{"id": "RHSA-2012:1233", "hash": "ea6f0feb9478cc225450cde46e0a3d0a", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1233) Important: qemu-kvm-rhev security and bug fix update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed\nby Red Hat Enterprise Virtualization:\n\n* This flaw did not affect the default use of KVM. Affected configurations\nwere:\n\n- When guests were started from the command line (\"/usr/libexec/qemu-kvm\")\nwithout the \"-nodefaults\" option, and also without specifying a\nserial or parallel device, or a virtio-console device, that specifically\ndoes not use a virtual console (vc) back-end. (Note that Red Hat does not\nsupport invoking \"qemu-kvm\" from the command line without \"-nodefaults\" on\nRed Hat Enterprise Linux 6.)\n\n- Guests that were managed via libvirt, such as when using Virtual Machine\nManager (virt-manager), but that have a serial or parallel device, or a\nvirtio-console device, that uses a virtual console back-end. By default,\nguests managed via libvirt will not use a virtual console back-end for such\ndevices.\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Virtualization managed Red\nHat Enterprise Linux 6 host:\n\n* This flaw did not affect the default use of a Red Hat Enterprise\nVirtualization host: it is not possible to add a device that uses a virtual\nconsole back-end via Red Hat Enterprise Virtualization Manager.\n\nTo specify a virtual console back-end for a device and therefore be\nvulnerable to this issue, the device would have to be created another way,\nfor example, by using a VDSM hook.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Previously, the KVM modules were not loaded by the postinstall scriptlet\nof RPM scripts. This bug caused various issues and required the system to\nbe rebooted to resolve them. With this update, the modules are loaded\nproperly by the scriptlet and no unnecessary reboots are now required.\n(BZ#839897)\n\n* Previously, when a guest was started up with two serial devices, qemu-kvm\nreturned an error message and terminated the boot because IRQ 4 for the ISA\nbus was being used by both devices. This update fixes the qemu-kvm code,\nwhich allows IRQ 4 to be used by more than one device on the ISA bus, and\nthe boot now succeeds in the described scenario. (BZ#840054)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which fix these issues. After installing this update, shut down\nall running virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\n", "published": "2012-09-05T04:00:00", "modified": "2018-06-07T08:59:40", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2012:1233", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-3515"], "lastseen": "2019-08-13T18:46:43", "history": [{"bulletin": {"id": "RHSA-2012:1233", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1233) Important: qemu-kvm-rhev security and bug fix update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed\nby Red Hat Enterprise Virtualization:\n\n* This flaw did not affect the default use of KVM. Affected configurations\nwere:\n\n- When guests were started from the command line (\"/usr/libexec/qemu-kvm\")\nwithout the \"-nodefaults\" option, and also without specifying a\nserial or parallel device, or a virtio-console device, that specifically\ndoes not use a virtual console (vc) back-end. (Note that Red Hat does not\nsupport invoking \"qemu-kvm\" from the command line without \"-nodefaults\" on\nRed Hat Enterprise Linux 6.)\n\n- Guests that were managed via libvirt, such as when using Virtual Machine\nManager (virt-manager), but that have a serial or parallel device, or a\nvirtio-console device, that uses a virtual console back-end. By default,\nguests managed via libvirt will not use a virtual console back-end for such\ndevices.\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Virtualization managed Red\nHat Enterprise Linux 6 host:\n\n* This flaw did not affect the default use of a Red Hat Enterprise\nVirtualization host: it is not possible to add a device that uses a virtual\nconsole back-end via Red Hat Enterprise Virtualization Manager.\n\nTo specify a virtual console back-end for a device and therefore be\nvulnerable to this issue, the device would have to be created another way,\nfor example, by using a VDSM hook.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Previously, the KVM modules were not loaded by the postinstall scriptlet\nof RPM scripts. This bug caused various issues and required the system to\nbe rebooted to resolve them. With this update, the modules are loaded\nproperly by the scriptlet and no unnecessary reboots are now required.\n(BZ#839897)\n\n* Previously, when a guest was started up with two serial devices, qemu-kvm\nreturned an error message and terminated the boot because IRQ 4 for the ISA\nbus was being used by both devices. This update fixes the qemu-kvm code,\nwhich allows IRQ 4 to be used by more than one device on the ISA bus, and\nthe boot now succeeds in the described scenario. (BZ#840054)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which fix these issues. After installing this update, shut down\nall running virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\n", "published": "2012-09-05T04:00:00", "modified": "2017-03-03T16:45:04", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1233", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-3515"], "lastseen": "2017-03-10T07:18:27", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "qemu-kvm-rhev-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "OSVersion": "6", "packageVersion": "0.12.1.2-2.295.el6_3.2", "operator": "lt"}, {"packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "qemu-kvm-rhev-tools", "OSVersion": "6", "packageVersion": "0.12.1.2-2.295.el6_3.2", "operator": "lt"}, {"packageFilename": "qemu-img-rhev-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "qemu-img-rhev", "OSVersion": "6", "packageVersion": "0.12.1.2-2.295.el6_3.2", "operator": "lt"}, {"packageFilename": "qemu-kvm-rhev-0.12.1.2-2.295.el6_3.2.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "qemu-kvm-rhev", "OSVersion": "6", "packageVersion": "0.12.1.2-2.295.el6_3.2", "operator": "lt"}, {"packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "OSVersion": "6", "packageVersion": "0.12.1.2-2.295.el6_3.2", "operator": "lt"}]}, "lastseen": "2017-03-10T07:18:27", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2012:1233", "hash": "a0ad6e7a5a82968be2653b3f540acb6c", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1233) Important: qemu-kvm-rhev security and bug fix update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed\nby Red Hat Enterprise Virtualization:\n\n* This flaw did not affect the default use of KVM. Affected configurations\nwere:\n\n- When guests were started from the command line (\"/usr/libexec/qemu-kvm\")\nwithout the \"-nodefaults\" option, and also without specifying a\nserial or parallel device, or a virtio-console device, that specifically\ndoes not use a virtual console (vc) back-end. (Note that Red Hat does not\nsupport invoking \"qemu-kvm\" from the command line without \"-nodefaults\" on\nRed Hat Enterprise Linux 6.)\n\n- Guests that were managed via libvirt, such as when using Virtual Machine\nManager (virt-manager), but that have a serial or parallel device, or a\nvirtio-console device, that uses a virtual console back-end. By default,\nguests managed via libvirt will not use a virtual console back-end for such\ndevices.\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Virtualization managed Red\nHat Enterprise Linux 6 host:\n\n* This flaw did not affect the default use of a Red Hat Enterprise\nVirtualization host: it is not possible to add a device that uses a virtual\nconsole back-end via Red Hat Enterprise Virtualization Manager.\n\nTo specify a virtual console back-end for a device and therefore be\nvulnerable to this issue, the device would have to be created another way,\nfor example, by using a VDSM hook.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Previously, the KVM modules were not loaded by the postinstall scriptlet\nof RPM scripts. This bug caused various issues and required the system to\nbe rebooted to resolve them. With this update, the modules are loaded\nproperly by the scriptlet and no unnecessary reboots are now required.\n(BZ#839897)\n\n* Previously, when a guest was started up with two serial devices, qemu-kvm\nreturned an error message and terminated the boot because IRQ 4 for the ISA\nbus was being used by both devices. This update fixes the qemu-kvm code,\nwhich allows IRQ 4 to be used by more than one device on the ISA bus, and\nthe boot now succeeds in the described scenario. (BZ#840054)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which fix these issues. After installing this update, shut down\nall running virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\n", "published": "2012-09-05T04:00:00", "modified": "2018-06-07T08:59:40", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1233", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-3515"], "lastseen": "2018-06-13T00:00:03", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "qemu-kvm-rhev", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.295.el6_3.2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-img-rhev-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-tools", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}]}, "lastseen": "2018-06-13T00:00:03", "differentElements": ["affectedPackage"], "edition": 2}, {"bulletin": {"id": "RHSA-2012:1233", "hash": "cda351c24a4e87f1bd8a26721826507e", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1233) Important: qemu-kvm-rhev security and bug fix update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed\nby Red Hat Enterprise Virtualization:\n\n* This flaw did not affect the default use of KVM. Affected configurations\nwere:\n\n- When guests were started from the command line (\"/usr/libexec/qemu-kvm\")\nwithout the \"-nodefaults\" option, and also without specifying a\nserial or parallel device, or a virtio-console device, that specifically\ndoes not use a virtual console (vc) back-end. (Note that Red Hat does not\nsupport invoking \"qemu-kvm\" from the command line without \"-nodefaults\" on\nRed Hat Enterprise Linux 6.)\n\n- Guests that were managed via libvirt, such as when using Virtual Machine\nManager (virt-manager), but that have a serial or parallel device, or a\nvirtio-console device, that uses a virtual console back-end. By default,\nguests managed via libvirt will not use a virtual console back-end for such\ndevices.\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Virtualization managed Red\nHat Enterprise Linux 6 host:\n\n* This flaw did not affect the default use of a Red Hat Enterprise\nVirtualization host: it is not possible to add a device that uses a virtual\nconsole back-end via Red Hat Enterprise Virtualization Manager.\n\nTo specify a virtual console back-end for a device and therefore be\nvulnerable to this issue, the device would have to be created another way,\nfor example, by using a VDSM hook.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Previously, the KVM modules were not loaded by the postinstall scriptlet\nof RPM scripts. This bug caused various issues and required the system to\nbe rebooted to resolve them. With this update, the modules are loaded\nproperly by the scriptlet and no unnecessary reboots are now required.