{"cve": [{"lastseen": "2019-05-29T18:11:25", "bulletinFamily": "NVD", "description": "The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.", "modified": "2017-12-29T02:29:00", "id": "CVE-2011-4622", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4622", "published": "2012-01-27T15:55:00", "title": "CVE-2011-4622", "type": "cve", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:12:19", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.", "modified": "2017-08-29T01:30:00", "id": "CVE-2012-0029", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0029", "published": "2012-01-27T15:55:00", "title": "CVE-2012-0029", "type": "cve", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-0051", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122010", "title": "Oracle Linux Local Check: ELSA-2012-0051", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0051.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122010\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:38 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0051\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0051 - kvm security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0051\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0051.html\");\n script_cve_id(\"CVE-2012-0029\", \"CVE-2011-4622\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~239.0.1.el5_7.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~239.0.1.el5_7.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~239.0.1.el5_7.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~239.0.1.el5_7.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~239.0.1.el5_7.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:58:04", "bulletinFamily": "scanner", "description": "Check for the Version of kmod-kvm", "modified": "2017-12-27T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881221", "id": "OPENVAS:881221", "title": "CentOS Update for kmod-kvm CESA-2012:0051 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kmod-kvm CESA-2012:0051 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\n the standard Red Hat Enterprise Linux kernel.\n\n A heap overflow flaw was found in the way QEMU-KVM emulated the e1000\n network interface card. A privileged guest user in a virtual machine whose\n network interface is configured to use the e1000 emulated driver could use\n this flaw to crash the host or, possibly, escalate their privileges on the\n host. (CVE-2012-0029)\n \n A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT\n (Programmable Interval Timer) IRQs (interrupt requests) when there was no\n virtual interrupt controller set up. A malicious user in the kvm group on\n the host could force this situation to occur, resulting in the host\n crashing. (CVE-2011-4622)\n \n Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.\n \n All KVM users should upgrade to these updated packages, which contain\n backported patches to correct these issues. Note: The procedure in the\n Solution section must be performed before this update will take effect.\";\n\ntag_affected = \"kmod-kvm on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-January/018389.html\");\n script_id(881221);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:50:23 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4622\", \"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0051\");\n script_name(\"CentOS Update for kmod-kvm CESA-2012:0051 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kmod-kvm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881221", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881221", "title": "CentOS Update for kmod-kvm CESA-2012:0051 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kmod-kvm CESA-2012:0051 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-January/018389.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881221\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:50:23 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4622\", \"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:0051\");\n script_name(\"CentOS Update for kmod-kvm CESA-2012:0051 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kmod-kvm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kmod-kvm on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\n the standard Red Hat Enterprise Linux kernel.\n\n A heap overflow flaw was found in the way QEMU-KVM emulated the e1000\n network interface card. A privileged guest user in a virtual machine whose\n network interface is configured to use the e1000 emulated driver could use\n this flaw to crash the host or, possibly, escalate their privileges on the\n host. (CVE-2012-0029)\n\n A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT\n (Programmable Interval Timer) IRQs (interrupt requests) when there was no\n virtual interrupt controller set up. A malicious user in the kvm group on\n the host could force this situation to occur, resulting in the host\n crashing. (CVE-2011-4622)\n\n Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.\n\n All KVM users should upgrade to these updated packages, which contain\n backported patches to correct these issues. Note: The procedure in the\n Solution section must be performed before this update will take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~239.el5.centos.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:49", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1339-1", "modified": "2019-03-13T00:00:00", "published": "2012-01-25T00:00:00", "id": "OPENVAS:1361412562310840869", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840869", "title": "Ubuntu Update for qemu-kvm USN-1339-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1339_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for qemu-kvm USN-1339-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1339-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840869\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-01-25 11:15:16 +0530 (Wed, 25 Jan 2012)\");\n script_cve_id(\"CVE-2012-0029\");\n script_xref(name:\"USN\", value:\"1339-1\");\n script_name(\"Ubuntu Update for qemu-kvm USN-1339-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1339-1\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode\n packets in the e1000 network driver. A remote attacker could exploit this\n to cause a denial of service or possibly execute code with the privileges\n of the user invoking the program.\n\n When using QEMU with libvirt or virtualization management software based on\n libvirt such as Eucalyptus and OpenStack, QEMU guests are individually\n isolated by an AppArmor profile by default in Ubuntu.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.5+noroms-0ubuntu7.11\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.5+noroms-0ubuntu7.11\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.5+noroms-0ubuntu7.11\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.3+noroms-0ubuntu9.17\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras\", ver:\"0.12.3+noroms-0ubuntu9.17\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm-extras-static\", ver:\"0.12.3+noroms-0ubuntu9.17\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.14.0+noroms-0ubuntu4.5\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-0050", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122009", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122009", "title": "Oracle Linux Local Check: ELSA-2012-0050", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0050.