Lucene search
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20180313_QEMU_KVM_ON_SL6_X.NASLHistoryMar 15, 2018 - 12:00 a.m.
Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20180313)
2018-03-1500:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
0.001
Percentile
28.1%
Security Fix(es) :
- Qemu: cirrus: OOB access issue in mode4and5 write functions (CVE-2017-15289)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include("compat.inc");
if (description)
{
script_id(108366);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
script_cve_id("CVE-2017-15289");
script_name(english:"Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20180313)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Security Fix(es) :
- Qemu: cirrus: OOB access issue in mode4and5 write
functions (CVE-2017-15289)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1803&L=scientific-linux-errata&F=&S=&P=8179
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?23af35c2"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-guest-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-img");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:qemu-kvm-tools");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/16");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL6", reference:"qemu-guest-agent-0.12.1.2-2.503.el6_9.5")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"qemu-img-0.12.1.2-2.503.el6_9.5")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"qemu-kvm-0.12.1.2-2.503.el6_9.5")) flag++;
if (rpm_check(release:"SL6", reference:"qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.5")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"qemu-kvm-tools-0.12.1.2-2.503.el6_9.5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-guest-agent / qemu-img / qemu-kvm / qemu-kvm-debuginfo / etc");
}
Related
debiancve
debiancve
CVE-2017-15289
2017-10-16 18:29:00
ubuntucve
ubuntucve
CVE-2017-15289
2017-10-16 00:00:00
nessus
nessus
RHEL 6 : qemu-kvm (RHSA-2018:0516)
2018-03-14 00:00:00
CentOS 6 : qemu-kvm (CESA-2018:0516)
2018-03-15 00:00:00
NewStart CGSL MAIN 4.05 : qemu-kvm Vulnerability (NS-SA-2019-0125)
2019-08-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:23:05
osv
osv
CVE-2017-15289
2017-10-16 18:29:00
qemu - security update
2018-05-29 00:00:00
qemu - security update
2018-09-06 00:00:00
redhat
redhat
(RHSA-2018:0516) Moderate: qemu-kvm security update
2018-03-13 17:31:37
(RHSA-2017:3368) Moderate: qemu-kvm security update
2017-11-30 20:14:11
(RHSA-2017:3369) Moderate: qemu-kvm-rhev security and bug fix update
2017-11-30 20:14:52
cvelist
cvelist
CVE-2017-15289
2017-10-16 18:00:00
centos
centos
qemu security update
2018-03-14 14:47:19
qemu security update
2017-12-06 13:15:27
redhatcve
redhatcve
CVE-2017-15289
2020-04-09 06:55:07
f5
f5
K22572754 : QEMU vulnerability CVE-2017-15289
2021-01-25 00:00:00
cve
cve
CVE-2017-15289
2017-10-16 18:29:00
openvas
openvas
CentOS Update for qemu-guest-agent CESA-2018:0516 centos6
2018-03-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:3178-1)
2021-04-19 00:00:00
RedHat Update for qemu-kvm RHSA-2017:3368-01
2017-12-01 00:00:00
prion
prion
Out-of-bounds
2017-10-16 18:29:00
nvd
nvd
CVE-2017-15289
2017-10-16 18:29:00
oraclelinux
oraclelinux
qemu-kvm security update
2018-03-13 00:00:00
qemu-kvm security update
2017-11-30 00:00:00
qemu-kvm security, bug fix, and enhancement update
2018-04-16 00:00:00
amazon
amazon
Medium: qemu-kvm
2017-12-20 18:55:00
suse
suse
Security update for xen (important)
2017-12-02 18:11:39
Security update for xen (important)
2017-11-29 19:37:56
Security update for xen (important)
2017-12-02 18:10:43
debian
debian
[SECURITY] [DSA 4213-1] qemu security update
2018-05-29 21:25:45
[SECURITY] [DSA 4213-1] qemu security update
2018-05-29 21:25:45
[SECURITY] [DLA 1497-1] qemu security update
2018-09-06 18:49:12
ubuntu
ubuntu
QEMU regression
2018-03-05 00:00:00
QEMU vulnerabilities
2018-02-20 00:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
0.001
Percentile
28.1%
Related for SL_20180313_QEMU_KVM_ON_SL6_X.NASL