\n(BZ#839897)\n\n* Previously, when a guest was started up with two serial devices, qemu-kvm\nreturned an error message and terminated the boot because IRQ 4 for the ISA\nbus was being used by both devices. This update fixes the qemu-kvm code,\nwhich allows IRQ 4 to be used by more than one device on the ISA bus, and\nthe boot now succeeds in the described scenario. (BZ#840054)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which fix these issues. After installing this update, shut down\nall running virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\n", "published": "2012-09-05T04:00:00", "modified": "2018-06-07T08:59:40", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2012:1233", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-3515"], "lastseen": "2018-12-11T19:43:16", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3515"]}, {"type": "f5", "idList": ["F5:K13405416", "SOL13405416"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105504", "OPENVAS:870823", "OPENVAS:1361412562310870823", "OPENVAS:1361412562310881487", "OPENVAS:1361412562310850332", "OPENVAS:1361412562310881485", "OPENVAS:1361412562310881486", "OPENVAS:1361412562310870822", "OPENVAS:1361412562310123828", "OPENVAS:1361412562310123830"]}, {"type": "redhat", "idList": ["RHSA-2012:1235", "RHSA-2012:1236", "RHSA-2012:1234", "RHSA-2012:1262"]}, {"type": "centos", "idList": ["CESA-2012:1234", "CESA-2012:1235", "CESA-2012:1236"]}, {"type": "ubuntu", "idList": ["USN-1590-1"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2012-1234.NASL", "F5_BIGIP_SOL13405416.NASL", "CENTOS_RHSA-2012-1235.NASL", "REDHAT-RHSA-2012-1235.NASL", "SUSE_11_KVM-120831.NASL", "REDHAT-RHSA-2012-1236.NASL", "ORACLELINUX_ELSA-2012-1236.NASL", "FEDORA_2012-15606.NASL", "UBUNTU_USN-1590-1.NASL", "SL_20120905_XEN_ON_SL5_X.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28593", "SECURITYVULNS:VULN:12606"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1234", "ELSA-2012-1235", "ELSA-2012-1236"]}, {"type": "suse", "idList": ["SUSE-SU-2012:1203-2", "SUSE-SU-2012:1205-1", "OPENSUSE-SU-2012:1170-1", "SUSE-SU-2012:1203-1", "SUSE-SU-2012:1129-1", "SUSE-SU-2012:1202-1", "SUSE-SU-2012:1320-1", "SUSE-SU-2012:1162-1", "SUSE-SU-2012:1135-1", "SUSE-SU-2012:1132-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2545-1:3E96A", "DEBIAN:DSA-2543-1:24FA9", "DEBIAN:DSA-2542-1:046AD"]}], "modified": "2018-12-11T19:43:16"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T19:43:16", "differentElements": ["cvss"], "edition": 3}, {"bulletin": {"id": "RHSA-2012:1233", "hash": "22fd21df31bdc48e5c0b7b08594d6a69", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2012:1233) Important: qemu-kvm-rhev security and bug fix update", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the\nuser-space component for running virtual machines using KVM.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed\nby Red Hat Enterprise Virtualization:\n\n* This flaw did not affect the default use of KVM. Affected configurations\nwere:\n\n- When guests were started from the command line (\"/usr/libexec/qemu-kvm\")\nwithout the \"-nodefaults\" option, and also without specifying a\nserial or parallel device, or a virtio-console device, that specifically\ndoes not use a virtual console (vc) back-end. (Note that Red Hat does not\nsupport invoking \"qemu-kvm\" from the command line without \"-nodefaults\" on\nRed Hat Enterprise Linux 6.)\n\n- Guests that were managed via libvirt, such as when using Virtual Machine\nManager (virt-manager), but that have a serial or parallel device, or a\nvirtio-console device, that uses a virtual console back-end. By default,\nguests managed via libvirt will not use a virtual console back-end for such\ndevices.\n\nWhen using qemu-kvm-rhev on a Red Hat Enterprise Virtualization managed Red\nHat Enterprise Linux 6 host:\n\n* This flaw did not affect the default use of a Red Hat Enterprise\nVirtualization host: it is not possible to add a device that uses a virtual\nconsole back-end via Red Hat Enterprise Virtualization Manager.\n\nTo specify a virtual console back-end for a device and therefore be\nvulnerable to this issue, the device would have to be created another way,\nfor example, by using a VDSM hook.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Previously, the KVM modules were not loaded by the postinstall scriptlet\nof RPM scripts. This bug caused various issues and required the system to\nbe rebooted to resolve them. With this update, the modules are loaded\nproperly by the scriptlet and no unnecessary reboots are now required.\n(BZ#839897)\n\n* Previously, when a guest was started up with two serial devices, qemu-kvm\nreturned an error message and terminated the boot because IRQ 4 for the ISA\nbus was being used by both devices. This update fixes the qemu-kvm code,\nwhich allows IRQ 4 to be used by more than one device on the ISA bus, and\nthe boot now succeeds in the described scenario. (BZ#840054)\n\nAll users of qemu-kvm-rhev are advised to upgrade to these updated\npackages, which fix these issues. After installing this update, shut down\nall running virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\n", "published": "2012-09-05T04:00:00", "modified": "2018-06-07T08:59:40", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2012:1233", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-3515"], "lastseen": "2019-05-29T14:34:12", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T14:34:12"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3515"]}, {"type": "f5", "idList": ["F5:K13405416", "SOL13405416"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105504", "OPENVAS:1361412562310881485", "OPENVAS:1361412562310881487", "OPENVAS:1361412562310870822", "OPENVAS:870823", "OPENVAS:1361412562310881486", "OPENVAS:1361412562310870823", "OPENVAS:1361412562310850332", "OPENVAS:1361412562310123828", "OPENVAS:841170"]}, {"type": "ubuntu", "idList": ["USN-1590-1"]}, {"type": "redhat", "idList": ["RHSA-2012:1236", "RHSA-2012:1235", "RHSA-2012:1234", "RHSA-2012:1262"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2012-1236.NASL", "CENTOS_RHSA-2012-1235.NASL", "SUSE_11_KVM-120831.NASL", "F5_BIGIP_SOL13405416.NASL", "REDHAT-RHSA-2012-1235.NASL", "REDHAT-RHSA-2012-1234.NASL", "UBUNTU_USN-1590-1.NASL", "SL_20120905_XEN_ON_SL5_X.NASL", "OPENSUSE-2012-591.NASL", "FEDORA_2012-15606.NASL"]}, {"type": "centos", "idList": ["CESA-2012:1234", "CESA-2012:1235", "CESA-2012:1236"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1234", "ELSA-2012-1235", "ELSA-2012-1236"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12606", "SECURITYVULNS:DOC:28593"]}, {"type": "suse", "idList": ["SUSE-SU-2012:1203-1", "OPENSUSE-SU-2012:1170-1", "SUSE-SU-2012:1205-1", "SUSE-SU-2012:1203-2", "SUSE-SU-2012:1129-1", "SUSE-SU-2012:1320-1", "SUSE-SU-2012:1202-1", "SUSE-SU-2012:1135-1", "SUSE-SU-2012:1162-1", "SUSE-SU-2012:1132-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2545-1:3E96A", "DEBIAN:DSA-2543-1:24FA9", "DEBIAN:DSA-2542-1:046AD"]}], "modified": "2019-05-29T14:34:12"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}]}, "lastseen": "2019-05-29T14:34:12", "differentElements": ["affectedPackage"], "edition": 4}], "viewCount": 0, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2019-08-13T18:46:43", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3515"]}, {"type": "f5", "idList": ["F5:K13405416", "SOL13405416"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123828", "OPENVAS:1361412562310881485", "OPENVAS:1361412562310105504", "OPENVAS:1361412562310123830", "OPENVAS:1361412562310881487", "OPENVAS:1361412562310870823", "OPENVAS:870823", "OPENVAS:1361412562310881486", "OPENVAS:1361412562310850332", "OPENVAS:1361412562310870822"]}, {"type": "redhat", "idList": ["RHSA-2012:1236", "RHSA-2012:1262", "RHSA-2012:1235", "RHSA-2012:1234"]}, {"type": "nessus", "idList": ["SL_20120905_XEN_ON_SL5_X.NASL", "ORACLELINUX_ELSA-2012-1235.NASL", "SL_20120905_KVM_ON_SL5_X.NASL", "REDHAT-RHSA-2012-1236.NASL", "OPENSUSE-2012-591.NASL", "REDHAT-RHSA-2012-1235.NASL", "REDHAT-RHSA-2012-1234.NASL", "CENTOS_RHSA-2012-1235.NASL", "F5_BIGIP_SOL13405416.NASL", "SUSE_11_KVM-120831.NASL"]}, {"type": "ubuntu", "idList": ["USN-1590-1"]}, {"type": "centos", "idList": ["CESA-2012:1235", "CESA-2012:1236", "CESA-2012:1234"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1235", "ELSA-2012-1234", "ELSA-2012-1236"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12606", "SECURITYVULNS:DOC:28593"]}, {"type": "suse", "idList": ["SUSE-SU-2012:1132-1", "SUSE-SU-2012:1129-1", "SUSE-SU-2012:1320-1", "SUSE-SU-2012:1205-1", "SUSE-SU-2012:1162-1", "SUSE-SU-2012:1135-1", "SUSE-SU-2012:1202-1", "SUSE-SU-2012:1203-1", "SUSE-SU-2012:1203-2", "OPENSUSE-SU-2012:1170-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2545-1:3E96A", "DEBIAN:DSA-2543-1:24FA9", "DEBIAN:DSA-2542-1:046AD"]}], "modified": "2019-08-13T18:46:43", "rev": 2}, "vulnersScore": 6.1}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-debuginfo-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev-tools", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-tools-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-img-rhev-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.295.el6_3.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "qemu-kvm-rhev", "packageVersion": "0.12.1.2-2.295.el6_3.2", "packageFilename": "qemu-kvm-rhev-0.12.1.2-2.295.el6_3.2.src.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:12:23", "bulletinFamily": "NVD", "description": "Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a \"device model's address space.\"", "modified": "2017-07-01T01:29:00", "id": "CVE-2012-3515", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3515", "published": "2012-11-23T20:55:00", "title": "CVE-2012-3515", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2017-06-08T00:16:21", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 396955 (BIG-IP) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.2.1 HF14| 12.0.0 \n11.3.0 - 11.6.0 \n11.2.1 HF15 \n10.1.0 - 10.2.41| Low| vCMP host hypervisor (QEMU) \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| 11.0.0 - 11.2.1 HF14| 12.0.0 \n11.3.0 - 11.6.0 \n11.2.1 HF15| Low| vCMP host hypervisor (QEMU) \nBIG-IP APM| 11.0.0 - 11.2.1 HF14| 12.0.0 \n11.3.0 - 11.6.0 \n11.2.1 HF15 \n10.1.0 - 10.2.41| Low| vCMP host hypervisor (QEMU) \nBIG-IP ASM| 11.0.0 - 11.2.1 HF14| 12.0.0 \n11.3.0 - 11.6.0 \n11.2.1 HF15 \n10.1.0 - 10.2.41| Low| vCMP host hypervisor (QEMU) \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.2.1 HF14| 11.2.1 HF15 - 11.3.0 \n10.1.0 - 10.2.41 \nNone| Low| vCMP host hypervisor (QEMU) \nBIG-IP GTM| 11.0.0 - 11.2.1 HF14| 11.3.0 - 11.6.0 \n11.2.1 HF15 \n10.1.0 - 10.2.41| Low| vCMP host hypervisor (QEMU) \nBIG-IP Link Controller| 11.0.0 - 11.2.1 HF14| 12.0.0 \n11.3.0 - 11.6.0 \n11.2.1 HF15 \n10.1.0 - 10.2.41| Low| vCMP host hypervisor (QEMU) \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| 11.0.0 - 11.2.1 HF14| 11.3.0 - 11.4.1 \n11.2.1 HF15 \n10.1.0 - 10.2.41| Low| vCMP host hypervisor (QEMU) \nBIG-IP WebAccelerator| 11.0.0 - 11.2.1 HF14| 11.3.0 \n11.2.1 HF15 \n10.1.0 - 10.2.41| Low| vCMP host hypervisor (QEMU) \nBIG-IP WOM| 11.0.0 - 11.2.1 HF14| 11.3.0 \n11.2.1 HF15 \n10.1.0 - 10.2.41| Low| vCMP host hypervisor (QEMU) \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n1 vCMP is not available on BIG-IP versions prior to 11.0.0.