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122009\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:11:37 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0050\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0050 - qemu-kvm security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0050\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0050.html\");\n script_cve_id(\"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.209.el6_2.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.209.el6_2.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.209.el6_2.4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-03-09T00:00:00", "id": "OPENVAS:1361412562310870573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870573", "title": "RedHat Update for xen RHSA-2012:0370-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xen RHSA-2012:0370-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870573\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 10:25:35 +0530 (Fri, 09 Mar 2012)\");\n script_cve_id(\"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0370-01\");\n script_name(\"RedHat Update for xen RHSA-2012:0370-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"xen on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The xen packages contain administration tools and the xend service for\n managing the kernel-xen kernel for virtualization on Red Hat Enterprise\n Linux.\n\n A heap overflow flaw was found in the way QEMU emulated the e1000 network\n interface card. A privileged guest user in a virtual machine whose network\n interface is configured to use the e1000 emulated driver could use this\n flaw to crash QEMU or, possibly, escalate their privileges on the host.\n (CVE-2012-0029)\n\n Red Hat would like to thank Nicolae Mogoreanu for reporting this issue.\n\n This update also fixes the following bugs:\n\n * Adding support for jumbo frames introduced incorrect network device\n expansion when a bridge is created. The expansion worked correctly with the\n default configuration, but could have caused network setup failures when a\n user-defined network script was used. This update changes the expansion so\n network setup will not fail, even when a user-defined network script is\n used. (BZ#797191)\n\n * A bug was found in xenconsoled, the Xen hypervisor console daemon. If\n timestamp logging for this daemon was enabled (using both the\n XENCONSOLED_TIMESTAMP_HYPERVISOR_LOG and XENCONSOLED_TIMESTAMP_GUEST_LOG\n options in '/etc/sysconfig/xend'), xenconsoled could crash if the guest\n emitted a lot of information to its serial console in a short period of\n time. Eventually, the guest would freeze after the console buffer was\n filled due to the crashed xenconsoled. Timestamp logging is disabled by\n default. (BZ#797836)\n\n All xen users are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The system must be\n rebooted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debuginfo\", rpm:\"xen-debuginfo~3.0.3~135.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~135.el5_8.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:36", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-0370", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123957", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123957", "title": "Oracle Linux Local Check: ELSA-2012-0370", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0370.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123957\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:49 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0370\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0370 - xen security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0370\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0370.html\");\n script_cve_id(\"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~135.el5_8.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~135.el5_8.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~135.el5_8.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update to qemu-kvm\nannounced via advisory DSA 2396-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231071093", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071093", "title": "Debian Security Advisory DSA 2396-1 (qemu-kvm)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2396_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2396-1 (qemu-kvm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71093\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-0029\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:41 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2396-1 (qemu-kvm)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202396-1\");\n script_tag(name:\"insight\", value:\"Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e\nnetwork interface card of KVM, a solution for full virtualization on\nx86 hardware, which could result in denial of service or privilege\nescalation.\n\nThis update also fixes a guest-triggerable memory corruption in\nVNC handling.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze8.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0+dfsg-5.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your qemu-kvm packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to qemu-kvm\nannounced via advisory DSA 2396-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"kvm\", ver:\"1:0.12.5+dfsg-5+squeeze8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.5+dfsg-5+squeeze8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"0.12.5+dfsg-5+squeeze8\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update to qemu-kvm\nannounced via advisory DSA 2396-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71093", "id": "OPENVAS:71093", "title": "Debian Security Advisory DSA 2396-1 (qemu-kvm)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2396_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2396-1 (qemu-kvm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e\nnetwork interface card of KVM, a solution for full virtualization on\nx86 hardware, which could result in denial of service or privilege\nescalation.\n\nThis update also fixes a guest-triggerable memory corruption in\nVNC handling.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze8. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0+dfsg-5.\n\nWe recommend that you upgrade your qemu-kvm packages.