ed", "dc2aaaf", "09348b0", "ecec150", "0e606c1",
"7b1e233", "64b5d83", "9633929", "333d741", "ad011ad", "95596f6",
"5f135a6", "af5c475", "5dedc18", "67c82f4", "a9af7cd", "2541fcc",
"3f21bd4", "c399983", "4f05a0c", "818927e", "3f82eb9", "7eee9c1",
"529a76f", "9257c21", "b7fab13", "8dea470", "a7ecdf8", "8d4f1b8",
"08e2059", "8dba9a8", "228a025", "59d03d2", "6da80b2", "00fc900",
"4c555ec", "55ab292", "e370582", "951ab40", "518c935");
fix = NULL;
foreach ver_branch (keys(fixes))
{
if (version =~ fixes[ver_branch]['affected_ver_regex'])
{
ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);
if (ret < 0)
fix = fixes[ver_branch]['fixed_ver_display'];
else if (ret == 0)
{
if (empty_or_null(changeset))
fix = fixes[ver_branch]['fixed_ver_display'];
else
foreach affected_changeset (fixes[ver_branch]['affected_changesets'])
if (changeset == affected_changeset)
fix = fixes[ver_branch]['fixed_ver_display'];
}
}
}
if (empty_or_null(fix))
audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);
items = make_array(
"Installed version", display_version,
"Fixed version", fix,
"Path", path
);
order = make_list("Path", "Installed version", "Fixed version");
report = report_items_str(report_items:items, ordered_fields:order) + '\n';
security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);
Related
redhatcve
redhatcve
CVE-2019-19583
2019-12-11 12:51:15
prion
prion
Code injection
2019-12-11 18:16:00
xen
xen
VMX: VMentry failure with debug exceptions and blocked states
2019-12-11 12:00:00
cve
cve
CVE-2019-19583
2019-12-11 18:16:00
osv
osv
CVE-2019-19583
2019-12-11 18:16:19
xen - security update
2020-01-13 00:00:00
symantec
symantec
Xen CVE-2019-19583 Denial of Service Vulnerability
2019-12-11 00:00:00
debiancve
debiancve
CVE-2019-19583
2019-12-11 18:16:00
ubuntucve
ubuntucve
CVE-2019-19583
2019-12-11 00:00:00
citrix
citrix
Citrix Hypervisor Security Update
2019-12-11 05:00:00
nessus
nessus
SUSE SLES12 Security Update : xen (SUSE-SU-2019:3296-1)
2019-12-16 00:00:00
Fedora 31 : xen (2019-6aad703290)
2019-12-18 00:00:00
Fedora 30 : xen (2019-2e12bd3a9a)
2020-01-06 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:3296-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:3338-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for xen (openSUSE-SU-2020:0011-1)
2020-01-14 00:00:00
suse
suse
Security update for xen (important)
2020-01-14 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: xen-4.12.2-2.fc31
2020-01-21 01:40:04
[SECURITY] Fedora 31 Update: xen-4.12.1-8.fc31
2019-12-18 01:56:47
[SECURITY] Fedora 30 Update: xen-4.11.3-3.fc30
2020-01-31 01:13:54
gentoo
gentoo
Xen: Multiple vulnerabilities
2020-03-25 00:00:00
debian
debian
[SECURITY] [DSA 4602-1] xen security update
2020-01-13 22:27:57
Related for XEN_SERVER_XSA-308.NASL