\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n", "modified": "2016-01-09T02:32:00", "published": "2016-01-06T03:51:00", "href": "https://support.f5.com/csp/article/K13405416", "id": "F5:K13405416", "title": "QEMU vulnerability CVE-2012-3515", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-03-19T09:02:10", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n", "modified": "2016-01-05T00:00:00", "published": "2016-01-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/13/sol13405416.html", "id": "SOL13405416", "title": "SOL13405416 - QEMU vulnerability CVE-2012-3515", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-04-07T18:43:20", "bulletinFamily": "scanner", "description": "The remote host is missing a security patch.", "modified": "2020-04-03T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310105504", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105504", "title": "F5 BIG-IP - SOL13405416 - QEMU vulnerability CVE-2012-3515", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL13405416 - QEMU vulnerability CVE-2012-3515\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105504\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL13405416 - QEMU vulnerability CVE-2012-3515\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/k/13/sol13405416.html\");\n\n script_tag(name:\"impact\", value:\"An attacker may gain privileged access by using a crafted escape sequence.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a 'device model's address space.'\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 11:38:32 +0100 (Fri, 08 Jan 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.2.1_HF14;',\n 'unaffected', '12.0.0;11.3.0-11.6.0;11.2.1_HF15;10.1.0-10.2.4;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-1236", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123828", "title": "Oracle Linux Local Check: ELSA-2012-1236", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1236.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123828\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:06 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1236\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1236 - xen security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1236\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1236.html\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~135.el5_8.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~135.el5_8.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~135.el5_8.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-09-07T00:00:00", "id": "OPENVAS:1361412562310881486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881486", "title": "CentOS Update for qemu-guest-agent CESA-2012:1234 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for qemu-guest-agent CESA-2012:1234 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-September/018848.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881486\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-07 11:26:05 +0530 (Fri, 07 Sep 2012)\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1234\");\n script_name(\"CentOS Update for qemu-guest-agent CESA-2012:1234 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-guest-agent'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"qemu-guest-agent on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\n component for running virtual machines using KVM.\n\n A flaw was found in the way QEMU handled VT100 terminal escape sequences\n when emulating certain character devices. A guest user with privileges to\n write to a character device that is emulated on the host using a virtual\n console back-end could use this flaw to crash the qemu-kvm process on the\n host or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\n This flaw did not affect the default use of KVM. Affected configurations\n were:\n\n * When guests were started from the command line ('/usr/libexec/qemu-kvm')\n without the '-nodefaults' option, and also without specifying a\n serial or parallel device, or a virtio-console device, that specifically\n does not use a virtual console (vc) back-end. (Note that Red Hat does not\n support invoking 'qemu-kvm' from the command line without '-nodefaults' on\n Red Hat Enterprise Linux 6.)\n\n * Guests that were managed via libvirt, such as when using Virtual Machine\n Manager (virt-manager), but that have a serial or parallel device, or a\n virtio-console device, that uses a virtual console back-end. By default,\n guests managed via libvirt will not use a virtual console back-end\n for such devices.\n\n Red Hat would like to thank the Xen project for reporting this issue.\n\n All users of qemu-kvm should upgrade to these updated packages, which\n resolve this issue. After installing this update, shut down all running\n virtual machines. Once all virtual machines have shut down, start them\n again for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.295.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.295.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.295.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.295.el6_3.2\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:41:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2012-12-13T00:00:00", "id": "OPENVAS:1361412562310850332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850332", "title": "openSUSE: Security Advisory for qemu (openSUSE-SU-2012:1170-1)", "type": "openvas", "sourceData": "# Copyright (C) 2012 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850332\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:36 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:1170-1\");\n script_name(\"openSUSE: Security Advisory for qemu (openSUSE-SU-2012:1170-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE12\\.1)\");\n\n script_tag(name:\"affected\", value:\"qemu on openSUSE 12.1, openSUSE 11.4\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"qemu was fixed to add bounds checking for VT100 escape code\n parsing and cursor placement.\n\n Also qemu was updated on 12.2 and 11.4 to the latest stable\n release (v1.1.1 and v0.14.1 respectively).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~0.14.1~1.10.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debuginfo\", rpm:\"qemu-debuginfo~0.14.1~1.10.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~0.14.1~1.10.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE12.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"qemu\", rpm:\"qemu~0.14.1~7.6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debuginfo\", rpm:\"qemu-debuginfo~0.14.1~7.6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-debugsource\", rpm:\"qemu-debugsource~0.14.1~7.6.1\", rls:\"openSUSE12.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-09-07T00:00:00", "id": "OPENVAS:1361412562310881487", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881487", "title": "CentOS Update for kmod-kvm CESA-2012:1235 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kmod-kvm CESA-2012:1235 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-September/018847.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881487\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-07 11:26:09 +0530 (Fri, 07 Sep 2012)\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1235\");\n script_name(\"CentOS Update for kmod-kvm CESA-2012:1235 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kmod-kvm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kmod-kvm on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built\n for the standard Red Hat Enterprise Linux kernel.\n\n A flaw was found in the way QEMU handled VT100 terminal escape sequences\n when emulating certain character devices. A guest user with privileges to\n write to a character device that is emulated on the host using a virtual\n console back-end could use this flaw to crash the qemu-kvm process on the\n host or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\n This flaw did not affect the default use of KVM. Affected configurations\n were:\n\n * When guests were started from the command line ('/usr/libexec/qemu-kvm'),\n and without specifying a serial or parallel device that specifically does\n not use a virtual console (vc) back-end. (Note that Red Hat does not\n support invoking 'qemu-kvm' from the command line on Red Hat Enterprise\n Linux 5.)\n\n * Guests that were managed via libvirt, such as when using Virtual Machine\n Manager (virt-manager), but that have a serial or parallel device that uses\n a virtual console back-end. By default, guests managed via libvirt will not\n use a virtual console back-end for such devices.\n\n Red Hat would like to thank the Xen project for reporting this issue.\n\n All KVM users should upgrade to these updated packages, which correct this\n issue. Note: The procedure in the Solution section must be performed before\n this update will take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm\", rpm:\"kmod-kvm~83~249.el5.centos.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kmod-kvm-debug\", rpm:\"kmod-kvm-debug~83~249.el5.centos.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm\", rpm:\"kvm~83~249.el5.centos.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-qemu-img\", rpm:\"kvm-qemu-img~83~249.el5.centos.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kvm-tools\", rpm:\"kvm-tools~83~249.el5.centos.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-09-07T00:00:00", "id": "OPENVAS:1361412562310870822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870822", "title": "RedHat Update for xen RHSA-2012:1236-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xen RHSA-2012:1236-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-September/msg00008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870822\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-07 11:25:34 +0530 (Fri, 07 Sep 2012)\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1236-01\");\n script_name(\"RedHat Update for xen RHSA-2012:1236-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"xen on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The xen packages contain administration tools and the xend service for\n managing the kernel-xen kernel for virtualization on Red Hat Enterprise\n Linux.\n\n A flaw was found in the way QEMU handled VT100 terminal escape sequences\n when emulating certain character devices. A guest user with privileges to\n write to a character device that is emulated on the host using a virtual\n console back-end could use this flaw to crash the qemu process on the\n host or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\n This flaw did not affect the default use of the Xen hypervisor\n implementation in Red Hat Enterprise Linux 5. This problem only affected\n fully-virtualized guests that have a serial or parallel device that uses a\n virtual console (vc) back-end. By default, the virtual console back-end is\n not used for such devices. Only guests explicitly configured to use them\n in this way were affected.\n\n Red Hat would like to thank the Xen project for reporting this issue.\n\n All users of xen are advised to upgrade to these updated packages, which\n correct this issue. After installing the updated packages, all\n fully-virtualized guests must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen-debuginfo\", rpm:\"xen-debuginfo~3.0.3~135.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~135.