\";\ntag_summary = \"The remote host is missing an update to qemu-kvm\nannounced via advisory DSA 2396-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202396-1\";\n\nif(description)\n{\n script_id(71093);\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-0029\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:29:41 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2396-1 (qemu-kvm)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"kvm\", ver:\"1:0.12.5+dfsg-5+squeeze8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.5+dfsg-5+squeeze8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"qemu-kvm-dbg\", ver:\"0.12.5+dfsg-5+squeeze8\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:42", "bulletinFamily": "scanner", "description": "Check for the Version of qemu", "modified": "2018-01-04T00:00:00", "published": "2012-06-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864289", "id": "OPENVAS:864289", "title": "Fedora Update for qemu FEDORA-2012-8592", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qemu FEDORA-2012-8592\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"QEMU is a generic and open source processor emulator which achieves a good\n emulation speed by using dynamic translation. QEMU has two operating modes:\n\n * Full system emulation. In this mode, QEMU emulates a full system (for\n example a PC), including a processor and various peripherials. It can be\n used to launch different Operating Systems without rebooting the PC or\n to debug system code.\n * User mode emulation. In this mode, QEMU can launch Linux processes compiled\n for one CPU on another CPU.\n \n As QEMU requires no host kernel patches to run, it is safe and easy to use.\";\n\ntag_affected = \"qemu on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081949.html\");\n script_id(864289);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-08 10:11:09 +0530 (Fri, 08 Jun 2012)\");\n script_cve_id(\"CVE-2012-0029\");\n script_tag(name:\"cvss_base\", value:\"7.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2012-8592\");\n script_name(\"Fedora Update for qemu FEDORA-2012-8592\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qemu\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~0.15.1~5.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-03-18T02:47:07", "bulletinFamily": "scanner", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Scientific Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash the host or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A malicious\nuser in the kvm group on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622)\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.", "modified": "2012-08-01T00:00:00", "id": "SL_20120123_KVM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61222", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kvm on SL5.x x86_64 (20120123)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61222);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2011-4622\", \"CVE-2012-0029\");\n\n script_name(english:\"Scientific Linux Security Update : kvm on SL5.x x86_64 (20120123)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"KVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Scientific Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash the host or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A malicious\nuser in the kvm group on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622)\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=1341\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0a22154c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-239.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-239.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-83-239.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-239.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-239.el5_7.1\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-239.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T01:03:04", "bulletinFamily": "scanner", "description": "Updated kvm packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash the host or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A malicious\nuser in the kvm group on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting\nCVE-2012-0029.\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.", "modified": "2020-06-02T00:00:00", "id": "CENTOS_RHSA-2012-0051.NASL", "href": "https://www.tenable.com/plugins/nessus/57668", "published": "2012-01-25T00:00:00", "title": "CentOS 5 : kvm (CESA-2012:0051)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0051 and \n# CentOS Errata and Security Advisory 2012:0051 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57668);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2020/01/07\");\n\n script_cve_id(\"CVE-2011-4622\", \"CVE-2012-0029\");\n script_bugtraq_id(51172);\n script_xref(name:\"RHSA\", value:\"2012:0051\");\n\n script_name(english:\"CentOS 5 : kvm (CESA-2012:0051)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash the host or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A malicious\nuser in the kvm group on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting\nCVE-2012-0029.\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-January/018389.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef773e82\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0029\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-239.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-239.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-83-239.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-239.el5.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-tools-83-239.el5.centos.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-qemu-img / kvm-tools\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T03:37:27", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0051 :\n\nUpdated kvm packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash the host or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A malicious\nuser in the kvm group on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting\nCVE-2012-0029.\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.", "modified": "2020-06-02T00:00:00", "id": "ORACLELINUX_ELSA-2012-0051.NASL", "href": "https://www.tenable.com/plugins/nessus/68434", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : kvm (ELSA-2012-0051)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0051 and \n# Oracle Linux Security Advisory ELSA-2012-0051 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68434);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/30 10:58:17\");\n\n script_cve_id(\"CVE-2011-4622\", \"CVE-2012-0029\");\n script_bugtraq_id(51172, 51642);\n script_xref(name:\"RHSA\", value:\"2012:0051\");\n\n script_name(english:\"Oracle Linux 5 : kvm (ELSA-2012-0051)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0051 :\n\nUpdated kvm packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash the host or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A malicious\nuser in the kvm group on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting\nCVE-2012-0029.\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-January/002561.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-239.0.1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-239.0.1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kvm-83-239.0.1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-239.0.1.el5_7.1\")) flag++;\nif (rpm_check(release:\"EL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-239.0.1.el5_7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-qemu-img / kvm-tools\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-04-16T17:35:08", "bulletinFamily": "scanner", "description": "Updated kvm packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash the host or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A malicious\nuser in the kvm group on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting\nCVE-2012-0029.