Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2015-0141.NASLHistoryOct 30, 2015 - 12:00 a.m.
OracleVM 3.3 : xen (OVMSA-2015-0141)
2015-10-3000:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
26.9%
The remote OracleVM system is missing necessary patches to address critical security updates :
-
x86: rate-limit logging in do_xen[oprof,pmu]_op Some of the sub-ops are acessible to all guests, and hence should be rate-limited. In the xenoprof case, just like for XSA-146, include them only in debug builds. Since the vPMU code is rather new, allow them to be always present, but downgrade them to (rate limited) guest messages. This is XSA-152. (CVE-2015-7971)
-
xenoprof: free domain’s vcpu array This was overlooked in fb442e2171 (‘x86_64: allow more vCPU-s per guest’).
This is XSA-151. (CVE-2015-7969) -
x86: guard against undue super page PTE creation When optional super page support got added (commit bd1cd81d64 ‘x86: PV support for hugepages’), two adjustments were missed: mod_l2_entry needs to consider the PSE and RW bits when deciding whether to use the fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK unconditionally. This is XSA-148. (CVE-2015-7835)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2015-0141.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(86669);
script_version("2.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2015-7835", "CVE-2015-7969", "CVE-2015-7971");
script_name(english:"OracleVM 3.3 : xen (OVMSA-2015-0141)");
script_summary(english:"Checks the RPM output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote OracleVM host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :
- x86: rate-limit logging in do_xen[oprof,pmu]_op Some of
the sub-ops are acessible to all guests, and hence
should be rate-limited. In the xenoprof case, just like
for XSA-146, include them only in debug builds. Since
the vPMU code is rather new, allow them to be always
present, but downgrade them to (rate limited) guest
messages. This is XSA-152. (CVE-2015-7971)
- xenoprof: free domain's vcpu array This was overlooked
in fb442e2171 ('x86_64: allow more vCPU-s per guest').
This is XSA-151. (CVE-2015-7969)
- x86: guard against undue super page PTE creation When
optional super page support got added (commit bd1cd81d64
'x86: PV support for hugepages'), two adjustments were
missed: mod_l2_entry needs to consider the PSE and RW
bits when deciding whether to use the fast path, and the
PSE bit must not be removed from L2_DISALLOW_MASK
unconditionally. This is XSA-148. (CVE-2015-7835)"
);
# https://oss.oracle.com/pipermail/oraclevm-errata/2015-October/000374.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?2dce5d78"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected xen / xen-tools packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/30");
script_set_attribute(attribute:"patch_publication_date", value:"2015/10/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"OracleVM Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"OVS3.3", reference:"xen-4.3.0-55.el6.47.58")) flag++;
if (rpm_check(release:"OVS3.3", reference:"xen-tools-4.3.0-55.el6.47.58")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-tools");
}
Related
nessus
nessus
OracleVM 3.2 : xen (OVMSA-2015-0143)
2015-11-09 00:00:00
OracleVM 3.2 : xen (OVMSA-2015-0142)
2015-10-30 00:00:00
openSUSE Security Update : xen (openSUSE-2015-730)
2015-11-20 00:00:00
openvas
openvas
Citrix XenServer Multiple Security Updates (CTX202404)
2015-11-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1952-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1908-1)
2021-04-19 00:00:00
suse
suse
Security update for xen (important)
2015-11-10 18:10:12
Security update for xen (important)
2015-11-03 11:12:06
Security update for xen (important)
2015-10-30 17:13:49
fedora
fedora
[SECURITY] Fedora 23 Update: xen-4.5.1-14.fc23
2015-11-08 22:25:23
[SECURITY] Fedora 21 Update: xen-4.4.3-7.fc21
2015-11-10 00:51:54
[SECURITY] Fedora 22 Update: xen-4.5.1-14.fc22
2015-11-10 00:25:04
prion
prion
Design/Logic Flaw
2015-10-30 15:59:00
Design/Logic Flaw
2015-10-30 15:59:00
Design/Logic Flaw
2015-10-30 15:59:00
freebsd
freebsd
xen-kernel -- leak of per-domain profiling-related vcpu pointer array
2015-10-29 00:00:00
xen-kernel -- some pmu and profiling hypercalls log without rate limiting
2015-10-29 00:00:00
xen-kernel -- leak of main per-domain vcpu pointer array
2015-10-29 00:00:00
xen
xen
x86: some pmu and profiling hypercalls log without rate limiting
2015-10-29 11:59:00
x86: leak of per-domain profiling-related vcpu pointer array
2015-10-29 11:59:00
leak of main per-domain vcpu pointer array
2015-10-29 11:59:00
cvelist
cvelist
nvd
nvd
cve
cve
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DSA 3390-1] xen security update
2015-11-02 18:24:14
[SECURITY] [DSA 3390-1] xen security update
2015-11-02 18:24:14
[SECURITY] [DSA 3414-1] xen security update
2015-12-09 20:43:14
debiancve
debiancve
osv
osv
xen - security update
2016-05-17 00:00:00
mageia
mageia
Updated xen packages fix security vulnerabilities
2016-03-07 14:20:30
gentoo
gentoo
Xen: Multiple vulnerabilities
2016-04-05 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
26.9%
Related for ORACLEVM_OVMSA-2015-0141.NASL