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:56:29", "bulletinFamily": "scanner", "description": "Check for the Version of qemu-kvm", "modified": "2017-12-29T00:00:00", "published": "2012-09-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870823", "id": "OPENVAS:870823", "title": "RedHat Update for qemu-kvm RHSA-2012:1234-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2012:1234-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\n component for running virtual machines using KVM.\n\n A flaw was found in the way QEMU handled VT100 terminal escape sequences\n when emulating certain character devices. A guest user with privileges to\n write to a character device that is emulated on the host using a virtual\n console back-end could use this flaw to crash the qemu-kvm process on the\n host or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\n This flaw did not affect the default use of KVM. Affected configurations\n were:\n\n * When guests were started from the command line (&quot;/usr/libexec/qemu-kvm&quot;)\n without the &quot;-nodefaults&quot; option, and also without specifying a\n serial or parallel device, or a virtio-console device, that specifically\n does not use a virtual console (vc) back-end. (Note that Red Hat does not\n support invoking &quot;qemu-kvm&quot; from the command line without\n '-nodefaults' on Red Hat Enterprise Linux 6.)\n\n * Guests that were managed via libvirt, such as when using Virtual Machine\n Manager (virt-manager), but that have a serial or parallel device, or a\n virtio-console device, that uses a virtual console back-end. By default,\n guests managed via libvirt will not use a virtual console back-end\n for such devices.\n\n Red Hat would like to thank the Xen project for reporting this issue.\n All users of qemu-kvm should upgrade to these updated packages, which\n resolve this issue. After installing this update, shut down all running\n virtual machines. Once all virtual machines have shut down, start them\n again for this update to take effect.\";\n\ntag_affected = \"qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-September/msg00006.html\");\n script_id(870823);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-07 11:25:36 +0530 (Fri, 07 Sep 2012)\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1234-01\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2012:1234-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of qemu-kvm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-09-07T00:00:00", "id": "OPENVAS:1361412562310870823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870823", "title": "RedHat Update for qemu-kvm RHSA-2012:1234-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for qemu-kvm RHSA-2012:1234-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-September/msg00006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870823\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-07 11:25:36 +0530 (Fri, 07 Sep 2012)\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1234-01\");\n script_name(\"RedHat Update for qemu-kvm RHSA-2012:1234-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qemu-kvm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"KVM (Kernel-based Virtual Machine) is a full virtualization solution for\n Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\n component for running virtual machines using KVM.\n\n A flaw was found in the way QEMU handled VT100 terminal escape sequences\n when emulating certain character devices. A guest user with privileges to\n write to a character device that is emulated on the host using a virtual\n console back-end could use this flaw to crash the qemu-kvm process on the\n host or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\n This flaw did not affect the default use of KVM. Affected configurations\n were:\n\n * When guests were started from the command line ('/usr/libexec/qemu-kvm')\n without the '-nodefaults' option, and also without specifying a\n serial or parallel device, or a virtio-console device, that specifically\n does not use a virtual console (vc) back-end. (Note that Red Hat does not\n support invoking 'qemu-kvm' from the command line without\n '-nodefaults' on Red Hat Enterprise Linux 6.)\n\n * Guests that were managed via libvirt, such as when using Virtual Machine\n Manager (virt-manager), but that have a serial or parallel device, or a\n virtio-console device, that uses a virtual console back-end. By default,\n guests managed via libvirt will not use a virtual console back-end\n for such devices.\n\n Red Hat would like to thank the Xen project for reporting this issue.\n All users of qemu-kvm should upgrade to these updated packages, which\n resolve this issue. After installing this update, shut down all running\n virtual machines. Once all virtual machines have shut down, start them\n again for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"qemu-guest-agent\", rpm:\"qemu-guest-agent~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-img\", rpm:\"qemu-img~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm\", rpm:\"qemu-kvm~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-debuginfo\", rpm:\"qemu-kvm-debuginfo~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"qemu-kvm-tools\", rpm:\"qemu-kvm-tools~0.12.1.2~2.295.el6_3.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-09-07T00:00:00", "id": "OPENVAS:1361412562310881485", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881485", "title": "CentOS Update for xen CESA-2012:1236 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xen CESA-2012:1236 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-September/018846.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881485\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-07 11:26:04 +0530 (Fri, 07 Sep 2012)\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1236\");\n script_name(\"CentOS Update for xen CESA-2012:1236 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"xen on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The xen packages contain administration tools and the xend service for\n managing the kernel-xen kernel for virtualization on Red Hat Enterprise\n Linux.\n\n A flaw was found in the way QEMU handled VT100 terminal escape sequences\n when emulating certain character devices. A guest user with privileges to\n write to a character device that is emulated on the host using a virtual\n console back-end could use this flaw to crash the qemu process on the\n host or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\n This flaw did not affect the default use of the Xen hypervisor\n implementation in Red Hat Enterprise Linux 5. This problem only affected\n fully-virtualized guests that have a serial or parallel device that uses a\n virtual console (vc) back-end. By default, the virtual console back-end is\n not used for such devices. Only guests explicitly configured to use them\n in this way were affected.\n\n Red Hat would like to thank the Xen project for reporting this issue.\n\n All users of xen are advised to upgrade to these updated packages, which\n correct this issue. After installing the updated packages, all\n fully-virtualized guests must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~3.0.3~135.el5_8.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~3.0.3~135.el5_8.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~3.0.3~135.el5_8.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:20:42", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1590-1", "modified": "2017-12-01T00:00:00", "published": "2012-10-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841170", "id": "OPENVAS:841170", "title": "Ubuntu Update for qemu-kvm USN-1590-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1590_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for qemu-kvm USN-1590-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that QEMU incorrectly handled certain VT100 escape\n sequences. A guest user with access to an emulated character device could\n use this flaw to cause QEMU to crash, or possibly execute arbitrary code on\n the host.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1590-1\";\ntag_affected = \"qemu-kvm on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1590-1/\");\n script_id(841170);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 09:24:23 +0530 (Wed, 03 Oct 2012)\");\n script_cve_id(\"CVE-2012-3515\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1590-1\");\n script_name(\"Ubuntu Update for qemu-kvm USN-1590-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.12.3+noroms-0ubuntu9.20\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"1.0+noroms-0ubuntu14.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.14.1+noroms-0ubuntu6.5\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"qemu-kvm\", ver:\"0.14.0+noroms-0ubuntu4.7\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-07-01T03:52:32", "bulletinFamily": "scanner", "description": "Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the\nqemu-kvm process on the host or, possibly, escalate their privileges\non the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected\nconfigurations were :\n\n* When guests were started from the command line\n(", "modified": "2020-07-02T00:00:00", "id": "REDHAT-RHSA-2012-1235.NASL", "href": "https://www.tenable.com/plugins/nessus/64055", "published": "2013-01-24T00:00:00", "title": "RHEL 5 : kvm (RHSA-2012:1235)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1235. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64055);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:36\");\n\n script_cve_id(\"CVE-2012-3515\");\n script_bugtraq_id(55413);\n script_xref(name:\"RHSA\", value:\"2012:1235\");\n\n script_name(english:\"RHEL 5 : kvm (RHSA-2012:1235)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the\nqemu-kvm process on the host or, possibly, escalate their privileges\non the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected\nconfigurations were :\n\n* When guests were started from the command line\n('/usr/libexec/qemu-kvm'), and without specifying a serial or parallel\ndevice that specifically does not use a virtual console (vc) back-end.\n(Note that Red Hat does not support invoking 'qemu-kvm' from the\ncommand line on Red Hat Enterprise Linux 5.)\n\n* Guests that were managed via libvirt, such as when using Virtual\nMachine Manager (virt-manager), but that have a serial or parallel\ndevice that uses a virtual console back-end. By default, guests\nmanaged via libvirt will not use a virtual console back-end for such\ndevices.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll KVM users should upgrade to these updated packages, which correct\nthis issue. Note: The procedure in the Solution section must be\nperformed before this update will take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3515\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1235\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-249.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-249.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-83-249.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-debuginfo-83-249.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-249.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-249.el5_8.