\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.", "modified": "2013-01-24T00:00:00", "id": "REDHAT-RHSA-2012-0051.NASL", "href": "https://www.tenable.com/plugins/nessus/64021", "published": "2013-01-24T00:00:00", "title": "RHEL 5 : kvm (RHSA-2012:0051)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0051. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64021);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/15\");\n\n script_cve_id(\"CVE-2011-4622\", \"CVE-2012-0029\");\n script_bugtraq_id(51172);\n script_xref(name:\"RHSA\", value:\"2012:0051\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2012:0051)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash the host or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel\nhandled PIT (Programmable Interval Timer) IRQs (interrupt requests)\nwhen there was no virtual interrupt controller set up. A malicious\nuser in the kvm group on the host could force this situation to occur,\nresulting in the host crashing. (CVE-2011-4622)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting\nCVE-2012-0029.\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4622\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0051\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-239.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-239.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-239.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-239.el5_7.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-239.el5_7.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-qemu-img / kvm-tools\");\n }\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:22:12", "bulletinFamily": "scanner", "description": "Update to Linux 3.1.7 and assorted bugfixes. Should fix suspend/resume\nregression found in 3.1.5/3.1.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2012-01-09T00:00:00", "id": "FEDORA_2012-0145.NASL", "href": "https://www.tenable.com/plugins/nessus/57453", "published": "2012-01-09T00:00:00", "title": "Fedora 16 : kernel-3.1.7-1.fc16 (2012-0145)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-0145.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57453);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2011-4622\");\n script_bugtraq_id(51172);\n script_xref(name:\"FEDORA\", value:\"2012-0145\");\n\n script_name(english:\"Fedora 16 : kernel-3.1.7-1.fc16 (2012-0145)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Linux 3.1.7 and assorted bugfixes. Should fix suspend/resume\nregression found in 3.1.5/3.1.6\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=769721\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-January/071685.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e91aa11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"kernel-3.1.7-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-01T03:05:26", "bulletinFamily": "scanner", "description": " - avoid buffer overflow in e1000 device emulation\n (bnc#740165)\n\n - Fix dictzip with long file names.", "modified": "2020-06-02T00:00:00", "id": "OPENSUSE-2012-84.NASL", "href": "https://www.tenable.com/plugins/nessus/74841", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : kvm (openSUSE-2012-84)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-84.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74841);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:09:12 $\");\n\n script_cve_id(\"CVE-2012-0029\");\n\n script_name(english:\"openSUSE Security Update : kvm (openSUSE-2012-84)\");\n script_summary(english:\"Check for the openSUSE-2012-84 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - avoid buffer overflow in e1000 device emulation\n (bnc#740165)\n\n - Fix dictzip with long file names.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740165\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kvm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kvm-0.15.1-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kvm-debuginfo-0.15.1-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"kvm-debugsource-0.15.1-1.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm / kvm-debuginfo / kvm-debugsource\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-01T03:05:11", "bulletinFamily": "scanner", "description": "This is a XEN bugfix update fixing lots of bugs and one security\nissue.\n\nCVE-2012-0029: Heap-based buffer overflow in the process_tx_desc\nfunction in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and\npossibly other versions, allows guest OS users to cause a denial of\nservice (QEMU crash) and possibly execute arbitrary code via crafted\nlegacy mode packets.", "modified": "2020-06-02T00:00:00", "id": "OPENSUSE-2012-243.NASL", "href": "https://www.tenable.com/plugins/nessus/74606", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : Xen (openSUSE-SU-2012:0548-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-243.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74606);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/18 10:18:59\");\n\n script_cve_id(\"CVE-2012-0029\");\n\n script_name(english:\"openSUSE Security Update : Xen (openSUSE-SU-2012:0548-1)\");\n script_summary(english:\"Check for the openSUSE-2012-243 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a XEN bugfix update fixing lots of bugs and one security\nissue.\n\nCVE-2012-0029: Heap-based buffer overflow in the process_tx_desc\nfunction in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and\npossibly other versions, allows guest OS users to cause a denial of\nservice (QEMU crash) and possibly execute arbitrary code via crafted\nlegacy mode packets.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=740165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=743414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=744014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=744771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=746702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=753165\"\n );\n # https://features.opensuse.org/310510\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-04/msg00055.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected Xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtinst\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virt-manager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-virtinst-0.600.1-4.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"virt-manager-0.9.1-5.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-debugsource-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-devel-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-default-4.1.2_16_k3.1.9_1.4-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-default-debuginfo-4.1.2_16_k3.1.9_1.4-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-desktop-4.1.2_16_k3.1.9_1.4-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-desktop-debuginfo-4.1.2_16_k3.1.9_1.4-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-pae-4.1.2_16_k3.1.9_1.4-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-kmp-pae-debuginfo-4.1.2_16_k3.1.9_1.4-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-libs-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-libs-debuginfo-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-tools-domU-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"xen-tools-domU-debuginfo-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-doc-pdf-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-tools-4.1.2_16-1.