CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.5%
kvm has been updated to fix issues in the embedded qemu :
An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could potentially have resulted in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0223)
A user able to alter the savevm data (either on the disk or over the wire during migration) could have used this flaw to to corrupt QEMU process memory on the (destination) host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-3461)
An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could have used this flaw to corrupt QEMU process memory on the host, which could have potentially resulted in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0222)
Non-security bugs fixed :
Fix exceeding IRQ routes that could have caused freezes of guests. (bnc#876842)
Fix CPUID emulation bugs that may have broken Windows guests with newer -cpu types (bnc#886535)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(78105);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-0222", "CVE-2014-0223", "CVE-2014-3461");
script_name(english:"SuSE 11.3 Security Update : kvm (SAT Patch Number 9739)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"kvm has been updated to fix issues in the embedded qemu :
- An integer overflow flaw was found in the QEMU block
driver for QCOW version 1 disk images. A user able to
alter the QEMU disk image files loaded by a guest could
have used this flaw to corrupt QEMU process memory on
the host, which could potentially have resulted in
arbitrary code execution on the host with the privileges
of the QEMU process. (CVE-2014-0223)
- A user able to alter the savevm data (either on the disk
or over the wire during migration) could have used this
flaw to to corrupt QEMU process memory on the
(destination) host, which could have potentially
resulted in arbitrary code execution on the host with
the privileges of the QEMU process. (CVE-2014-3461)
- An integer overflow flaw was found in the QEMU block
driver for QCOW version 1 disk images. A user able to
alter the QEMU disk image files loaded by a guest could
have used this flaw to corrupt QEMU process memory on
the host, which could have potentially resulted in
arbitrary code execution on the host with the privileges
of the QEMU process. (CVE-2014-0222)
Non-security bugs fixed :
- Fix exceeding IRQ routes that could have caused freezes
of guests. (bnc#876842)
- Fix CPUID emulation bugs that may have broken Windows
guests with newer -cpu types (bnc#886535)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=876842"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=877642"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=877645"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=878541"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=886535"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2014-0222.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2014-0223.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2014-3461.html"
);
script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9739.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kvm");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2014/09/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/09");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kvm-1.4.2-0.17.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kvm-1.4.2-0.17.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"kvm-1.4.2-0.17.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461
support.novell.com/security/cve/CVE-2014-0222.html
support.novell.com/security/cve/CVE-2014-0223.html
support.novell.com/security/cve/CVE-2014-3461.html
bugzilla.novell.com/show_bug.cgi?id=876842
bugzilla.novell.com/show_bug.cgi?id=877642
bugzilla.novell.com/show_bug.cgi?id=877645
bugzilla.novell.com/show_bug.cgi?id=878541
bugzilla.novell.com/show_bug.cgi?id=886535