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-debuginfo / kvm-qemu-img / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T01:01:03", "bulletinFamily": "scanner", "description": "Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the\nqemu-kvm process on the host or, possibly, escalate their privileges\non the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected\nconfigurations were :\n\n* When guests were started from the command line\n(", "modified": "2020-07-02T00:00:00", "id": "CENTOS_RHSA-2012-1235.NASL", "href": "https://www.tenable.com/plugins/nessus/61790", "published": "2012-09-06T00:00:00", "title": "CentOS 5 : kvm (CESA-2012:1235)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1235 and \n# CentOS Errata and Security Advisory 2012:1235 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61790);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2020/01/07\");\n\n script_cve_id(\"CVE-2012-3515\");\n script_bugtraq_id(55413);\n script_xref(name:\"RHSA\", value:\"2012:1235\");\n\n script_name(english:\"CentOS 5 : kvm (CESA-2012:1235)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the\nqemu-kvm process on the host or, possibly, escalate their privileges\non the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected\nconfigurations were :\n\n* When guests were started from the command line\n('/usr/libexec/qemu-kvm'), and without specifying a serial or parallel\ndevice that specifically does not use a virtual console (vc) back-end.\n(Note that Red Hat does not support invoking 'qemu-kvm' from the\ncommand line on Red Hat Enterprise Linux 5.)\n\n* Guests that were managed via libvirt, such as when using Virtual\nMachine Manager (virt-manager), but that have a serial or parallel\ndevice that uses a virtual console back-end. By default, guests\nmanaged via libvirt will not use a virtual console back-end for such\ndevices.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll KVM users should upgrade to these updated packages, which correct\nthis issue. Note: The procedure in the Solution section must be\nperformed before this update will take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-September/018847.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7801d73f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3515\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-249.el5.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-249.el5.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-83-249.el5.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-249.el5.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"x86_64\", reference:\"kvm-tools-83-249.el5.centos.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-qemu-img / kvm-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T12:29:10", "bulletinFamily": "scanner", "description": "The kvm qemu vt100 emulation was affected by a problem where specific\nvt100 sequences could have been used by guest users to affect the\nhost. (CVE-2012-3515 aka XSA-17).\n\nAlso the following non security bugs have been fixed :\n\n - permit qemu-kvm -device ", "modified": "2013-01-25T00:00:00", "id": "SUSE_11_KVM-120831.NASL", "href": "https://www.tenable.com/plugins/nessus/64181", "published": "2013-01-25T00:00:00", "title": "SuSE 11.2 Security Update : kvm (SAT Patch Number 6755)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64181);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2012-3515\");\n\n script_name(english:\"SuSE 11.2 Security Update : kvm (SAT Patch Number 6755)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kvm qemu vt100 emulation was affected by a problem where specific\nvt100 sequences could have been used by guest users to affect the\nhost. (CVE-2012-3515 aka XSA-17).\n\nAlso the following non security bugs have been fixed :\n\n - permit qemu-kvm -device '?' even when no /dev/kvm.\n (bnc#772586)\n\n - SLES11SP2 KVM Virtio: on kvm guest, scsi inquiry was\n still ok on the disabled subpaths. (bnc#770153)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=770153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=772586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=777084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-3515.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6755.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"kvm-0.15.1-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"kvm-0.15.1-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"kvm-0.15.1-0.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"kvm-0.15.1-0.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T03:52:32", "bulletinFamily": "scanner", "description": "Updated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the qemu\nprocess on the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-3515)\n\nThis flaw did not affect the default use of the Xen hypervisor\nimplementation in Red Hat Enterprise Linux 5. This problem only\naffected fully-virtualized guests that have a serial or parallel\ndevice that uses a virtual console (vc) back-end. By default, the\nvirtual console back-end is not used for such devices; only guests\nexplicitly configured to use them in this way were affected.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, all\nfully-virtualized guests must be restarted for this update to take\neffect.", "modified": "2020-07-02T00:00:00", "id": "REDHAT-RHSA-2012-1236.NASL", "href": "https://www.tenable.com/plugins/nessus/61793", "published": "2012-09-06T00:00:00", "title": "RHEL 5 : xen (RHSA-2012:1236)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1236. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61793);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:36\");\n\n script_cve_id(\"CVE-2012-3515\");\n script_bugtraq_id(55413);\n script_xref(name:\"RHSA\", value:\"2012:1236\");\n\n script_name(english:\"RHEL 5 : xen (RHSA-2012:1236)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xen packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the qemu\nprocess on the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-3515)\n\nThis flaw did not affect the default use of the Xen hypervisor\nimplementation in Red Hat Enterprise Linux 5. This problem only\naffected fully-virtualized guests that have a serial or parallel\ndevice that uses a virtual console (vc) back-end. By default, the\nvirtual console back-end is not used for such devices; only guests\nexplicitly configured to use them in this way were affected.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, all\nfully-virtualized guests must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1236\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3515\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1236\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-3.0.3-135.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-3.0.3-135.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-debuginfo-3.0.3-135.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-debuginfo-3.0.3-135.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-devel-3.0.3-135.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-devel-3.0.3-135.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xen-libs-3.0.3-135.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xen-libs-3.0.3-135.el5_8.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-debuginfo / xen-devel / xen-libs\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T01:24:11", "bulletinFamily": "scanner", "description": "Qemu, as used in Xen 4.0, 4.1 and possibly other products, when\nemulating certain devices with a virtual console backend, allows local\nOS guest users to gain privileges via a crafted escape VT100 sequence\nthat triggers the overwrite of a ", "modified": "2020-07-02T00:00:00", "id": "F5_BIGIP_SOL13405416.NASL", "href": "https://www.tenable.com/plugins/nessus/87743", "published": "2016-01-06T00:00:00", "title": "F5 Networks BIG-IP : QEMU vulnerability (SOL13405416)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL13405416.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87743);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2012-3515\");\n script_bugtraq_id(55413);\n\n script_name(english:\"F5 Networks BIG-IP : QEMU vulnerability (SOL13405416)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qemu, as used in Xen 4.0, 4.1 and possibly other products, when\nemulating certain devices with a virtual console backend, allows local\nOS guest users to gain privileges via a crafted escape VT100 sequence\nthat triggers the overwrite of a 'device model's address space.'\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K13405416\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL13405416.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL13405416\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1HF14\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.3.0-11.6.0\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1HF14\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.3.0-11.6.0\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.2.1HF14\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.3.0-11.6.0\",\"11.2.1HF15\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1HF14\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.3.0-11.6.0\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.2.1HF14\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.3.0-11.6.0\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1HF14\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.3.0-11.6.0\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1HF14\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.3.0-11.4.1\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1HF14\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.3.0\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.2.1HF14\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.3.0\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T03:52:32", "bulletinFamily": "scanner", "description": "Updated qemu-kvm packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the\nqemu-kvm process on the host or, possibly, escalate their privileges\non the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected\nconfigurations were :\n\n* When guests were started from the command line\n(", "modified": "2020-07-02T00:00:00", "id": "REDHAT-RHSA-2012-1234.NASL", "href": "https://www.tenable.com/plugins/nessus/64054", "published": "2013-01-24T00:00:00", "title": "RHEL 6 : qemu-kvm (RHSA-2012:1234)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1234. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64054);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:36\");\n\n script_cve_id(\"CVE-2012-3515\");\n script_bugtraq_id(55413);\n script_xref(name:\"RHSA\", value:\"2012:1234\");\n\n script_name(english:\"RHEL 6 : qemu-kvm (RHSA-2012:1234)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated qemu-kvm packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the\nqemu-kvm process on the host or, possibly, escalate their privileges\non the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected\nconfigurations were :\n\n* When guests were started from the command line\n('/usr/libexec/qemu-kvm') without the '-nodefaults' option, and also\nwithout specifying a serial or parallel device, or a virtio-console\ndevice, that specifically does not use a virtual console (vc)\nback-end. (Note that Red Hat does not support invoking 'qemu-kvm' from\nthe command line without '-nodefaults' on Red Hat Enterprise Linux 6.)