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.1.2_16-1.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Xen\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-04-16T17:35:10", "bulletinFamily": "scanner", "description": "Updated xen packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA heap overflow flaw was found in the way QEMU emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash QEMU or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Adding support for jumbo frames introduced incorrect network device\nexpansion when a bridge is created. The expansion worked correctly\nwith the default configuration, but could have caused network setup\nfailures when a user-defined network script was used. This update\nchanges the expansion so network setup will not fail, even when a\nuser-defined network script is used. (BZ#797191)\n\n* A bug was found in xenconsoled, the Xen hypervisor console daemon.\nIf timestamp logging for this daemon was enabled (using both the\nXENCONSOLED_TIMESTAMP_HYPERVISOR_LOG and\nXENCONSOLED_TIMESTAMP_GUEST_LOG options in ", "modified": "2012-03-08T00:00:00", "id": "REDHAT-RHSA-2012-0370.NASL", "href": "https://www.tenable.com/plugins/nessus/58285", "published": "2012-03-08T00:00:00", "title": "RHEL 5 : xen (RHSA-2012:0370)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0370. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58285);\n script_version (\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/15\");\n\n script_cve_id(\"CVE-2012-0029\");\n script_bugtraq_id(51642);\n script_xref(name:\"RHSA\", value:\"2012:0370\");\n\n script_name(english:\"RHEL 5 : xen (RHSA-2012:0370)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xen packages that fix one security issue and two bugs are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA heap overflow flaw was found in the way QEMU emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine\nwhose network interface is configured to use the e1000 emulated driver\ncould use this flaw to crash QEMU or, possibly, escalate their\nprivileges on the host. (CVE-2012-0029)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting this\nissue.\n\nThis update also fixes the following bugs :\n\n* Adding support for jumbo frames introduced incorrect network device\nexpansion when a bridge is created. The expansion worked correctly\nwith the default configuration, but could have caused network setup\nfailures when a user-defined network script was used. This update\nchanges the expansion so network setup will not fail, even when a\nuser-defined network script is used. (BZ#797191)\n\n* A bug was found in xenconsoled, the Xen hypervisor console daemon.\nIf timestamp logging for this daemon was enabled (using both the\nXENCONSOLED_TIMESTAMP_HYPERVISOR_LOG and\nXENCONSOLED_TIMESTAMP_GUEST_LOG options in '/etc/sysconfig/xend'),\nxenconsoled could crash if the guest emitted a lot of information to\nits serial console in a short period of time. Eventually, the guest\nwould freeze after the console buffer was filled due to the crashed\nxenconsoled. Timestamp logging is disabled by default. (BZ#797836)\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0029\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0370\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-3.0.3-135.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-3.0.3-135.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-debuginfo-3.0.3-135.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-debuginfo-3.0.3-135.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-devel-3.0.3-135.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-devel-3.0.3-135.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-libs-3.0.3-135.el5_8.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-libs-3.0.3-135.el5_8.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debuginfo / xen-devel / xen-libs\");\n }\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:22:16", "bulletinFamily": "scanner", "description": "Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029],\nStart building xen", "modified": "2012-02-20T00:00:00", "id": "FEDORA_2012-1539.NASL", "href": "https://www.tenable.com/plugins/nessus/58018", "published": "2012-02-20T00:00:00", "title": "Fedora 15 : xen-4.1.2-6.fc15 (2012-1539)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1539.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58018);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_bugtraq_id(51642);\n script_xref(name:\"FEDORA\", value:\"2012-1539\");\n\n script_name(english:\"Fedora 15 : xen-4.1.2-6.fc15 (2012-1539)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029],\nStart building xen's ocaml, fix a crash and turn a backtrace into an\nordinary error\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073454.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5e46e15\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"xen-4.1.2-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:22:15", "bulletinFamily": "scanner", "description": "Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029],\nStart building xen", "modified": "2012-02-20T00:00:00", "id": "FEDORA_2012-1375.NASL", "href": "https://www.tenable.com/plugins/nessus/58015", "published": "2012-02-20T00:00:00", "title": "Fedora 16 : xen-4.1.2-6.fc16 (2012-1375)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-1375.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58015);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_bugtraq_id(51642);\n script_xref(name:\"FEDORA\", value:\"2012-1375\");\n\n script_name(english:\"Fedora 16 : xen-4.1.2-6.fc16 (2012-1375)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix buffer overflow in e1000 emulation for HVM guests [CVE-2012-0029],\nStart building xen's ocaml libraries\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/073460.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3e40075\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"xen-4.1.2-6.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:03", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0051\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel handled PIT\n(Programmable Interval Timer) IRQs (interrupt requests) when there was no\nvirtual interrupt controller set up. A malicious user in the kvm group on\nthe host could force this situation to occur, resulting in the host\ncrashing. (CVE-2011-4622)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/030427.html\n\n**Affected packages:**\nkmod-kvm\nkmod-kvm-debug\nkvm\nkvm-qemu-img\nkvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0051.html", "modified": "2012-01-24T20:53:03", "published": "2012-01-24T20:53:03", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/030427.html", "id": "CESA-2012:0051", "title": "kmod, kvm security update", "type": "centos", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:33", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0050\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\nfor running virtual machines using KVM.