Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2019-1248.NASLHistoryJul 24, 2019 - 12:00 a.m.
Amazon Linux 2 : qemu (ALAS-2019-1248)
2019-07-2400:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0.023
Percentile
90.0%
A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. (CVE-2018-20815)
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. (CVE-2019-5008)
Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824)
qxl: NULL pointer dereference while releasing spice resources (CVE-2019-12155)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1248.
#
include('compat.inc');
if (description)
{
script_id(126960);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/08");
script_cve_id(
"CVE-2018-20815",
"CVE-2019-12155",
"CVE-2019-5008",
"CVE-2019-9824"
);
script_xref(name:"ALAS", value:"2019-1248");
script_name(english:"Amazon Linux 2 : qemu (ALAS-2019-1248)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"A heap buffer overflow issue was found in the load_device_tree()
function of QEMU, which is invoked to load a device tree blob at boot
time. It occurs due to device tree size manipulation before buffer
allocation, which could overflow a signed int type. A user/process
could use this flaw to potentially execute arbitrary code on a host
system with privileges of the QEMU process. (CVE-2018-20815)
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer
dereference, which allows the attacker to cause a denial of service
via a device driver. (CVE-2019-5008)
Slirp: information leakage in tcp_emu() due to uninitialized stack
variables (CVE-2019-9824)
qxl: NULL pointer dereference while releasing spice resources
(CVE-2019-12155)");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1248.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update qemu' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20815");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/19");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ivshmem-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-alsa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-oss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-sdl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-dmg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-nfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-ssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-guest-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-img");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-kvm-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-aarch64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-aarch64-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-x86");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-x86-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-ui-curses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-ui-gtk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-ui-sdl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-user");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-user-binfmt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-user-static");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"AL2", reference:"ivshmem-tools-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-alsa-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-oss-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-pa-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-sdl-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-curl-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-dmg-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-iscsi-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-nfs-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"qemu-block-rbd-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-ssh-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-common-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-debuginfo-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-guest-agent-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-img-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-kvm-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-kvm-core-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-aarch64-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-aarch64-core-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-x86-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-x86-core-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-ui-curses-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-ui-gtk-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-ui-sdl-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-user-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-user-binfmt-3.1.0-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-user-static-3.1.0-7.amzn2.0.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ivshmem-tools / qemu / qemu-audio-alsa / qemu-audio-oss / etc");
}
Related
amazon
amazon
Important: qemu
2019-07-18 17:45:00
Important: qemu
2020-07-21 16:34:00
Important: qemu-kvm
2020-07-14 20:27:00
nessus
nessus
Fedora 30 : 2:qemu (2019-52a8f5468e)
2019-07-09 00:00:00
Fedora 29 : 2:qemu (2019-e9de40d53f)
2019-07-09 00:00:00
EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2019-2255)
2019-11-08 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2019-04-24 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-2255)
2020-01-23 00:00:00
Fedora Update for qemu FEDORA-2019-52a8f5468e
2019-07-09 00:00:00
Ubuntu: Security Advisory (USN-3978-1)
2019-05-15 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: qemu-3.1.0-9.fc30
2019-07-09 00:56:39
[SECURITY] Fedora 29 Update: qemu-3.0.1-4.fc29
2019-07-09 02:25:09
osv
osv
Low: virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
Low: virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
qemu - security update
2019-05-09 00:00:00
rocky
rocky
virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
oraclelinux
oraclelinux
qemu security update
2019-05-14 00:00:00
virt:ol security, bug fix, and enhancement update
2019-11-14 00:00:00
qemu-kvm security update
2019-07-02 00:00:00
almalinux
almalinux
Low: virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
redhat
redhat
(RHSA-2019:3345) Low: virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
(RHSA-2019:1723) Important: qemu-kvm-rhev security update
2019-07-09 20:41:09
(RHSA-2019:1881) Important: qemu-kvm-ma security and bug fix update
2019-07-29 12:48:27
ubuntu
ubuntu
QEMU update
2019-05-14 00:00:00
QEMU vulnerabilities
2019-11-14 00:00:00
debian
debian
[SECURITY] [DLA 1781-1] qemu security update
2019-05-09 18:42:13
[SECURITY] [DSA 4506-1] qemu security update
2019-08-24 09:55:59
[SECURITY] [DSA 4454-1] qemu security update
2019-05-30 18:06:19
suse
suse
Security update for qemu (important)
2019-04-25 00:00:00
Security update for qemu (important)
2019-09-01 00:00:00
Security update for qemu (important)
2019-05-17 00:00:00
prion
prion
Buffer overflow
2019-05-31 22:29:00
Information disclosure
2019-06-03 21:29:00
Null pointer dereference
2019-05-24 16:29:00
debiancve
debiancve
redhatcve
redhatcve
nvd
nvd
ubuntucve
ubuntucve
veracode
veracode
Buffer Overflow
2019-07-08 00:07:31
Denial Of Service (DoS)
2019-09-04 00:09:43
Information Disclosure
2019-07-08 00:07:09
cve
cve
cvelist
cvelist
centos
centos
qemu security update
2019-09-18 18:53:46
qemu security update
2019-08-30 04:04:53
qemu security update
2019-07-03 17:01:43
f5
f5
K75042242 : QEMU 4.0 vulnerability CVE-2019-12155
2020-12-21 00:00:00
K29103455 : QEMU 3.0.0 vulnerability CVE-2019-9824
2020-12-19 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0.023
Percentile
90.0%
Related for AL2_ALAS-2019-1248.NASL