\n\n* Guests that were managed via libvirt, such as when using Virtual\nMachine Manager (virt-manager), but that have a serial or parallel\ndevice, or a virtio-console device, that uses a virtual console\nback-end. By default, guests managed via libvirt will not use a\nvirtual console back-end for such devices.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of qemu-kvm should upgrade to these updated packages, which\nresolve this issue. After installing this update, shut down all\nrunning virtual machines. Once all virtual machines have shut down,\nstart them again for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3515\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-guest-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qemu-kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1234\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-guest-agent-0.12.1.2-2.295.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-img-0.12.1.2-2.295.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-0.12.1.2-2.295.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-debuginfo-0.12.1.2-2.295.el6_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"qemu-kvm-tools-0.12.1.2-2.295.el6_3.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:47:10", "bulletinFamily": "scanner", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the\nqemu-kvm process on the host or, possibly, escalate their privileges\non the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected\nconfigurations were :\n\n - When guests were started from the command line\n (", "modified": "2012-09-06T00:00:00", "id": "SL_20120905_KVM_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61794", "published": "2012-09-06T00:00:00", "title": "Scientific Linux Security Update : kvm on SL5.x x86_64 (20120905)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61794);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-3515\");\n\n script_name(english:\"Scientific Linux Security Update : kvm on SL5.x x86_64 (20120905)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"KVM (Kernel-based Virtual Machine) is a full virtualization solution\nfor Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module\nbuilt for the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the\nqemu-kvm process on the host or, possibly, escalate their privileges\non the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected\nconfigurations were :\n\n - When guests were started from the command line\n ('/usr/libexec/qemu-kvm'), and without specifying a\n serial or parallel device that specifically does not use\n a virtual console (vc) back-end. (Note that Red Hat does\n not support invoking 'qemu-kvm' from the command line on\n Red Hat Enterprise Linux 5.)\n\n - Guests that were managed via libvirt, such as when using\n Virtual Machine Manager (virt-manager), but that have a\n serial or parallel device that uses a virtual console\n back-end. By default, guests managed via libvirt will\n not use a virtual console back-end for such devices.\n\nAll KVM users should upgrade to these updated packages, which correct\nthis issue.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1209&L=scientific-linux-errata&T=0&P=609\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?07b8522f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kmod-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kmod-kvm-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kvm-qemu-img\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kvm-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-83-249.el5_8.5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kmod-kvm-debug-83-249.el5_8.5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-83-249.el5_8.5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-qemu-img-83-249.el5_8.5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"kvm-tools-83-249.el5_8.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kmod-kvm / kmod-kvm-debug / kvm / kvm-qemu-img / kvm-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:47:10", "bulletinFamily": "scanner", "description": "The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the qemu\nprocess on the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-3515)\n\nThis flaw did not affect the default use of the Xen hypervisor\nimplementation in Red Hat Enterprise Linux 5. This problem only\naffected fully-virtualized guests that have a serial or parallel\ndevice that uses a virtual console (vc) back-end. By default, the\nvirtual console back-end is not used for such devices; only guests\nexplicitly configured to use them in this way were affected.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, all\nfully-virtualized guests must be restarted for this update to take\neffect.", "modified": "2012-09-06T00:00:00", "id": "SL_20120905_XEN_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61796", "published": "2012-09-06T00:00:00", "title": "Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20120905)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61796);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-3515\");\n\n script_name(english:\"Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20120905)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat\nEnterprise Linux.\n\nA flaw was found in the way QEMU handled VT100 terminal escape\nsequences when emulating certain character devices. A guest user with\nprivileges to write to a character device that is emulated on the host\nusing a virtual console back-end could use this flaw to crash the qemu\nprocess on the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-3515)\n\nThis flaw did not affect the default use of the Xen hypervisor\nimplementation in Red Hat Enterprise Linux 5. This problem only\naffected fully-virtualized guests that have a serial or parallel\ndevice that uses a virtual console (vc) back-end. By default, the\nvirtual console back-end is not used for such devices; only guests\nexplicitly configured to use them in this way were affected.\n\nAll users of xen are advised to upgrade to these updated packages,\nwhich correct this issue. After installing the updated packages, all\nfully-virtualized guests must be restarted for this update to take\neffect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1209&L=scientific-linux-errata&T=0&P=726\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91e23c76\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen, xen-devel and / or xen-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"xen-3.0.3-135.el5_8.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xen-devel-3.0.3-135.el5_8.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xen-libs-3.0.3-135.el5_8.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-libs\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:22:16", "bulletinFamily": "scanner", "description": " - CVE-2012-3515 VT100 emulation vulnerability (bz #854600,\n bz #851252)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2012-10-17T00:00:00", "id": "FEDORA_2012-15606.NASL", "href": "https://www.tenable.com/plugins/nessus/62568", "published": "2012-10-17T00:00:00", "title": "Fedora 16 : qemu-0.15.1-8.fc16 (2012-15606)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-15606.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62568);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2012-3515\");\n script_bugtraq_id(55413);\n script_xref(name:\"FEDORA\", value:\"2012-15606\");\n\n script_name(english:\"Fedora 16 : qemu-0.15.1-8.fc16 (2012-15606)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - CVE-2012-3515 VT100 emulation vulnerability (bz #854600,\n bz #851252)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=851252\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090102.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac5d37a9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qemu package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"qemu-0.15.1-8.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-01T04:52:05", "bulletinFamily": "scanner", "description": "It was discovered that QEMU incorrectly handled certain VT100 escape\nsequences. A guest user with access to an emulated character device\ncould use this flaw to cause QEMU to crash, or possibly execute\narbitrary code on the host.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-07-02T00:00:00", "id": "UBUNTU_USN-1590-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62408", "published": "2012-10-03T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : qemu-kvm vulnerability (USN-1590-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1590-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62408);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-3515\");\n script_bugtraq_id(55413);\n script_xref(name:\"USN\", value:\"1590-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : qemu-kvm vulnerability (USN-1590-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that QEMU incorrectly handled certain VT100 escape\nsequences. A guest user with access to an emulated character device\ncould use this flaw to cause QEMU to crash, or possibly execute\narbitrary code on the host.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1590-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected qemu-kvm package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:qemu-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"qemu-kvm\", pkgver:\"0.12.3+noroms-0ubuntu9.20\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"qemu-kvm\", pkgver:\"0.14.0+noroms-0ubuntu4.7\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"qemu-kvm\", pkgver:\"0.14.1+noroms-0ubuntu6.5\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"qemu-kvm\", pkgver:\"1.0+noroms-0ubuntu14.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qemu-kvm\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built\nfor the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected configurations\nwere:\n\n* When guests were started from the command line (\"/usr/libexec/qemu-kvm\"),\nand without specifying a serial or parallel device that specifically does\nnot use a virtual console (vc) back-end. (Note that Red Hat does not\nsupport invoking \"qemu-kvm\" from the command line on Red Hat Enterprise\nLinux 5.)\n\n* Guests that were managed via libvirt, such as when using Virtual Machine\nManager (virt-manager), but that have a serial or parallel device that uses\na virtual console back-end. By default, guests managed via libvirt will not\nuse a virtual console back-end for such devices.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll KVM users should upgrade to these updated packages, which correct this\nissue. Note: The procedure in the Solution section must be performed before\nthis update will take effect.\n", "modified": "2017-09-08T12:15:59", "published": "2012-09-05T04:00:00", "id": "RHSA-2012:1235", "href": "https://access.redhat.com/errata/RHSA-2012:1235", "type": "redhat", "title": "(RHSA-2012:1235) Important: kvm security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:16", "bulletinFamily": "unix", "description": "The xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of the Xen hypervisor\nimplementation in Red Hat Enterprise Linux 5. This problem only affected\nfully-virtualized guests that have a serial or parallel device that uses a\nvirtual console (vc) back-end. By default, the virtual console back-end is\nnot used for such devices; only guests explicitly configured to use them\nin this way were affected.