Mageia: Security Advisory (MGASA-2014-0525)

2022-01-2800:00:00

plugins.openvas.org

7 High

AI Score

Confidence

High

0.079 Low

EPSS

Percentile

94.2%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2014.0525");
  script_cve_id("CVE-2014-7840", "CVE-2014-8106");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:08+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:08 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_name("Mageia: Security Advisory (MGASA-2014-0525)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA4");

  script_xref(name:"Advisory-ID", value:"MGASA-2014-0525");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2014-0525.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=14725");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1163075");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1169454");
  script_xref(name:"URL", value:"https://www.debian.org/security/2014/dsa-3087");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'qemu' package(s) announced via the MGASA-2014-0525 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Updated qemu packages fix security vulnerabilities:

During migration, the values read from migration stream during ram load are
not validated. Especially offset in host_from_stream_offset() and also the
length of the writes in the callers of the said function. A user able to
alter the savevm data (either on the disk or over the wire during migration)
could use either of these flaws to corrupt QEMU process memory on the
(destination) host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process
(CVE-2014-7840).

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu. A privileged guest user
could use this flaw to write into qemu address space on the host,
potentially escalating their privileges to those of the qemu host process
(CVE-2014-8106).");

  script_tag(name:"affected", value:"'qemu' package(s) on Mageia 4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA4") {

  if(!isnull(res = isrpmvuln(pkg:"qemu", rpm:"qemu~1.6.2~1.7.mga4", rls:"MAGEIA4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"qemu-img", rpm:"qemu-img~1.6.2~1.7.mga4", rls:"MAGEIA4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);