Lucene search
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1610.NASLHistoryMay 30, 2019 - 12:00 a.m.
EulerOS Virtualization 3.0.1.0 : libvirt (EulerOS-SA-2019-1610)
2019-05-3000:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
EPSS
0.002
Percentile
54.3%
According to the version of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.(CVE-2019-3886)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(125562);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2019-3886"
);
script_name(english:"EulerOS Virtualization 3.0.1.0 : libvirt (EulerOS-SA-2019-1610)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the libvirt packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerability :
- An incorrect permissions check was discovered in
libvirt 4.8.0 and above. The readonly permission was
allowed to invoke APIs depending on the guest agent
which could lead to potentially disclosing unintended
information or denial of service by causing libvirt to
block.(CVE-2019-3886)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1610
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?09d29c1b");
script_set_attribute(attribute:"solution", value:
"Update the affected libvirt package.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-admin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-disk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-gluster");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-logical");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-mpath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-scsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["libvirt-3.2.0-238",
"libvirt-admin-3.2.0-238",
"libvirt-client-3.2.0-238",
"libvirt-daemon-3.2.0-238",
"libvirt-daemon-config-network-3.2.0-238",
"libvirt-daemon-config-nwfilter-3.2.0-238",
"libvirt-daemon-driver-interface-3.2.0-238",
"libvirt-daemon-driver-network-3.2.0-238",
"libvirt-daemon-driver-nodedev-3.2.0-238",
"libvirt-daemon-driver-nwfilter-3.2.0-238",
"libvirt-daemon-driver-qemu-3.2.0-238",
"libvirt-daemon-driver-secret-3.2.0-238",
"libvirt-daemon-driver-storage-3.2.0-238",
"libvirt-daemon-driver-storage-core-3.2.0-238",
"libvirt-daemon-driver-storage-disk-3.2.0-238",
"libvirt-daemon-driver-storage-gluster-3.2.0-238",
"libvirt-daemon-driver-storage-iscsi-3.2.0-238",
"libvirt-daemon-driver-storage-logical-3.2.0-238",
"libvirt-daemon-driver-storage-mpath-3.2.0-238",
"libvirt-daemon-driver-storage-rbd-3.2.0-238",
"libvirt-daemon-driver-storage-scsi-3.2.0-238",
"libvirt-daemon-kvm-3.2.0-238",
"libvirt-devel-3.2.0-238",
"libvirt-docs-3.2.0-238",
"libvirt-libs-3.2.0-238"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | libvirt | p-cpe:/a:huawei:euleros:libvirt |
| huawei | euleros | libvirt-admin | p-cpe:/a:huawei:euleros:libvirt-admin |
| huawei | euleros | libvirt-client | p-cpe:/a:huawei:euleros:libvirt-client |
| huawei | euleros | libvirt-daemon | p-cpe:/a:huawei:euleros:libvirt-daemon |
| huawei | euleros | libvirt-daemon-config-network | p-cpe:/a:huawei:euleros:libvirt-daemon-config-network |
| huawei | euleros | libvirt-daemon-config-nwfilter | p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter |
| huawei | euleros | libvirt-daemon-driver-interface | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface |
| huawei | euleros | libvirt-daemon-driver-network | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network |
| huawei | euleros | libvirt-daemon-driver-nodedev | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev |
| huawei | euleros | libvirt-daemon-driver-nwfilter | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-1634)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1285-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-1610)
2020-01-23 00:00:00
debiancve
debiancve
CVE-2019-3886
2019-04-04 16:29:03
CVE-2016-10746
2019-04-18 16:29:00
prion
prion
Information disclosure
2019-04-04 16:29:00
Design/Logic Flaw
2019-04-18 16:29:00
osv
osv
CVE-2019-3886
2019-04-04 16:29:03
CVE-2016-10746
2019-04-18 16:29:00
nessus
nessus
EulerOS 2.0 SP8 : libvirt (EulerOS-SA-2023-1348)
2023-02-08 00:00:00
SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2019:1285-1)
2019-05-20 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2019-1634)
2019-05-30 00:00:00
cvelist
cvelist
CVE-2019-3886
2019-04-04 00:00:00
CVE-2016-10746
2019-04-18 15:56:00
veracode
veracode
Insecure Authorization
2019-04-05 02:54:38
ubuntucve
ubuntucve
CVE-2019-3886
2019-04-04 00:00:00
CVE-2016-10746
2019-04-18 00:00:00
redhatcve
redhatcve
CVE-2019-3886
2019-04-04 05:50:09
CVE-2016-10746
2019-05-02 14:42:04
cbl_mariner
cbl_mariner
CVE-2019-3886 affecting package libvirt 6.1.0-1
2020-09-09 06:09:20
nvd
nvd
CVE-2019-3886
2019-04-04 16:29:03
CVE-2016-10746
2019-04-18 16:29:00
cve
cve
CVE-2019-3886
2019-04-04 16:29:03
CVE-2016-10746
2019-04-18 16:29:00
suse
suse
Security update for libvirt (moderate)
2019-04-29 00:00:00
ubuntu
ubuntu
libvirt vulnerabilities
2019-06-19 00:00:00
mageia
mageia
Updated libvirt packages fix security vulnerabilities
2019-12-15 21:03:05
fedora
fedora
[SECURITY] Fedora 30 Update: libvirt-5.1.0-9.fc30
2019-07-09 00:56:34
[SECURITY] Fedora 29 Update: libvirt-4.7.0-5.fc29
2019-07-09 02:25:07