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages, which\ncorrect this issue. After installing the updated packages, all\nfully-virtualized guests must be restarted for this update to take effect.\n", "modified": "2017-09-08T11:50:21", "published": "2012-09-05T04:00:00", "id": "RHSA-2012:1236", "href": "https://access.redhat.com/errata/RHSA-2012:1236", "type": "redhat", "title": "(RHSA-2012:1236) Important: xen security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected configurations\nwere:\n\n* When guests were started from the command line (\"/usr/libexec/qemu-kvm\")\nwithout the \"-nodefaults\" option, and also without specifying a\nserial or parallel device, or a virtio-console device, that specifically\ndoes not use a virtual console (vc) back-end. (Note that Red Hat does not\nsupport invoking \"qemu-kvm\" from the command line without \"-nodefaults\" on\nRed Hat Enterprise Linux 6.)\n\n* Guests that were managed via libvirt, such as when using Virtual Machine\nManager (virt-manager), but that have a serial or parallel device, or a\nvirtio-console device, that uses a virtual console back-end. By default,\nguests managed via libvirt will not use a virtual console back-end\nfor such devices.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of qemu-kvm should upgrade to these updated packages, which\nresolve this issue. After installing this update, shut down all running\nvirtual machines. Once all virtual machines have shut down, start them\nagain for this update to take effect.\n", "modified": "2018-06-06T20:24:20", "published": "2012-09-05T04:00:00", "id": "RHSA-2012:1234", "href": "https://access.redhat.com/errata/RHSA-2012:1234", "type": "redhat", "title": "(RHSA-2012:1234) Important: qemu-kvm security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:57", "bulletinFamily": "unix", "description": "The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.\nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nMultiple integer overflow flaws, leading to stack-based buffer overflows,\nwere found in glibc's functions for converting a string to a numeric\nrepresentation (strtod(), strtof(), and strtold()). If an application used\nsuch a function on attacker controlled input, it could cause the\napplication to crash or, potentially, execute arbitrary code.\n(CVE-2012-3480)\n\nRed Hat would like to thank the Xen project for reporting the CVE-2012-3515\nissue.\n\nThis updated package provides updated components that include various bug\nfixes, as well as a fix for CVE-2012-3515 in the xen package; however, for\nthis component, it had no security impact on Red Hat Enterprise\nVirtualization Hypervisor itself.\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2019-03-22T23:44:31", "published": "2012-09-13T04:00:00", "id": "RHSA-2012:1262", "href": "https://access.redhat.com/errata/RHSA-2012:1262", "type": "redhat", "title": "(RHSA-2012:1262) Important: rhev-hypervisor5 security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:56", "bulletinFamily": "unix", "description": "It was discovered that QEMU incorrectly handled certain VT100 escape \nsequences. A guest user with access to an emulated character device could \nuse this flaw to cause QEMU to crash, or possibly execute arbitrary code on \nthe host.", "modified": "2012-10-02T00:00:00", "published": "2012-10-02T00:00:00", "id": "USN-1590-1", "href": "https://ubuntu.com/security/notices/USN-1590-1", "title": "QEMU vulnerability", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:29:14", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:1234\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space\ncomponent for running virtual machines using KVM.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected configurations\nwere:\n\n* When guests were started from the command line (\"/usr/libexec/qemu-kvm\")\nwithout the \"-nodefaults\" option, and also without specifying a\nserial or parallel device, or a virtio-console device, that specifically\ndoes not use a virtual console (vc) back-end. (Note that Red Hat does not\nsupport invoking \"qemu-kvm\" from the command line without \"-nodefaults\" on\nRed Hat Enterprise Linux 6.)\n\n* Guests that were managed via libvirt, such as when using Virtual Machine\nManager (virt-manager), but that have a serial or parallel device, or a\nvirtio-console device, that uses a virtual console back-end. By default,\nguests managed via libvirt will not use a virtual console back-end\nfor such devices.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of qemu-kvm should upgrade to these updated packages, which\nresolve this issue. After installing this update, shut down all running\nvirtual machines. Once all virtual machines have shut down, start them\nagain for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-September/030886.html\n\n**Affected packages:**\nqemu-guest-agent\nqemu-img\nqemu-kvm\nqemu-kvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1234.html", "modified": "2012-09-05T18:27:02", "published": "2012-09-05T18:27:02", "href": "http://lists.centos.org/pipermail/centos-announce/2012-September/030886.html", "id": "CESA-2012:1234", "title": "qemu security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:27:06", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:1235\n\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built\nfor the standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu-kvm process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of KVM. Affected configurations\nwere:\n\n* When guests were started from the command line (\"/usr/libexec/qemu-kvm\"),\nand without specifying a serial or parallel device that specifically does\nnot use a virtual console (vc) back-end. (Note that Red Hat does not\nsupport invoking \"qemu-kvm\" from the command line on Red Hat Enterprise\nLinux 5.)\n\n* Guests that were managed via libvirt, such as when using Virtual Machine\nManager (virt-manager), but that have a serial or parallel device that uses\na virtual console back-end. By default, guests managed via libvirt will not\nuse a virtual console back-end for such devices.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll KVM users should upgrade to these updated packages, which correct this\nissue. Note: The procedure in the Solution section must be performed before\nthis update will take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-September/030885.html\n\n**Affected packages:**\nkmod-kvm\nkmod-kvm-debug\nkvm\nkvm-qemu-img\nkvm-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1235.html", "modified": "2012-09-05T18:11:48", "published": "2012-09-05T18:11:48", "href": "http://lists.centos.org/pipermail/centos-announce/2012-September/030885.html", "id": "CESA-2012:1235", "title": "kmod, kvm security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:29:12", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:1236\n\n\nThe xen packages contain administration tools and the xend service for\nmanaging the kernel-xen kernel for virtualization on Red Hat Enterprise\nLinux.\n\nA flaw was found in the way QEMU handled VT100 terminal escape sequences\nwhen emulating certain character devices. A guest user with privileges to\nwrite to a character device that is emulated on the host using a virtual\nconsole back-end could use this flaw to crash the qemu process on the\nhost or, possibly, escalate their privileges on the host. (CVE-2012-3515)\n\nThis flaw did not affect the default use of the Xen hypervisor\nimplementation in Red Hat Enterprise Linux 5. This problem only affected\nfully-virtualized guests that have a serial or parallel device that uses a\nvirtual console (vc) back-end. By default, the virtual console back-end is\nnot used for such devices; only guests explicitly configured to use them\nin this way were affected.\n\nRed Hat would like to thank the Xen project for reporting this issue.\n\nAll users of xen are advised to upgrade to these updated packages, which\ncorrect this issue. After installing the updated packages, all\nfully-virtualized guests must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-September/030884.html\n\n**Affected packages:**\nxen\nxen-devel\nxen-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1236.html", "modified": "2012-09-05T17:58:14", "published": "2012-09-05T17:58:14", "href": "http://lists.centos.org/pipermail/centos-announce/2012-September/030884.html", "id": "CESA-2012:1236", "title": "xen security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:18", "bulletinFamily": "unix", "description": "[0.12.1.2-2.295.el6_3.2]\n- kvm-console-bounds-check-whenever-changing-the-cursor-du.patch [bz#851257\n- Resolves: bz#851257\n (EMBARGOED CVE-2012-3515 qemu/kvm: VT100 emulation vulnerability [rhel-6.3.z])", "modified": "2012-09-05T00:00:00", "published": "2012-09-05T00:00:00", "id": "ELSA-2012-1234", "href": "http://linux.oracle.com/errata/ELSA-2012-1234.html", "title": "qemu-kvm security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:18", "bulletinFamily": "unix", "description": "[3.0.3-135.el5_8.5]\n- console: Prevent escape sequence length overflow (rhbz 851253)", "modified": "2012-09-05T00:00:00", "published": "2012-09-05T00:00:00", "id": "ELSA-2012-1236", "href": "http://linux.oracle.com/errata/ELSA-2012-1236.html", "title": "xen security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:44", "bulletinFamily": "unix", "description": "[83-249.0.1.el5_8.5]\n- Added kvm-add-oracle-workaround-for-libvirt-bug.patch\n- Added kvm-Introduce-oel-machine-type.patch\n[83-249.el5_8.5]\n- kvm-console-bounds-check-whenever-changing-the-cursor-du-58.patch [bz#851255]\n- CVE: CVE-2012-3515\n- Resolves: bz#851255\n (EMBARGOED CVE-2012-3515 qemu/kvm: VT100 emulation vulnerability [rhel-5.8.z])", "modified": "2012-09-05T00:00:00", "published": "2012-09-05T00:00:00", "id": "ELSA-2012-1235", "href": "http://linux.oracle.com/errata/ELSA-2012-1235.html", "title": "kvm security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "description": "Memory corruption on terminal emulation.", "modified": "2012-10-04T00:00:00", "published": "2012-10-04T00:00:00", "id": "SECURITYVULNS:VULN:12606", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12606", "title": "QEMU memory corruption", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1590-1\r\nOctober 02, 2012\r\n\r\nqemu-kvm vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nQEMU could be made to crash or run programs.\r\n\r\nSoftware Description:\r\n- qemu-kvm: Machine emulator and virtualizer\r\n\r\nDetails:\r\n\r\nIt was discovered that QEMU incorrectly handled certain VT100 escape\r\nsequences. A guest user with access to an emulated character device could\r\nuse this flaw to cause QEMU to crash, or possibly execute arbitrary code on\r\nthe host.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n qemu-kvm 1.0+noroms-0ubuntu14.2\r\n\r\nUbuntu 11.10:\r\n qemu-kvm 0.14.1+noroms-0ubuntu6.5\r\n\r\nUbuntu 11.04:\r\n qemu-kvm 0.14.0+noroms-0ubuntu4.7\r\n\r\nUbuntu 10.04 LTS:\r\n qemu-kvm 0.12.3+noroms-0ubuntu9.20\r\n\r\nAfter a standard system update you need to restart your virtual machines to\r\nmake all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1590-1\r\n CVE-2012-3515\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.2\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.1+noroms-0ubuntu6.5\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/0.14.0+noroms-0ubuntu4.7\r\n https://launchpad.net/ubuntu/+source/qemu-kvm/0.12.3+noroms-0ubuntu9.20\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "modified": "2012-10-04T00:00:00", "published": "2012-10-04T00:00:00", "id": "SECURITYVULNS:DOC:28593", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28593", "title": "[USN-1590-1] QEMU vulnerability", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:18:43", "bulletinFamily": "unix", "description": "The qemu vt100 emulation is affected by a problem where\n specific vt100 sequences could have been used by guest\n users to affect the host. (CVE-2012-3515 aka XSA-17).