Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-764.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : libvirt (openSUSE-SU-2013:1549-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.01

Percentile

83.9%

JSON

libvirt was updated to fix 2 security issues :

CVE-2013-4311: Add support for using 3-arg pkcheck syntax for process, which previously could be used for race conditions to gain privileges.

CVE-2013-4296: Fix crash in remoteDispatchDomainMemoryStats

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-764.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75169);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-4296", "CVE-2013-4311");
  script_bugtraq_id(62508, 62510);

  script_name(english:"openSUSE Security Update : libvirt (openSUSE-SU-2013:1549-1)");
  script_summary(english:"Check for the openSUSE-2013-764 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"libvirt was updated to fix 2 security issues :

CVE-2013-4311: Add support for using 3-arg pkcheck syntax for process,
which previously could be used for race conditions to gain privileges.

CVE-2013-4296: Fix crash in remoteDispatchDomainMemoryStats"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=836931"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=838638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libvirt packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-client-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvirt-python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"libvirt-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libvirt-client-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libvirt-client-debuginfo-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libvirt-debuginfo-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libvirt-debugsource-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libvirt-devel-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libvirt-lock-sanlock-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libvirt-lock-sanlock-debuginfo-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libvirt-python-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libvirt-python-debuginfo-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libvirt-client-32bit-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libvirt-client-debuginfo-32bit-0.9.11.9-1.13.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libvirt-devel-32bit-0.9.11.9-1.13.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt");
}
VendorProductVersionCPE
novellopensuselibvirt-debugsourcep-cpe:/a:novell:opensuse:libvirt-debugsource
novellopensuselibvirt-develp-cpe:/a:novell:opensuse:libvirt-devel
novellopensuselibvirt-devel-32bitp-cpe:/a:novell:opensuse:libvirt-devel-32bit
novellopensuselibvirt-lock-sanlockp-cpe:/a:novell:opensuse:libvirt-lock-sanlock
novellopensuselibvirt-lock-sanlock-debuginfop-cpe:/a:novell:opensuse:libvirt-lock-sanlock-debuginfo
novellopensuselibvirt-pythonp-cpe:/a:novell:opensuse:libvirt-python
novellopensuselibvirtp-cpe:/a:novell:opensuse:libvirt
novellopensuselibvirt-clientp-cpe:/a:novell:opensuse:libvirt-client
novellopensuselibvirt-client-32bitp-cpe:/a:novell:opensuse:libvirt-client-32bit
novellopensuselibvirt-client-debuginfop-cpe:/a:novell:opensuse:libvirt-client-debuginfo
Rows per page:
1-10 of 141

Related

openvas 20
nessus 15
oraclelinux 1
veracode 3
redhat 2
securityvulns 2
centos 1
mageia 1
altlinux 1
ubuntu 1
fedora 4
ubuntucve 2
prion 2
debian 1
osv 16
cvelist 2
cve 2
nvd 2
debiancve 2
gentoo 2
openvas
openvas
CentOS Update for libvirt CESA-2013:1272 centos6
2013-09-24 00:00:00
RedHat Update for libvirt RHSA-2013:1272-01
2013-09-24 00:00:00
CentOS Update for libvirt CESA-2013:1272 centos6
2013-09-24 00:00:00
nessus
nessus
RHEL 6 : libvirt (RHSA-2013:1272)
2013-09-20 00:00:00
Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20130919)
2013-09-20 00:00:00
CentOS 6 : libvirt (CESA-2013:1272)
2013-09-20 00:00:00
oraclelinux
oraclelinux
libvirt security and bug fix update
2013-09-19 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 04:52:27
Denial Of Service (DoS)
2019-01-15 08:59:33
Denial Of Service (DoS)
2018-08-15 07:28:45
redhat
redhat
(RHSA-2013:1272) Important: libvirt security and bug fix update
2013-09-19 00:00:00
(RHSA-2013:1460) Important: rhev-hypervisor6 security and bug fix update
2013-10-29 00:00:00
securityvulns
securityvulns
libvirt memory corruption
2013-10-02 00:00:00
[SECURITY] [DSA 2764-1] libvirt security update
2013-10-02 00:00:00
centos
centos
libvirt security update
2013-09-20 02:24:43
mageia
mageia
Updated libvirt package fixes security vulnerabilities
2013-10-05 21:55:44
altlinux
altlinux
Security fix for the ALT Linux 8 package libvirt version 1.1.3-alt1
2013-10-01 00:00:00
ubuntu
ubuntu
libvirt vulnerabilities
2013-09-18 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: libvirt-1.1.3-2.fc20
2013-10-12 04:34:13
[SECURITY] Fedora 19 Update: libvirt-1.0.5.6-2.fc19
2013-10-02 06:41:24
[SECURITY] Fedora 18 Update: libvirt-0.10.2.8-1.fc18
2013-10-01 02:14:56
ubuntucve
ubuntucve
CVE-2013-4296
2013-09-17 00:00:00
CVE-2013-4311
2013-09-18 00:00:00
prion
prion
Null pointer dereference
2013-09-30 21:55:00
Race condition
2013-10-03 21:55:00
debian
debian
[SECURITY] [DSA 2764-1] libvirt security update
2013-09-25 19:07:58
osv
osv
libvirt - programming error
2013-09-25 00:00:00
CVE-2021-3631
2022-03-02 23:15:08
CVE-2020-10703
2020-06-02 13:15:10
cvelist
cvelist
CVE-2013-4296
2013-09-30 21:00:00
CVE-2013-4311
2013-10-03 21:00:00
cve
cve
CVE-2013-4296
2013-09-30 21:55:09
CVE-2013-4311
2013-10-03 21:55:04
nvd
nvd
CVE-2013-4296
2013-09-30 21:55:09
CVE-2013-4311
2013-10-03 21:55:04
debiancve
debiancve
CVE-2013-4296
2013-09-30 21:55:09
CVE-2013-4311
2013-10-03 21:55:04
gentoo
gentoo
polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation
2014-06-26 00:00:00
libvirt: Multiple vulnerabilities
2014-12-08 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.01

Percentile

83.9%

JSON
Related for OPENSUSE-2013-764.NASL
openvas20nessus15oraclelinux1veracode3redhat2securityvulns2centos1mageia1altlinux1ubuntu1fedora4ubuntucve2prion2debian1osv16cvelist2cve2nvd2debiancve2gentoo2