7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.021 Low
EPSS
Percentile
89.2%
Fix arm sd warnings with latest kernel (bz #1091548)
Fix regression in CVE backport that affects openstack (thanks lbezdick)
Fix guest startup crashes from autotest (bz #1081610)
Block/image format validation CVE-2014-0142 - 2014-0148 (bz #1078201, bz #1086710, bz #1079140, bz #1086724, bz #1079240, bz #1086735, bz #1078885, bz #1086720, bz #1078232, bz #1086713, bz #1078848, bz #1086717, bz #1078212, bz #1086712)
CVE-2014-0150: virtio-net: buffer overflow in virtio_net_handle_mac() function (bz #1086775, bz #1078846)
CVE-2013-4544: vmxnet3: bounds checking buffer overrun (bz #1087513, bz #1087522)
CVE-2014-2894: out of bounds buffer accesses, guest triggerable via IDE SMART (bz #1087981, bz #1087971)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2014-5825.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(73818);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2013-4544", "CVE-2014-0142", "CVE-2014-0143", "CVE-2014-0144", "CVE-2014-0145", "CVE-2014-0146", "CVE-2014-0147", "CVE-2014-0148", "CVE-2014-0150", "CVE-2014-2894");
script_bugtraq_id(66464, 66472, 66480, 66481, 66483, 66484, 66486, 66821, 66932, 66955);
script_xref(name:"FEDORA", value:"2014-5825");
script_name(english:"Fedora 20 : qemu-1.6.2-4.fc20 (2014-5825)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Fix arm sd warnings with latest kernel (bz #1091548)
- Fix regression in CVE backport that affects openstack
(thanks lbezdick)
- Fix guest startup crashes from autotest (bz #1081610)
- Block/image format validation CVE-2014-0142 -
2014-0148 (bz #1078201, bz #1086710, bz #1079140, bz
#1086724, bz #1079240, bz #1086735, bz #1078885, bz
#1086720, bz #1078232, bz #1086713, bz #1078848, bz
#1086717, bz #1078212, bz #1086712)
- CVE-2014-0150: virtio-net: buffer overflow in
virtio_net_handle_mac() function (bz #1086775, bz
#1078846)
- CVE-2013-4544: vmxnet3: bounds checking buffer overrun
(bz #1087513, bz #1087522)
- CVE-2014-2894: out of bounds buffer accesses, guest
triggerable via IDE SMART (bz #1087981, bz #1087971)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1078201"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1078212"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1078232"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1078846"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1078848"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1078885"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1079140"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1079240"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1087513"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1087971"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132409.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?a47d1447"
);
script_set_attribute(attribute:"solution", value:"Update the affected qemu package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qemu");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
script_set_attribute(attribute:"patch_publication_date", value:"2014/05/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC20", reference:"qemu-1.6.2-4.fc20")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | qemu | p-cpe:/a:fedoraproject:fedora:qemu |
fedoraproject | fedora | 20 | cpe:/o:fedoraproject:fedora:20 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0146
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0150
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894
www.nessus.org/u?a47d1447
bugzilla.redhat.com/show_bug.cgi?id=1078201
bugzilla.redhat.com/show_bug.cgi?id=1078212
bugzilla.redhat.com/show_bug.cgi?id=1078232
bugzilla.redhat.com/show_bug.cgi?id=1078846
bugzilla.redhat.com/show_bug.cgi?id=1078848
bugzilla.redhat.com/show_bug.cgi?id=1078885
bugzilla.redhat.com/show_bug.cgi?id=1079140
bugzilla.redhat.com/show_bug.cgi?id=1079240
bugzilla.redhat.com/show_bug.cgi?id=1087513
bugzilla.redhat.com/show_bug.cgi?id=1087971
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.021 Low
EPSS
Percentile
89.2%