\n", "modified": "2012-09-18T15:08:37", "published": "2012-09-18T15:08:37", "id": "SUSE-SU-2012:1203-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html", "type": "suse", "title": "Security update for qemu (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:24:48", "bulletinFamily": "unix", "description": "The qemu vt100 emulation was affected by a problem where\n specific vt100 sequences could have been used by guest\n users to affect the host. (CVE-2012-3515 aka XSA-17). This\n has been fixed.\n", "modified": "2012-10-25T00:09:21", "published": "2012-10-25T00:09:21", "id": "SUSE-SU-2012:1203-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00017.html", "type": "suse", "title": "Security update for qemu (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:37:04", "bulletinFamily": "unix", "description": "qemu was fixed to add bounds checking for VT100 escape code\n parsing and cursor placement.\n\n Also qemu was updated on 12.2 and 11.4 to the latest stable\n release (v1.1.1 and v0.14.1 respectively).\n\n", "modified": "2012-09-14T14:08:59", "published": "2012-09-14T14:08:59", "id": "OPENSUSE-SU-2012:1170-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html", "title": "qemu: Fix buffer overflow in console VT100 emulation (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:02", "bulletinFamily": "unix", "description": "The kvm qemu vt100 emulation was affected by a problem\n where specific vt100 sequences could have been used by\n guest users to affect the host. (CVE-2012-3515 aka XSA-17).\n\n Also the following non security bugs have been fixed:\n\n * permit qemu-kvm -device &quot;?&quot; even when no /dev/kvm\n (bnc#772586)\n * SLES11SP2 KVM Virtio: on kvm guest, scsi inquiry was\n still ok on the disabled subpaths. (bnc#770153)\n", "modified": "2012-09-18T15:08:40", "published": "2012-09-18T15:08:40", "id": "SUSE-SU-2012:1205-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html", "title": "Security update for kvm (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:49:45", "bulletinFamily": "unix", "description": "XEN was updated to fix multiple bugs and security issues.\n\n The following security issues have been fixed:\n\n * CVE-2012-3494: xen: hypercall set_debugreg\n vulnerability (XSA-12)\n * CVE-2012-3515: xen: Qemu VT100 emulation\n vulnerability (XSA-17)\n", "modified": "2012-09-06T22:08:33", "published": "2012-09-06T22:08:33", "id": "SUSE-SU-2012:1129-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html", "type": "suse", "title": "Security update for Xen (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:40", "bulletinFamily": "unix", "description": "The kvm qemu vt100 emulation was affected by a problem\n where specific vt100 sequences could have been used by\n guest users to affect the host. (CVE-2012-3515 aka XSA-17).\n\n Also a temp file race has been fixed. (CVE-2012-2652)\n", "modified": "2012-09-18T15:08:34", "published": "2012-09-18T15:08:34", "id": "SUSE-SU-2012:1202-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html", "type": "suse", "title": "Security update for kvm (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:47", "bulletinFamily": "unix", "description": "The qemu vt100 emulation was affected by a problem where\n specific vt100 sequences could have been used by guest\n users to affect the host. (CVE-2012-3515 aka XSA-17).\n\n CVE-2012-0029: A buffer overflow in the e1000 device\n emulation was fixed\n", "modified": "2012-10-09T21:08:49", "published": "2012-10-09T21:08:49", "id": "SUSE-SU-2012:1320-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html", "title": "Security update for qemu (important)", "type": "suse", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:05", "bulletinFamily": "unix", "description": "XEN was updated to fix multiple bugs and security issues.\n\n The following security issues have been fixed:\n\n * CVE-2012-3494: xen: hypercall set_debugreg\n vulnerability (XSA-12)\n * CVE-2012-3496: xen: XENMEM_populate_physmap DoS\n vulnerability (XSA-14)\n * CVE-2012-3515: xen: Qemu VT100 emulation\n vulnerability (XSA-17)\n\n Also the following bugs have been fixed:\n\n * pvscsi support of attaching Luns - bnc#776995\n", "modified": "2012-09-13T22:08:30", "published": "2012-09-13T22:08:30", "id": "SUSE-SU-2012:1162-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:20:21", "bulletinFamily": "unix", "description": "XEN was updated to fix multiple bugs and security issues.\n\n The following security issues have been fixed:\n\n * CVE-2012-3494: xen: hypercall set_debugreg\n vulnerability (XSA-12)\n * CVE-2012-3515: xen: Qemu VT100 emulation\n vulnerability (XSA-17)\n * CVE-2012-2625: xen: pv bootloader doesn't check the\n size of the bzip2 or lzma compressed kernel, leading to\n denial of service\n", "modified": "2012-09-07T20:08:40", "published": "2012-09-07T20:08:40", "id": "SUSE-SU-2012:1135-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html", "title": "Security update for Xen (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:41", "bulletinFamily": "unix", "description": "XEN was updated 4.1.3 to fix multiple bugs and security\n issues.\n\n The following security issues have been fixed:\n\n * CVE-2012-3494: xen: hypercall set_debugreg\n vulnerability (XSA-12)\n * CVE-2012-3495: xen: hypercall physdev_get_free_pirq\n vulnerability (XSA-13)\n * CVE-2012-3496: xen: XENMEM_populate_physmap DoS\n vulnerability (XSA-14)\n * CVE-2012-3498: xen: PHYSDEVOP_map_pirq index\n vulnerability (XSA-16)\n * CVE-2012-3515: xen: Qemu VT100 emulation\n vulnerability (XSA-17)\n\n Also the following bugs have been fixed:\n\n * pvscsi support of attaching Luns - bnc#776995\n\n The following related bugs in vm-install 0.5.12 have been\n fixed:\n\n * bnc#776300 - vm-install does not pass --extra-args in\n --upgrade\n * Add for support Open Enterprise Server 11\n * Add support for Windows 8 and Windows Server 2012\n * Add support for Ubuntu 12 (Precise Pangolin)\n", "modified": "2012-09-07T15:08:36", "published": "2012-09-07T15:08:36", "id": "SUSE-SU-2012:1132-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html", "type": "suse", "title": "Security update for Xen (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:53", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2545-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nSeptember 08, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu\nVulnerability : multiple\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-2652 CVE-2012-3515\n\nMultiple vulnerabilities have been discovered in qemu, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2012-2652:\n\n The snapshot mode of QEMU (-snapshot) incorrectly handles temporary\n files used to store the current state, making it vulnerable to \n symlink attacks (including arbitrary file overwriting and guest \n information disclosure) due to a race condition.\n\nCVE-2012-3515:\n\n QEMU does not properly handle VT100 escape sequences when emulating\n certain devices with a virtual console backend. An attacker within a\n guest with access to the vulnerable virtual console could overwrite\n memory of QEMU and escalate privileges to that of the qemu process.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.12.5+dfsg-3squeeze2.\n\nFor the testing distribution (wheezy), and the unstable distribution\n(sid), these problems will been fixed soon.\n\nWe recommend that you upgrade your qemu packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-09-08T21:54:48", "published": "2012-09-08T21:54:48", "id": "DEBIAN:DSA-2545-1:3E96A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00186.html", "title": "[SECURITY] [DSA 2545-1] qemu security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:56", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2543-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nSeptember 08, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen-qemu-dm-4.0\nVulnerability : multiple\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-3515 CVE-2012-4411\n\nMultiple vulnerabilities have been discovered in xen-qemu-dm-4.0, the Xen\nQemu Device Model virtual machine hardware emulator. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2012-3515:\n\n The device model for HVM domains does not properly handle VT100\n escape sequences when emulating certain devices with a virtual\n console backend. An attacker within a guest with access to the\n vulnerable virtual console could overwrite memory of the device\n model and escalate privileges to that of the device model process.\n\nCVE-2012-4411:\n\n The qemu monitor was enabled by default, allowing administrators of\n a guest to access resources of the host, possibly escalate privileges\n or access resources belonging to another guest.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-2+squeeze2.\n\nThe testing distribution (wheezy), and the unstable distribution (sid),\nno longer contain this package.\n\nWe recommend that you upgrade your xen-qemu-dm-4.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-09-08T21:32:45", "published": "2012-09-08T21:32:45", "id": "DEBIAN:DSA-2543-1:24FA9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00184.html", "title": "[SECURITY] [DSA 2543-1] xen-qemu-dm-4.0 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:28", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2542-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nSeptember 08, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : qemu-kvm\nVulnerability : multiple\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2012-2652 CVE-2012-3515\n\nMultiple vulnerabilities have been discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware. The Common Vulnerabilities\nand Exposures project identifies the following problems:\n\nCVE-2012-2652:\n\n The snapshot mode of Qemu (-snapshot) incorrectly handles temporary\n files used to store the current state, making it vulnerable to\n symlink attacks (including arbitrary file overwriting and guest\n information disclosure) due to a race condition.\n\nCVE-2012-3515:\n\n Qemu does not properly handle VT100 escape sequences when emulating\n certain devices with a virtual console backend. An attacker within a\n guest with access to the vulnerable virtual console could overwrite\n memory of Qemu and escalate privileges to that of the qemu process.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.12.5+dfsg-5+squeeze9.\n\nFor the testing distribution (wheezy), and the unstable distribution\n(sid), these problems will been fixed soon.\n\nWe recommend that you upgrade your qemu-kvm packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-09-08T21:20:16", "published": "2012-09-08T21:20:16", "id": "DEBIAN:DSA-2542-1:046AD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00183.html", "title": "[SECURITY] [DSA 2542-1] qemu-kvm security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}