Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.FEDORA_2015-C44BD3E0FA.NASL
HistoryMar 04, 2016 - 12:00 a.m.

Fedora 22 : xen-4.5.2-6.fc22 (2015-c44bd3e0fa)

2016-03-0400:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
13

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

paravirtualized drivers incautious about shared memory contents [XSA-155, CVE-2015-8550] qemu-dm buffer overrun in MSI-X handling [XSA-164, CVE-2015-8554] information leak in legacy x86 FPU/XMM initialization [XSA-165, CVE-2015-8555] ioreq handling possibly susceptible to multiple read issue [XSA-166]

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2015-c44bd3e0fa.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89398);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-8550", "CVE-2015-8554", "CVE-2015-8555");
  script_xref(name:"FEDORA", value:"2015-c44bd3e0fa");

  script_name(english:"Fedora 22 : xen-4.5.2-6.fc22 (2015-c44bd3e0fa)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"paravirtualized drivers incautious about shared memory contents
[XSA-155, CVE-2015-8550] qemu-dm buffer overrun in MSI-X handling
[XSA-164, CVE-2015-8554] information leak in legacy x86 FPU/XMM
initialization [XSA-165, CVE-2015-8555] ioreq handling possibly
susceptible to multiple read issue [XSA-166]

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1289125"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1289129"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1289130"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1290365"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/174819.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f0f79a1c"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC22", reference:"xen-4.5.2-6.fc22")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}
VendorProductVersionCPE
fedoraprojectfedoraxenp-cpe:/a:fedoraproject:fedora:xen
fedoraprojectfedora22cpe:/o:fedoraproject:fedora:22

Related

fedora 2
nessus 39
openvas 41
nvd 3
debiancve 3
xen 3
cvelist 3
ubuntucve 3
freebsd 1
prion 3
cve 3
suse 18
debian 6
ubuntu 10
osv 3
mageia 4
gentoo 1
fedora
fedora
[SECURITY] Fedora 22 Update: xen-4.5.2-6.fc22
2016-01-02 23:21:29
[SECURITY] Fedora 23 Update: xen-4.5.2-6.fc23
2015-12-22 22:09:20
nessus
nessus
Fedora 23 : xen-4.5.2-6.fc23 (2015-d8253e2b1d)
2016-03-04 00:00:00
FreeBSD : xen-kernel -- information leak in legacy x86 FPU/XMM initialization (e839ca04-b40d-11e5-9728-002590263bf5)
2016-01-06 00:00:00
openSUSE Security Update : xen (openSUSE-2016-35)
2016-01-25 00:00:00
openvas
openvas
Citrix XenServer Multiple Security Updates (CTX203879)
2016-01-26 00:00:00
openSUSE: Security Advisory for xen (openSUSE-SU-2016:0123-1)
2016-01-15 00:00:00
openSUSE: Security Advisory for xen (openSUSE-SU-2016:0124-1)
2016-01-15 00:00:00
nvd
nvd
CVE-2015-8550
2016-04-14 14:59:04
CVE-2015-8554
2016-04-14 14:59:05
CVE-2015-8555
2016-04-13 15:59:08
debiancve
debiancve
CVE-2015-8550
2016-04-14 14:59:04
CVE-2015-8554
2016-04-14 14:59:05
CVE-2015-8555
2016-04-13 15:59:08
xen
xen
paravirtualized drivers incautious about shared memory contents
2015-12-17 12:00:00
qemu-dm buffer overrun in MSI-X handling
2015-12-17 12:00:00
information leak in legacy x86 FPU/XMM initialization
2015-12-17 12:00:00
cvelist
cvelist
CVE-2015-8550
2016-04-14 14:00:00
CVE-2015-8554
2016-04-14 14:00:00
CVE-2015-8555
2016-04-13 15:00:00
ubuntucve
ubuntucve
CVE-2015-8554
2016-04-14 00:00:00
CVE-2015-8550
2015-12-17 00:00:00
CVE-2015-8555
2016-04-13 00:00:00
freebsd
freebsd
xen-kernel -- information leak in legacy x86 FPU/XMM initialization
2015-12-17 00:00:00
prion
prion
Double free
2016-04-14 14:59:00
Buffer overflow
2016-04-14 14:59:00
Design/Logic Flaw
2016-04-13 15:59:00
cve
cve
CVE-2015-8554
2016-04-14 14:59:05
CVE-2015-8550
2016-04-14 14:59:04
CVE-2015-8555
2016-04-13 15:59:08
suse
suse
Security update for xen (important)
2016-01-14 22:19:10
Security update for xen (important)
2016-01-14 22:16:01
Security update for xen (important)
2016-01-14 22:13:24
debian
debian
[SECURITY] [DSA 3519-1] xen security update
2016-03-17 21:52:03
[SECURITY] [DLA 479-1] xen security update
2016-05-17 23:13:35
[SECURITY] [DSA 3434-1] linux security update
2016-01-05 19:18:32
ubuntu
ubuntu
Linux kernel vulnerabilities
2015-12-19 00:00:00
Linux kernel vulnerabilities
2015-12-19 00:00:00
Linux kernel vulnerabilities
2015-12-19 00:00:00
osv
osv
xen - security update
2016-05-17 00:00:00
linux - security update
2016-01-05 00:00:00
qemu - security update
2016-02-08 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2016-01-11 13:44:41
Updated kernel-linus packages fix security vulnerabilities
2016-01-14 04:44:39
Updated xen packages fix security vulnerabilities
2016-03-07 14:20:30
gentoo
gentoo
Xen: Multiple vulnerabilities
2016-04-05 00:00:00

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON
Related for FEDORA_2015-C44BD3E0FA.NASL
fedora2nessus39openvas41nvd3debiancve3xen3cvelist3ubuntucve3freebsd1prion3cve3suse18debian6ubuntu10osv3mageia4gentoo1