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting this issue.\n\nThis update also fixes the following bug:\n\n* qemu-kvm has a \"scsi\" option, to be used, for example, with the\n\"-device\" option: \"-device virtio-blk-pci,drive=[drive name],scsi=off\".\nPreviously, however, it only masked the feature bit, and did not reject\nSCSI commands if a malicious guest ignored the feature bit and issued a\nrequest. This update corrects this issue. The \"scsi=off\" option can be\nused to mitigate the virtualization aspect of CVE-2011-4127 before the\nRHSA-2011:1849 kernel update is installed on the host.\n\nThis mitigation is only required if you do not have the RHSA-2011:1849\nkernel update installed on the host and you are using raw format virtio\ndisks backed by a partition or LVM volume.\n\nIf you run guests by invoking /usr/libexec/qemu-kvm directly, use the\n\"-global virtio-blk-pci.scsi=off\" option to apply the mitigation. If you\nare using libvirt, as recommended by Red Hat, and have the RHBA-2012:0013\nlibvirt update installed, no manual action is required: guests will\nautomatically use \"scsi=off\". (BZ#767721)\n\nNote: After installing the RHSA-2011:1849 kernel update, SCSI requests\nissued by guests via the SG_IO IOCTL will not be passed to the underlying\nblock device when using raw format virtio disks backed by a partition or\nLVM volume, even if \"scsi=on\" is used.\n\nAs well, this update adds the following enhancement:\n\n* Prior to this update, qemu-kvm was not built with RELRO or PIE support.\nqemu-kvm is now built with full RELRO and PIE support as a security\nenhancement. (BZ#767906)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncorrect these issues and add this enhancement. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-January/030421.html\n\n**Affected packages:**\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0050.html", "modified": "2012-01-24T03:15:05", "published": "2012-01-24T03:15:05", "href": "http://lists.centos.org/pipermail/centos-announce/2012-January/030421.html", "id": "CESA-2012:0050", "title": "qemu security update", "type": "centos", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA flaw was found in the way the KVM subsystem of a Linux kernel handled PIT\n(Programmable Interval Timer) IRQs (interrupt requests) when there was no\nvirtual interrupt controller set up. A malicious user in the kvm group on\nthe host could force this situation to occur, resulting in the host\ncrashing. (CVE-2011-4622)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029.\n\nAll KVM users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Note: The procedure in the\nSolution section must be performed before this update will take effect.\n", "modified": "2017-09-08T12:16:47", "published": "2012-01-23T05:00:00", "id": "RHSA-2012:0051", "href": "https://access.redhat.com/errata/RHSA-2012:0051", "type": "redhat", "title": "(RHSA-2012:0051) Important: kvm security update", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:03", "bulletinFamily": "unix", "description": "The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA heap overflow flaw was found in the way QEMU emulated the e1000 network\ninterface card. A privileged guest user in a virtual machine whose network\ninterface is configured to use the e1000 emulated driver could use this\nflaw to crash QEMU or, possibly, escalate their privileges on the host.\n(CVE-2012-0029)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Adding support for jumbo frames introduced incorrect network device\nexpansion when a bridge is created. The expansion worked correctly with the\ndefault configuration, but could have caused network setup failures when a\nuser-defined network script was used. This update changes the expansion so\nnetwork setup will not fail, even when a user-defined network script is\nused. (BZ#797191)\n\n* A bug was found in xenconsoled, the Xen hypervisor console daemon. If\ntimestamp logging for this daemon was enabled (using both the\nXENCONSOLED_TIMESTAMP_HYPERVISOR_LOG and XENCONSOLED_TIMESTAMP_GUEST_LOG\noptions in \"/etc/sysconfig/xend\"), xenconsoled could crash if the guest\nemitted a lot of information to its serial console in a short period of\ntime. Eventually, the guest would freeze after the console buffer was\nfilled due to the crashed xenconsoled. Timestamp logging is disabled by\ndefault. (BZ#797836)\n\nAll xen users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "modified": "2017-09-08T12:19:42", "published": "2012-03-07T05:00:00", "id": "RHSA-2012:0370", "href": "https://access.redhat.com/errata/RHSA-2012:0370", "type": "redhat", "title": "(RHSA-2012:0370) Important: xen security and bug fix update", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component\nfor running virtual machines using KVM.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting this issue.\n\nThis update also fixes the following bug:\n\n* qemu-kvm has a \"scsi\" option, to be used, for example, with the\n\"-device\" option: \"-device virtio-blk-pci,drive=[drive name],scsi=off\".\nPreviously, however, it only masked the feature bit, and did not reject\nSCSI commands if a malicious guest ignored the feature bit and issued a\nrequest. This update corrects this issue. The \"scsi=off\" option can be\nused to mitigate the virtualization aspect of CVE-2011-4127 before the\nRHSA-2011:1849 kernel update is installed on the host.\n\nThis mitigation is only required if you do not have the RHSA-2011:1849\nkernel update installed on the host and you are using raw format virtio\ndisks backed by a partition or LVM volume.\n\nIf you run guests by invoking /usr/libexec/qemu-kvm directly, use the\n\"-global virtio-blk-pci.scsi=off\" option to apply the mitigation. If you\nare using libvirt, as recommended by Red Hat, and have the RHBA-2012:0013\nlibvirt update installed, no manual action is required: guests will\nautomatically use \"scsi=off\". (BZ#767721)\n\nNote: After installing the RHSA-2011:1849 kernel update, SCSI requests\nissued by guests via the SG_IO IOCTL will not be passed to the underlying\nblock device when using raw format virtio disks backed by a partition or\nLVM volume, even if \"scsi=on\" is used.\n\nAs well, this update adds the following enhancement:\n\n* Prior to this update, qemu-kvm was not built with RELRO or PIE support.\nqemu-kvm is now built with full RELRO and PIE support as a security\nenhancement. (BZ#767906)\n\nAll users of qemu-kvm should upgrade to these updated packages, which\ncorrect these issues and add this enhancement. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect.