Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2012 Greenbone Networks GmbHOPENVAS:870706
HistoryJun 06, 2012 - 12:00 a.m.

RedHat Update for qemu-kvm RHSA-2011:0345-01

2012-06-0600:00:00
Copyright (c) 2012 Greenbone Networks GmbH
plugins.openvas.org
6

0.012 Low

EPSS

Percentile

83.5%

JSON

Check for the Version of qemu-kvm

###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for qemu-kvm RHSA-2011:0345-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "KVM (Kernel-based Virtual Machine) is a full virtualization solution for
  Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
  for running virtual machines using KVM. Virtual Network Computing (VNC) is
  a remote display system.

  A flaw was found in the way the VNC "password" option was handled. Clearing
  a password disabled VNC authentication, allowing a remote user able to
  connect to the virtual machines' VNC ports to open a VNC session without
  authentication. (CVE-2011-0011)

  All users of qemu-kvm should upgrade to these updated packages, which
  contain a backported patch to resolve this issue. After installing this
  update, shut down all running virtual machines. Once all virtual machines
  have shut down, start them again for this update to take effect.";

tag_affected = "qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),
  Red Hat Enterprise Linux Server (v. 6),
  Red Hat Enterprise Linux Workstation (v. 6)";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/rhsa-announce/2011-March/msg00023.html");
  script_id(870706);
  script_version("$Revision: 8273 $");
  script_tag(name:"last_modification", value:"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $");
  script_tag(name:"creation_date", value:"2012-06-06 10:50:57 +0530 (Wed, 06 Jun 2012)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:A/AC:H/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2011-0011");
  script_xref(name: "RHSA", value: "2011:0345-01");
  script_name("RedHat Update for qemu-kvm RHSA-2011:0345-01");

  script_tag(name: "summary" , value: "Check for the Version of qemu-kvm");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "RHENT_6")
{

  if ((res = isrpmvuln(pkg:"qemu-img", rpm:"qemu-img~0.12.1.2~2.113.el6_0.8", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qemu-kvm", rpm:"qemu-kvm~0.12.1.2~2.113.el6_0.8", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qemu-kvm-debuginfo", rpm:"qemu-kvm-debuginfo~0.12.1.2~2.113.el6_0.8", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"qemu-kvm-tools", rpm:"qemu-kvm-tools~0.12.1.2~2.113.el6_0.8", rls:"RHENT_6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

nessus 4
oraclelinux 2
openvas 6
ubuntucve 1
redhat 1
prion 1
cvelist 1
cve 1
securityvulns 2
debian 1
nessus
nessus
RHEL 6 : qemu-kvm (RHSA-2011:0345)
2013-01-24 00:00:00
Scientific Linux Security Update : qemu-kvm on SL6.x x86_64
2012-08-01 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2011-0345)
2013-07-12 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2011-03-10 00:00:00
qemu-kvm security, bug fix, and enhancement update
2011-05-28 00:00:00
openvas
openvas
Ubuntu Update for qemu-kvm vulnerability USN-1063-1
2011-02-16 00:00:00
Oracle: Security Advisory (ELSA-2011-0345)
2015-10-06 00:00:00
RedHat Update for qemu-kvm RHSA-2011:0345-01
2012-06-06 00:00:00
ubuntucve
ubuntucve
CVE-2011-0011
2011-02-11 00:00:00
redhat
redhat
(RHSA-2011:0345) Moderate: qemu-kvm security update
2011-03-10 00:00:00
prion
prion
Authentication flaw
2012-06-21 15:55:00
cvelist
cvelist
CVE-2011-0011
2012-06-21 15:00:00
cve
cve
CVE-2011-0011
2012-06-21 15:55:05
securityvulns
securityvulns
[SECURITY] [DSA 2230-1] qemu-kvm security update
2011-05-02 00:00:00
KVM security vulnerabilities
2011-05-26 00:00:00
debian
debian
[BSA-039] Security Update for qemu-kvm
2011-07-07 09:45:54

0.012 Low

EPSS

Percentile

83.5%

JSON
Related for OPENVAS:870706
nessus4oraclelinux2openvas6ubuntucve1redhat1prion1cvelist1cve1securityvulns2debian1