5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
0.009 Low
EPSS
Percentile
82.9%
CVE-2018-19364: 9pfs: use-after-free (bz #1651359)
CVE-2018-19489: 9pfs: use-after-free renaming files (bz #1653157)
CVE-2018-16867: usb-mtp: path traversal issue (bz #1656746)
CVE-2018-16872: usb-mtp: path traversal issue (bz #1659150)
CVE-2018-20191: pvrdma: uar_read leads to NULL deref (bz #1660315)
CVE-2019-6778: slirp: heap buffer overflow (bz #1669072)
CVE-2019-3812: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure (bz #1678081)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-88a98ce795.
#
include("compat.inc");
if (description)
{
script_id(123101);
script_version("1.3");
script_cvs_date("Date: 2020/02/03");
script_cve_id("CVE-2018-16867", "CVE-2018-16872", "CVE-2018-19364", "CVE-2018-19489", "CVE-2018-20191", "CVE-2019-3812", "CVE-2019-6778");
script_xref(name:"FEDORA", value:"2019-88a98ce795");
script_name(english:"Fedora 29 : 2:qemu (2019-88a98ce795)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - CVE-2018-19364: 9pfs: use-after-free (bz #1651359)
- CVE-2018-19489: 9pfs: use-after-free renaming files (bz
#1653157)
- CVE-2018-16867: usb-mtp: path traversal issue (bz
#1656746)
- CVE-2018-16872: usb-mtp: path traversal issue (bz
#1659150)
- CVE-2018-20191: pvrdma: uar_read leads to NULL deref (bz
#1660315)
- CVE-2019-6778: slirp: heap buffer overflow (bz #1669072)
- CVE-2019-3812: Out-of-bounds read in hw/i2c/i2c-ddc.c
allows for memory disclosure (bz #1678081)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-88a98ce795"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected 2:qemu package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6778");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:qemu");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/12");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/26");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC29", reference:"qemu-3.0.0-4.fc29", epoch:"2")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:qemu");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | 2 | p-cpe:/a:fedoraproject:fedora:2:qemu |
fedoraproject | fedora | 29 | cpe:/o:fedoraproject:fedora:29 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16867
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16872
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19364
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19489
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6778
bodhi.fedoraproject.org/updates/FEDORA-2019-88a98ce795
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
0.009 Low
EPSS
Percentile
82.9%