Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL13405416.NASL
HistoryJan 06, 2016 - 12:00 a.m.

F5 Networks BIG-IP : QEMU vulnerability (SOL13405416)

2016-01-0600:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

29.8%

JSON

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a ‘device model’s address space.’

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution SOL13405416.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(87743);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");

  script_cve_id("CVE-2012-3515");
  script_bugtraq_id(55413);

  script_name(english:"F5 Networks BIG-IP : QEMU vulnerability (SOL13405416)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Qemu, as used in Xen 4.0, 4.1 and possibly other products, when
emulating certain devices with a virtual console backend, allows local
OS guest users to gain privileges via a crafted escape VT100 sequence
that triggers the overwrite of a 'device model's address space.'"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K13405416"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL13405416."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "SOL13405416";
vmatrix = make_array();

if (report_paranoia < 2) audit(AUDIT_PARANOID);

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("11.0.0-11.2.1HF14");
vmatrix["APM"]["unaffected"] = make_list("12.0.0","11.3.0-11.6.0","11.2.1HF15","10.1.0-10.2.4");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("11.0.0-11.2.1HF14");
vmatrix["ASM"]["unaffected"] = make_list("12.0.0","11.3.0-11.6.0","11.2.1HF15","10.1.0-10.2.4");

# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected"  ] = make_list("11.0.0-11.2.1HF14");
vmatrix["AVR"]["unaffected"] = make_list("12.0.0","11.3.0-11.6.0","11.2.1HF15");

# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected"  ] = make_list("11.0.0-11.2.1HF14");
vmatrix["GTM"]["unaffected"] = make_list("11.3.0-11.6.0","11.2.1HF15","10.1.0-10.2.4");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("11.0.0-11.2.1HF14");
vmatrix["LC"]["unaffected"] = make_list("12.0.0","11.3.0-11.6.0","11.2.1HF15","10.1.0-10.2.4");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("11.0.0-11.2.1HF14");
vmatrix["LTM"]["unaffected"] = make_list("12.0.0","11.3.0-11.6.0","11.2.1HF15","10.1.0-10.2.4");

# PSM
vmatrix["PSM"] = make_array();
vmatrix["PSM"]["affected"  ] = make_list("11.0.0-11.2.1HF14");
vmatrix["PSM"]["unaffected"] = make_list("11.3.0-11.4.1","11.2.1HF15","10.1.0-10.2.4");

# WAM
vmatrix["WAM"] = make_array();
vmatrix["WAM"]["affected"  ] = make_list("11.0.0-11.2.1HF14");
vmatrix["WAM"]["unaffected"] = make_list("11.3.0","11.2.1HF15","10.1.0-10.2.4");

# WOM
vmatrix["WOM"] = make_array();
vmatrix["WOM"]["affected"  ] = make_list("11.0.0-11.2.1HF14");
vmatrix["WOM"]["unaffected"] = make_list("11.3.0","11.2.1HF15","10.1.0-10.2.4");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}

Related

prion 1
f5 2
suse 15
centos 3
oraclelinux 3
openvas 89
nvd 1
nessus 38
securityvulns 2
debiancve 1
redhat 6
cvelist 1
cve 1
veracode 1
ubuntu 1
ubuntucve 1
osv 5
debian 3
fedora 25
prion
prion
Design/Logic Flaw
2012-11-23 20:55:00
f5
f5
SOL13405416 - QEMU vulnerability CVE-2012-3515
2016-01-05 00:00:00
K13405416 : QEMU vulnerability CVE-2012-3515
2016-01-06 00:00:00
suse
suse
Security update for qemu (important)
2012-10-25 00:09:21
qemu: Fix buffer overflow in console VT100 emulation (important)
2012-09-14 14:08:59
Security update for kvm (important)
2012-09-18 15:08:40
centos
centos
kmod, kvm security update
2012-09-05 18:11:48
xen security update
2012-09-05 17:58:14
qemu security update
2012-09-05 18:27:02
oraclelinux
oraclelinux
qemu-kvm security update
2012-09-05 00:00:00
xen security update
2012-09-05 00:00:00
kvm security update
2012-09-05 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2012-1236)
2015-10-06 00:00:00
CentOS Update for kmod-kvm CESA-2012:1235 centos5
2012-09-07 00:00:00
Oracle: Security Advisory (ELSA-2012-1234)
2015-10-06 00:00:00
nvd
nvd
CVE-2012-3515
2012-11-23 20:55:03
nessus
nessus
Scientific Linux Security Update : qemu-kvm on SL6.x x86_64 (20120905)
2012-09-06 00:00:00
openSUSE Security Update : kvm (openSUSE-SU-2012:1153-1)
2014-06-13 00:00:00
RHEL 6 : qemu-kvm (RHSA-2012:1234)
2013-01-24 00:00:00
securityvulns
securityvulns
[USN-1590-1] QEMU vulnerability
2012-10-04 00:00:00
QEMU memory corruption
2012-10-04 00:00:00
debiancve
debiancve
CVE-2012-3515
2012-11-23 20:55:03
redhat
redhat
(RHSA-2012:1234) Important: qemu-kvm security update
2012-09-05 00:00:00
(RHSA-2012:1235) Important: kvm security update
2012-09-05 00:00:00
(RHSA-2012:1236) Important: xen security update
2012-09-05 00:00:00
cvelist
cvelist
CVE-2012-3515
2012-11-23 20:00:00
cve
cve
CVE-2012-3515
2012-11-23 20:55:03
veracode
veracode
Privilege Escalation
2019-01-15 08:56:53
ubuntu
ubuntu
QEMU vulnerability
2012-10-02 00:00:00
ubuntucve
ubuntucve
CVE-2012-3515
2012-09-06 00:00:00
osv
osv
xen-qemu-dm-4.0 - multiple
2012-09-08 00:00:00
qemu - multiple
2012-09-08 00:00:00
qemu-kvm - multiple
2012-09-08 00:00:00
debian
debian
[SECURITY] [DSA 2545-1] qemu security update
2012-09-08 21:54:27
[SECURITY] [DSA 2543-1] xen-qemu-dm-4.0 security update
2012-09-08 21:32:19
[SECURITY] [DSA 2542-1] qemu-kvm security update
2012-09-08 21:12:37
fedora
fedora
[SECURITY] Fedora 17 Update: qemu-1.0.1-2.fc17
2012-10-13 00:23:29
[SECURITY] Fedora 16 Update: qemu-0.15.1-8.fc16
2012-10-17 00:22:05
[SECURITY] Fedora 17 Update: qemu-1.0.1-3.fc17
2013-01-26 15:56:23

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

29.8%

JSON
Related for F5_BIGIP_SOL13405416.NASL
prion1f52suse15centos3oraclelinux3openvas89nvd1nessus38securityvulns2debiancve1redhat6cvelist1cve1veracode1ubuntu1ubuntucve1osv5debian3fedora25