Lucene search
Copyright (c) 2013 Greenbone Networks GmbHOPENVAS:881771HistoryAug 01, 2013 - 12:00 a.m.
CentOS Update for qemu-guest-agent CESA-2013:1100 centos6
2013-08-0100:00:00
Copyright (c) 2013 Greenbone Networks GmbH
plugins.openvas.org
14
0.0004 Low
EPSS
Percentile
5.1%
Check for the Version of qemu-guest-agent
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for qemu-guest-agent CESA-2013:1100 centos6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
for running virtual machines using KVM.
An unquoted search path flaw was found in the way the QEMU Guest Agent
service installation was performed on Windows. Depending on the permissions
of the directories in the unquoted search path, a local, unprivileged user
could use this flaw to have a binary of their choosing executed with SYSTEM
privileges. (CVE-2013-2231)
This issue was discovered by Lev Veyde of Red Hat.
All users of qemu-kvm should upgrade to these updated packages, which
contain backported patches to correct this issue. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.";
if(description)
{
script_id(881771);
script_version("$Revision: 8466 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $");
script_tag(name:"creation_date", value:"2013-08-01 18:43:34 +0530 (Thu, 01 Aug 2013)");
script_cve_id("CVE-2013-2231");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_name("CentOS Update for qemu-guest-agent CESA-2013:1100 centos6 ");
tag_affected = "qemu-guest-agent on CentOS 6";
tag_solution = "Please Install the Updated Packages.";
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name: "CESA", value: "2013:1100");
script_xref(name: "URL" , value: "http://lists.centos.org/pipermail/centos-announce/2013-July/019874.html");
script_tag(name: "summary" , value: "Check for the Version of qemu-guest-agent");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"qemu-guest-agent", rpm:"qemu-guest-agent~0.12.1.2~2.355.0.1.el6.centos.6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"qemu-guest-agent-win32", rpm:"qemu-guest-agent-win32~0.12.1.2~2.355.0.1.el6.centos.6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"qemu-img", rpm:"qemu-img~0.12.1.2~2.355.0.1.el6.centos.6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"qemu-kvm", rpm:"qemu-kvm~0.12.1.2~2.355.0.1.el6.centos.6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"qemu-kvm-tools", rpm:"qemu-kvm-tools~0.12.1.2~2.355.0.1.el6.centos.6", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
nessus
nessus
CentOS 6 : qemu-kvm (CESA-2013:1100)
2013-07-24 00:00:00
Oracle Linux 6 : qemu-kvm (ELSA-2013-1100)
2013-07-23 00:00:00
RHEL 6 : virtio-win (RHSA-2013:1101)
2013-07-23 00:00:00
centos
centos
qemu security update
2013-07-22 20:02:54
oraclelinux
oraclelinux
qemu-kvm security update
2013-07-22 00:00:00
openvas
openvas
CentOS Update for qemu-guest-agent CESA-2013:1100 centos6
2013-08-01 00:00:00
Mageia: Security Advisory (MGASA-2013-0235)
2022-01-28 00:00:00
Oracle: Security Advisory (ELSA-2013-1100)
2015-10-06 00:00:00
redhat
redhat
(RHSA-2013:1100) Important: qemu-kvm security update
2013-07-22 00:00:00
(RHSA-2013:1101) Important: virtio-win security update
2013-07-22 00:00:00
debiancve
debiancve
CVE-2013-2231
2013-10-01 17:55:03
veracode
veracode
Privilege Escalation
2019-01-15 08:56:42
cve
cve
CVE-2013-2231
2013-10-01 17:55:03
cvelist
cvelist
CVE-2013-2231
2013-10-01 17:00:00
mageia
mageia
Updated qemu package fixes CVE-2013-2231
2013-07-26 15:54:55
prion
prion
Design/Logic Flaw
2013-10-01 17:55:00
nvd
nvd
CVE-2013-2231
2013-10-01 17:55:03