\n", "modified": "2018-06-06T20:24:10", "published": "2012-01-23T05:00:00", "id": "RHSA-2012:0050", "href": "https://access.redhat.com/errata/RHSA-2012:0050", "type": "redhat", "title": "(RHSA-2012:0050) Important: qemu-kvm security, bug fix, and enhancement update", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "unix", "description": "[kvm-83-249.0.1.el5]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n- modify kversion to fix build failure\n[kvm-83-249.el5]\n- kvm-kernel-KVM-x86-Prevent-starting-PIT-timers-in-the-absence-o.patch [bz#770101]\n- CVE: CVE-2011-4622\n- Resolves: bz#770101\n (CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system [rhel-5.8])\n[kvm-83-248.el5]\n- kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772080]\n- CVE: CVE-2012-0029\n- Resolves: bz#772080\n (EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-5.8])\n[kvm-83-247.el5]\n- kvm-kernel-KVM-Remove-ability-to-assign-a-device-without-iommu-.patch [bz#770095]\n- kvm-kernel-KVM-Device-assignment-permission-checks.patch [bz#770095]\n- Resolves: bz#770095\n (CVE-2011-4347 kernel: kvm: device assignment DoS [rhel-5.8])\n[kvm-83-246.el5]\n- kvm-Fix-SIGFPE-for-vnc-display-of-width-height-1.patch [bz#751482]\n- Resolves: bz#751482\n (Backport SIGFPE fix in qemu-kvm VNC to RHEL5.x)\n[kvm-83-245.el5]\n- kvm-Fix-external-module-compat.c-not-to-use-unsupported-.patch [bz#753860]\n- Resolves: bz#753860\n (Fix kvm userspace compilation on RHEL-5 to match the kernel changes)\n[kvm-83-244.el5]\n- kvm-do-not-change-RTC-stored-time-accidentally.patch [bz#703335]\n- Resolves: bz#703335\n (KVM guest clocks jump forward one hour on reboot)\n[kvm-83-243.el5]\n- kvm-e1000-multi-buffer-packet-support.patch [bz#703446]\n- kvm-e1000-clear-EOP-for-multi-buffer-descriptors.patch [bz#703446]\n- kvm-e1000-verify-we-have-buffers-upfront.patch [bz#703446]\n- kvm-BZ725876-make-RTC-alarm-work.patch [bz#725876]\n- kvm-BZ725876-fix-RTC-polling-mode.patch [bz#725876]\n- Resolves: bz#703446\n (Failed to ping guest after MTU is changed)\n- Resolves: bz#725876\n (RTC interrupt problems with RHEL5 qemu/kvm (0.10 based) on 2.6.38+ guest kernels.)\n[kvm-83-242.el5]\n- kvm-posix-aio-compat-fix-latency-issues.patch [bz#725629]\n- Resolves: bz#725629\n (RHEL5.5 KVM VMs freezing for a few seconds)\n[kvm-83-241.el5]\n- kvm-pci-assign-limit-number-of-assigned-devices-via-hotp.patch [bz#701616]\n- kvm-pci-assign-Cleanup-file-descriptors.patch [bz#700281]\n- Resolves: bz#700281\n ([Intel 5.8 Bug] Fail to attach/detach NIC more than 250 times)\n- Resolves: bz#701616\n (limitation on max number of assigned devices does not take effect if hot-plug pci devices)\n[kvm-83-240.el5]\n- Updated kversion to 2.6.18-275.el to match build root\n- kvm-Fix-vga-segfaults-or-screen-corruption-with-large-me.patch [bz#704081]\n- Resolves: bz#704081\n (mouse responds very slowly with huge memory)", "modified": "2012-03-01T00:00:00", "published": "2012-03-01T00:00:00", "id": "ELSA-2012-0149", "href": "http://linux.oracle.com/errata/ELSA-2012-0149.html", "title": "kvm security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:55", "bulletinFamily": "unix", "description": "[3.0.3-135.el5_8.2]\n- Fix broken timestamp log (rhbz 797836)\n[3.0.3-135.el5_8.1]\n- qemu-dm/e1000: bounds packet size against buffer size (rhbz 786862)\n- Use correct expansion in xen-network-common.sh (rhbz 797191)", "modified": "2012-03-07T00:00:00", "published": "2012-03-07T00:00:00", "id": "ELSA-2012-0370", "href": "http://linux.oracle.com/errata/ELSA-2012-0370.html", "title": "xen security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:43", "bulletinFamily": "unix", "description": "[qemu-kvm-0.12.1.2-2.209.el6_2.4]\n- kvm-e1000-prevent-buffer-overflow-when-processing-legacy.patch [bz#772081]\n- Resolves: bz#772081\n (EMBARGOED CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow [rhel-6.2.z])\n[qemu-kvm-0.12.1.2-2.209.el6_2.3]\n- kvm-Revert-virtio-blk-refuse-SG_IO-requests-with-scsi-of.patch [for bz#767721]\n- kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off-v2.patch [bz#767721]\n- CVE: CVE-2011-4127\n- Resolves: bz#767721\n (qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.2.z])\n[qemu-kvm-0.12.1.2-2.209.el6_2.2]\n- kvm-virtio-blk-refuse-SG_IO-requests-with-scsi-off.patch [bz#752375]\n- CVE: CVE-2011-4127\n- Resolves: bz#767721\n (EMBARGOED qemu-kvm: virtio-blk: refuse SG_IO requests with scsi=off (CVE-2011-4127 mitigation) [rhel-6.3])\n- Resolves: bz#767906\n (qemu-kvm should be built with full relro and PIE support)", "modified": "2012-01-23T00:00:00", "published": "2012-01-23T00:00:00", "id": "ELSA-2012-0050", "href": "http://linux.oracle.com/errata/ELSA-2012-0050.html", "title": "qemu-kvm security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "description": "Buffer overflow in network card emulation.", "modified": "2012-02-08T00:00:00", "published": "2012-02-08T00:00:00", "id": "SECURITYVULNS:VULN:12172", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12172", "title": "QEMU buffer overflow", "type": "securityvulns", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:08", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2396-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 27, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu-kvm\nVulnerability : buffer underflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0029 \n\nNicolae Mogoraenu discovered a heap overflow in the emulated e1000e\nnetwork interface card of KVM, a solution for full virtualization on \nx86 hardware, which could result in denial of service or privilege\nescalation.\n\nThis update also fixes a guest-triggerable memory corruption in \nVNC handling.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze8. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0+dfsg-5.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-01-27T18:54:07", "published": "2012-01-27T18:54:07", "id": "DEBIAN:DSA-2396-1:86D57", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00020.html", "title": "[SECURITY] [DSA 2396-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:52", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2404-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 05, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen-qemu-dm-4.0\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0029\n\nNicolae Mogoraenu discovered a heap overflow in the emulated e1000e\nnetwork interface card of QEMU, which is used in the xen-qemu-dm-4.0\npackages. This vulnerability might enable to malicious guest systems\nto crash the host system or escalate their privileges.\n\nThe old stable distribution (lenny) does not contain the\nxen-qemu-dm-4.0 package.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-2+squeeze1.\n\nThe testing distribution (wheezy) and the unstable distribution (sid)\nwill be fixed soon.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-02-05T12:47:49", "published": "2012-02-05T12:47:49", "id": "DEBIAN:DSA-2404-1:77187", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00030.html", "title": "[SECURITY] [DSA 2404-1] xen-qemu-dm-4.0 security update", "type": "debian", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:03", "bulletinFamily": "unix", "description": "Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode packets in the e1000 network driver. A remote attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.