Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2020-1467.NASLHistoryJul 23, 2020 - 12:00 a.m.
Amazon Linux 2 : qemu (ALAS-2020-1467)
2020-07-2300:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
6 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.3%
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
(CVE-2020-8608)
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. (CVE-2019-9824)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1467.
#
include('compat.inc');
if (description)
{
script_id(138856);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/29");
script_cve_id("CVE-2019-9824", "CVE-2020-8608");
script_xref(name:"ALAS", value:"2020-1467");
script_name(english:"Amazon Linux 2 : qemu (ALAS-2020-1467)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf
return values, leading to a buffer overflow in later code.
(CVE-2020-8608)
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0
uses uninitialized data in an snprintf call, leading to Information
disclosure. (CVE-2019-9824)");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1467.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update qemu' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8608");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/03");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ivshmem-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-alsa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-oss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-audio-sdl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-dmg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-nfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-block-ssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-guest-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-img");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-kvm-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-aarch64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-aarch64-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-x86");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-system-x86-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-ui-curses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-ui-gtk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-ui-sdl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-user");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-user-binfmt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:qemu-user-static");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"AL2", reference:"ivshmem-tools-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-alsa-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-oss-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-pa-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-audio-sdl-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-curl-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-dmg-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-iscsi-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-nfs-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"qemu-block-rbd-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-block-ssh-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-common-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-debuginfo-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-guest-agent-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-img-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-kvm-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-kvm-core-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-aarch64-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-aarch64-core-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-x86-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-system-x86-core-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-ui-curses-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-ui-gtk-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-ui-sdl-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-user-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-user-binfmt-3.1.0-8.amzn2.0.3")) flag++;
if (rpm_check(release:"AL2", reference:"qemu-user-static-3.1.0-8.amzn2.0.3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ivshmem-tools / qemu / qemu-audio-alsa / qemu-audio-oss / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | ivshmem-tools | p-cpe:/a:amazon:linux:ivshmem-tools |
| amazon | linux | qemu | p-cpe:/a:amazon:linux:qemu |
| amazon | linux | qemu-audio-alsa | p-cpe:/a:amazon:linux:qemu-audio-alsa |
| amazon | linux | qemu-audio-oss | p-cpe:/a:amazon:linux:qemu-audio-oss |
| amazon | linux | qemu-audio-pa | p-cpe:/a:amazon:linux:qemu-audio-pa |
| amazon | linux | qemu-audio-sdl | p-cpe:/a:amazon:linux:qemu-audio-sdl |
| amazon | linux | qemu-block-curl | p-cpe:/a:amazon:linux:qemu-block-curl |
| amazon | linux | qemu-block-dmg | p-cpe:/a:amazon:linux:qemu-block-dmg |
| amazon | linux | qemu-block-iscsi | p-cpe:/a:amazon:linux:qemu-block-iscsi |
| amazon | linux | qemu-block-nfs | p-cpe:/a:amazon:linux:qemu-block-nfs |
Related
amazon
amazon
Important: qemu
2020-07-21 16:34:00
Important: qemu-kvm
2020-07-14 20:27:00
Important: qemu-kvm
2020-07-27 23:58:00
nessus
nessus
Amazon Linux AMI : qemu-kvm (ALAS-2020-1400)
2020-07-20 00:00:00
Amazon Linux AMI : qemu-kvm (ALAS-2020-1408)
2020-07-30 00:00:00
NewStart CGSL MAIN 4.05 : qemu-kvm Vulnerability (NS-SA-2019-0168)
2019-08-12 00:00:00
centos
centos
qemu security update
2019-07-03 17:01:43
qemu security update
2019-08-30 04:04:53
qemu security update
2020-04-28 00:23:01
prion
prion
Information disclosure
2019-06-03 21:29:00
Buffer overflow
2020-02-06 17:15:00
nvd
nvd
CVE-2019-9824
2019-06-03 21:29:00
CVE-2020-8608
2020-02-06 17:15:14
osv
osv
CVE-2019-9824
2019-06-03 21:29:00
CVE-2020-8608
2020-02-06 17:15:14
qemu - security update
2020-07-24 00:00:00
cve
cve
CVE-2019-9824
2019-06-03 21:29:00
CVE-2020-8608
2020-02-06 17:15:14
redhat
redhat
(RHSA-2019:1650) Low: qemu-kvm security update
2019-07-02 10:35:37
(RHSA-2019:2078) Low: qemu-kvm security, bug fix, and enhancement update
2019-08-06 07:58:28
(RHSA-2020:3040) Important: virt:rhel security update
2020-07-21 14:15:13
debiancve
debiancve
CVE-2019-9824
2019-06-03 21:29:00
CVE-2020-8608
2020-02-06 17:15:14
veracode
veracode
Information Disclosure
2019-07-08 00:07:09
Arbitrary Code Execution
2020-05-15 02:20:11
f5
f5
K29103455 : QEMU 3.0.0 vulnerability CVE-2019-9824
2020-12-19 00:00:00
K81258141 : QEMU 4.2.0 buffer overflow vulnerability CVE-2020-8608
2020-12-21 00:00:00
openvas
openvas
CentOS Update for qemu-guest-agent CESA-2019:1650 centos6
2019-07-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2141-1)
2021-04-19 00:00:00
CentOS: Security Advisory for qemu-guest-agent (CESA-2020:1403)
2020-04-28 00:00:00
redhatcve
redhatcve
CVE-2019-9824
2020-03-31 20:00:57
CVE-2020-8608
2020-04-01 14:08:07
oraclelinux
oraclelinux
qemu-kvm security update
2019-07-02 00:00:00
qemu-kvm security update
2020-04-10 00:00:00
qemu-kvm security and bug fix update
2020-04-09 00:00:00
cvelist
cvelist
CVE-2019-9824
2019-06-03 20:50:39
CVE-2020-8608
2020-02-06 16:45:25
ibm
ibm
ubuntucve
ubuntucve
CVE-2019-9824
2019-03-19 00:00:00
CVE-2020-8608
2020-02-06 00:00:00
rocky
rocky
container-tools:rhel8 security and bug fix update
2020-04-07 09:15:36
virt:rhel security update
2020-06-30 13:38:53
virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
debian
debian
[SECURITY] [DLA 2142-1] slirp security update
2020-03-13 10:20:39
[SECURITY] [DLA 2144-1] qemu security update
2020-03-16 13:18:30
[SECURITY] [DLA 2551-1] slirp security update
2021-02-09 20:56:45
almalinux
almalinux
Important: container-tools:rhel8 security and bug fix update
2020-04-07 09:15:36
Important: virt:rhel security update
2020-06-30 13:38:53
Low: virt:rhel security, bug fix, and enhancement update
2019-11-05 17:33:34
gentoo
gentoo
QEMU: Multiple vulnerabilities
2019-04-24 00:00:00
QEMU: Multiple vulnerabilities
2020-03-30 00:00:00
ubuntu
ubuntu
SLiRP vulnerabilities
2020-11-12 00:00:00
QEMU vulnerabilities
2020-02-18 00:00:00
QEMU update
2019-05-14 00:00:00
suse
suse
Security update for qemu (important)
2019-04-25 00:00:00
Security update for qemu (important)
2020-04-07 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
6 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.3%
Related for AL2_ALAS-2020-1467.NASL