Lucene search
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1321)
🗓️ 23 Jan 2020 00:00:00Reported by Copyright (C) 2020 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 31 Views
Huawei EulerOS 'qemu-kvm' package(s) updat
Show more
| Reporter | Title | Published | Views | Family All 177 |
|---|---|---|---|---|
 | RHSA-2017:3368 Red Hat Security Advisory: qemu-kvm security update | 13 Sep 202413:39 | – | osv |
| RHSA-2017:3369 Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update | 13 Sep 202413:39 | – | osv |
| RHSA-2017:3466 Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update | 13 Sep 202413:39 | – | osv |
| RHSA-2017:3471 Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update | 13 Sep 202413:39 | – | osv |
| RHSA-2017:3472 Red Hat Security Advisory: qemu-kvm-rhev security update | 13 Sep 202413:39 | – | osv |
| CVE-2017-15289 | 16 Oct 201718:29 | – | osv |
| RHSA-2017:3474 Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update | 13 Sep 202413:39 | – | osv |
| RHSA-2017:3470 Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update | 13 Sep 202413:39 | – | osv |
| RHSA-2017:3473 Red Hat Security Advisory: qemu-kvm-rhev security update | 13 Sep 202413:39 | – | osv |
| CVE-2017-14167 | 8 Sep 201718:29 | – | osv |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2017.1321");
script_cve_id("CVE-2017-14167", "CVE-2017-15289");
script_tag(name:"creation_date", value:"2020-01-23 11:07:03 +0000 (Thu, 23 Jan 2020)");
script_version("2024-02-05T14:36:55+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:55 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-09-18 18:03:21 +0000 (Mon, 18 Sep 2017)");
script_name("Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1321)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP2");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2017-1321");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2017-1321");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'qemu-kvm' package(s) announced via the EulerOS-SA-2017-1321 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167)
Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Service (DoS). (CVE-2017-15289)");
script_tag(name:"affected", value:"'qemu-kvm' package(s) on Huawei EulerOS V2.0SP2.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"qemu-img", rpm:"qemu-img~1.5.3~141.4.h2", rls:"EULEROS-2.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-kvm", rpm:"qemu-kvm~1.5.3~141.4.h2", rls:"EULEROS-2.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"qemu-kvm-common", rpm:"qemu-kvm-common~1.5.3~141.4.h2", rls:"EULEROS-2.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo23 Jan 2020 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS27.2
CVSS38.8
EPSS0.00112