Lucene search
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.FEDORA_2012-18242.NASLHistoryNov 23, 2012 - 12:00 a.m.
Fedora 17 : xen-4.1.3-6.fc17 (2012-18242)
2012-11-2300:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
17
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS
0.001
Percentile
28.1%
A guest can block a cpu by setting a bad VCPU deadline [XSA 20, CVE-2012-4535] (#876198) HVM guest can use invalid pirq values to crash xen [XSA 21, CVE-2012-4536] (#876200) HVM guest can exhaust p2m table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on 64-bit hypervisor can cause an hypervisor infinite loop [XSA-24, CVE-2012-4539] (#876207)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2012-18242.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(63009);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2012-4535", "CVE-2012-4536", "CVE-2012-4537", "CVE-2012-4538", "CVE-2012-4539");
script_xref(name:"FEDORA", value:"2012-18242");
script_name(english:"Fedora 17 : xen-4.1.3-6.fc17 (2012-18242)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"A guest can block a cpu by setting a bad VCPU deadline [XSA 20,
CVE-2012-4535] (#876198) HVM guest can use invalid pirq values to
crash xen [XSA 21, CVE-2012-4536] (#876200) HVM guest can exhaust p2m
table crashing xen [XSA 22, CVE-2012-4537] (#876203) PAE HVM guest can
crash hypervisor [XSA-23, CVE-2012-4538] (#876205) 32-bit PV guest on
64-bit hypervisor can cause an hypervisor infinite loop [XSA-24,
CVE-2012-4539] (#876207)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=870086"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=870096"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=870101"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=870106"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=870110"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092634.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?838f0a81"
);
script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");
script_set_attribute(attribute:"patch_publication_date", value:"2012/11/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/23");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC17", reference:"xen-4.1.3-6.fc17")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | xen | p-cpe:/a:fedoraproject:fedora:xen |
| fedoraproject | fedora | 17 | cpe:/o:fedoraproject:fedora:17 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4536
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4539
www.nessus.org/u?838f0a81
bugzilla.redhat.com/show_bug.cgi?id=870086
bugzilla.redhat.com/show_bug.cgi?id=870096
bugzilla.redhat.com/show_bug.cgi?id=870101
bugzilla.redhat.com/show_bug.cgi?id=870106
bugzilla.redhat.com/show_bug.cgi?id=870110
Related
nessus
nessus
Fedora 16 : xen-4.1.3-4.fc16 (2012-18249)
2012-11-23 00:00:00
Fedora 18 : xen-4.2.0-4.fc18 (2012-18146)
2012-11-26 00:00:00
OracleVM 3.0 : xen (OVMSA-2012-0050)
2014-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: xen-4.2.0-4.fc18
2012-11-23 07:20:59
[SECURITY] Fedora 17 Update: xen-4.1.3-6.fc17
2012-11-23 02:59:27
[SECURITY] Fedora 16 Update: xen-4.1.3-4.fc16
2012-11-23 02:55:52
suse
suse
Security update for Xen (important)
2012-11-16 00:09:20
Security update for Xen (important)
2012-11-16 17:08:43
Security update for libvirt (important)
2012-11-19 21:08:39
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:1486-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1487-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:1503-1)
2021-06-09 00:00:00
debian
debian
[SECURITY] [DSA 2582-1] xen security update
2012-12-07 15:40:44
osv
osv
xen - denial of service
2012-12-07 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2582-1] xen security update
2012-12-09 00:00:00
xen multiple security vulnerabilities
2012-12-09 00:00:00
cve
cve
debiancve
debiancve
nvd
nvd
ubuntucve
ubuntucve
prion
prion
Out-of-bounds
2012-11-21 23:55:00
Code injection
2012-11-21 23:55:00
Information disclosure
2012-11-21 23:55:00
cvelist
cvelist
oraclelinux
oraclelinux
1
2012-12-05 00:00:00
kernel security, bug fix, and enhancement update
2012-12-04 00:00:00
centos
centos
kernel security update
2012-12-05 10:07:09
redhat
redhat
(RHSA-2012:1540) Important: kernel security, bug fix, and enhancement update
2012-12-04 00:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2016-04-05 00:00:00
Xen: Multiple vulnerabilities
2013-09-27 00:00:00
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS
0.001
Percentile
28.1%
Related for FEDORA_2012-18242.NASL