\n\nWhen using QEMU with libvirt or virtualization management software based on libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated by an AppArmor profile by default in Ubuntu.", "modified": "2012-01-23T00:00:00", "published": "2012-01-23T00:00:00", "id": "USN-1339-1", "href": "https://usn.ubuntu.com/1339-1/", "title": "QEMU vulnerability", "type": "ubuntu", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:55", "bulletinFamily": "unix", "description": "Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353)\n\nA flaw was found in KVM\u2019s Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. (CVE-2011-4622)\n\nA flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038)\n\nChen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044)", "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "USN-1362-1", "href": "https://usn.ubuntu.com/1362-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:59", "bulletinFamily": "unix", "description": "Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. (CVE-2011-3353)\n\nA flaw was found in KVM\u2019s Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. (CVE-2011-4622)\n\nA flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038)\n\nChen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. (CVE-2012-0044)", "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "USN-1361-1", "href": "https://usn.ubuntu.com/1361-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:19", "bulletinFamily": "unix", "description": "A bug was discovered in the Linux kernel\u2019s calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. (CVE-2011-4097)\n\nA flaw was found in KVM\u2019s Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. (CVE-2011-4622)\n\nA flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038)\n\nAndy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. (CVE-2012-0055)\n\nA flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. (CVE-2012-0207)", "modified": "2012-02-13T00:00:00", "published": "2012-02-13T00:00:00", "id": "USN-1363-1", "href": "https://usn.ubuntu.com/1363-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T17:22:51", "bulletinFamily": "unix", "description": "Paolo Bonzini discovered a flaw in Linux\u2019s handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. (CVE-2011-4127)\n\nA flaw was found in KVM\u2019s Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. (CVE-2011-4622)\n\nA flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038)\n\nA flaw was found in the Linux kernel\u2019s ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service. (CVE-2012-2100)", "modified": "2012-03-06T00:00:00", "published": "2012-03-06T00:00:00", "id": "USN-1388-1", "href": "https://usn.ubuntu.com/1388-1/", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T17:21:59", "bulletinFamily": "unix", "description": "Paolo Bonzini discovered a flaw in Linux\u2019s handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. (CVE-2011-4127)\n\nA flaw was found in KVM\u2019s Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. (CVE-2011-4622)\n\nA flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. (CVE-2012-0038)\n\nA flaw was found in the Linux kernel\u2019s ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service. (CVE-2012-2100)", "modified": "2012-03-06T00:00:00", "published": "2012-03-06T00:00:00", "id": "USN-1389-1", "href": "https://usn.ubuntu.com/1389-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:57:53", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 51172\r\nCVE ID: CVE-2011-4622\r\n\r\nLinux\u662f\u81ea\u7531\u7535\u8111\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\u3002\r\n\r\nLinux Kernel\u5728create_pit_timer()\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0cKVM 83\u7684arch/x86/kvm/i8254.c\u4e2d\u7684create_pit_timer\u51fd\u6570\u5728irqchip\u4e0d\u53ef\u7528\u65f6\u6ca1\u6709\u6b63\u786e\u5904\u7406PIT IRQ\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u5b9a\u65f6\u5668\u901a\u8fc7\u6b64\u6f0f\u6d1e\u9020\u6210\u5185\u6838\u5d29\u6e83\uff0c\u62d2\u7edd\u670d\u52a1\u5408\u6cd5\u7528\u6237\u3002\n0\nLinux kernel 2.6.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.kernel.org/", "modified": "2012-02-14T00:00:00", "published": "2012-02-14T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30113", "id": "SSV:30113", "title": "Linux kernel 2.6.x KVM create_pit_timer()\u51fd\u6570\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:56:23", "bulletinFamily": "exploit", "description": "Bugtraq ID: 51172\r\nCVE ID\uff1aCVE-2011-4622\r\n\r\nLinux\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\u7528\u6237\u7a7a\u95f4\u53ef\u521b\u5efaPIT\u4f46\u5fd8\u8bb0\u4e86\u8bbe\u7f6eirqchips\uff0c\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7PIT IRQs\u4f7f\u4e3b\u673a\u5d29\u6e83\uff1a\r\n<code>BUG: unable to handle kernel NULL pointer dereference at 0000000000000128\r\nIP: [<ffffffffa10f6280>] kvm_set_irq+0x30/0x170 [kvm]\r\n...\r\nCall Trace:\r\n[<ffffffffa11228c1>] pit_do_work+0x51/0xd0 [kvm]\r\n[<ffffffff81071431>] process_one_work+0x111/0x4d0\r\n[<ffffffff81071bb2>] worker_thread+0x152/0x340\r\n[<ffffffff81075c8e>] kthread+0x7e/0x90\r\n[<ffffffff815a4474>] kernel_thread_helper+0x4/0x10</code>\r\n\u6f0f\u6d1e\u662f\u5f53\u914d\u7f6e\u4e86\u53ef\u7f16\u7a0b\u95f4\u9694\u5b9a\u65f6\u5668(PIT)\u65f6"create_pit_timer()"\u51fd\u6570(arch/x86/kvm/i8254.c)\u7684\u9519\u8bef\uff0c\u53ef\u88ab\u5229\u7528\u5f15\u7528\u7a7a\u6307\u9488\u800c\u4f7f\u4e3b\u673a\u5d29\u6e83\u3002\nBugtraq ID: 51172\r\nCVE ID\uff1aCVE-2011-4622\r\n\r\nLinux\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\u7528\u6237\u7a7a\u95f4\u53ef\u521b\u5efaPIT\u4f46\u5fd8\u8bb0\u4e86\u8bbe\u7f6eirqchips\uff0c\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7PIT IRQs\u4f7f\u4e3b\u673a\u5d29\u6e83\uff1a\r\n<pre class=\"prettyprint linenums\">BUG: unable to handle kernel NULL pointer dereference at 0000000000000128\r\nIP: [<ffffffffa10f6280>] kvm_set_irq+0x30/0x170 [kvm]\r\n...\r\nCall Trace:\r\n[<ffffffffa11228c1>] pit_do_work+0x51/0xd0 [kvm]\r\n[<ffffffff81071431>] process_one_work+0x111/0x4d0\r\n[<ffffffff81071bb2>] worker_thread+0x152/0x340\r\n[<ffffffff81075c8e>] kthread+0x7e/0x90\r\n[<ffffffff815a4474>] kernel_thread_helper+0x4/0x10</pre>\r\n\u6f0f\u6d1e\u662f\u5f53\u914d\u7f6e\u4e86\u53ef\u7f16\u7a0b\u95f4\u9694\u5b9a\u65f6\u5668(PIT)\u65f6"create_pit_timer()"\u51fd\u6570(arch/x86/kvm/i8254.c)\u7684\u9519\u8bef\uff0c\u53ef\u88ab\u5229\u7528\u5f15\u7528\u7a7a\u6307\u9488\u800c\u4f7f\u4e3b\u673a\u5d29\u6e83\u3002\nLinux kernel 2.6.x\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://permalink.gmane.org/gmane.comp.emulators.kvm.devel/83564", "modified": "2011-12-24T00:00:00", "published": "2011-12-24T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-26098", "id": "SSV:26098", "type": "seebug", "title": "Linux kernel 2.6.x KVM 'create_pit_timer()'\u51fd\u6570\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:50:47", "bulletinFamily": "unix", "description": "The qemu vt100 emulation was affected by a problem where\n specific vt100 sequences could have been used by guest\n users to affect the host. (CVE-2012-3515 aka XSA-17).\n\n CVE-2012-0029: A buffer overflow in the e1000 device\n emulation was fixed\n", "modified": "2012-10-09T21:08:49", "published": "2012-10-09T21:08:49", "id": "SUSE-SU-2012:1320-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
