6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
74.5%
The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allows a domain to allocate memory beyond what an administrator originally configured.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(159892);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/27");
script_cve_id("CVE-2021-28700");
script_xref(name:"IAVB", value:"2021-B-0061-S");
script_name(english:"No memory limit for dom0less domUs (XSA-383)");
script_set_attribute(attribute:"synopsis", value:
"The remote Xen hypervisor installation is missing a security update.");
script_set_attribute(attribute:"description", value:
"The dom0less feature allows an administrator to create multiple
unprivileged domains directly from Xen. Unfortunately, the
memory limit from them is not set. This allows a domain to allocate
memory beyond what an administrator originally configured.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://xenbits.xen.org/xsa/advisory-383.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-28700");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/25");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/19");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:xen:xen");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("xen_server_detect.nbin");
script_require_keys("installed_sw/Xen Hypervisor", "Settings/ParanoidReport");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var fixes;
var app = 'Xen Hypervisor';
var app_info = vcf::xen_hypervisor::get_app_info(app:app);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
fixes['4.12']['fixed_ver'] = '4.12.4';
fixes['4.12']['fixed_ver_display'] = '4.12.4 (changeset 35ba323)';
fixes['4.12']['affected_ver_regex'] = "^4\.12([^0-9]|$)";
fixes['4.12']['affected_changesets'] = make_list('9e39b7f', '090986b',
'e8f95a6', '90ae827', '4e5bf7e', 'b2f52a0', '22bd06c', '52ee570',
'1f5c237', 'aac5e50', '724eebc', 'dd59be6', 'd446431', '05e64a6',
'2f4cfe5', '0475382', 'bd52c7e', '7dadebd', 'c6c5f9d', 'ea20eee',
'99f2c46', 'd024fe1', 'e5f3be9', 'e318c13', 'ced413b', '95d23c7',
'aa8866c', '2c39570', '5984905', '5b280a5', '955c604', 'cd5666c',
'1df73ab', 'b406997', 'f66542f', '26764c5', 'b100d3e', '17db0ba',
'2e9e9e4', '652a259', 'b8737d2', '70c53ea', '4cf5929', '8d26cdd',
'f1f3226', 'cce7cbd', '2525a74', 'c8b97ff', '2186c16', '51e9505',
'4943ea7', '3c13a87', 'd4b884b', '7da9325', 'd6d3b13', '9fe89e1',
'd009b8d', '674108e', 'bfda5ae', '551d75d', '5e1bac4', 'f8443e8',
'655190d', 'f860f42', '9f73020', 'aeebc0c', 'f1a4126', 'b1efedb',
'4739f79', '0dbcdcc', '444b717', '544a775', 'c64ff3b', '8145d38',
'14f577b', '40ab019', '1dd870e', '5c15a1c', '6602544', '14c9c0f',
'dee5d47', '7b2f479', '46ad884', 'eaafa72', '0e6975b', '8e0c2a2',
'51eca39', '7ae2afb', '5e11fd5', '34056b2', 'fd4cc0b', '4f9294d', '97b7b55');
fixes['4.13']['fixed_ver'] = '4.13.4';
fixes['4.13']['fixed_ver_display'] = '4.13.4-pre (changeset bdb8480)';
fixes['4.13']['affected_ver_regex'] = "^4\.13([^0-9]|$)";
fixes['4.13']['affected_changesets'] = make_list('985b3e5', '4d65fe9',
'9d954c8', '53e797c', '89d40f0', 'f762403', 'ebeb9ec', '2357043',
'18fe877', '41200e0', '0ed0cdd', 'ecb4697', 'f50fbdd', '75bb9fe',
'4fa8b13', '85dc71b', '3cdc7b6', '32d5809', '41e8d5d', '27e08cb',
'f6f7690', '1f27fc4', 'a7de760', '1540a9a', '351c890', '3f3ebda',
'7907ab8', 'ddb3edb', 'e39050c', '235bfe8', '84bc28f', '9eece40',
'2c9da5f', '5aacd07', '64752a9', '948b7c8', '9bd6416', '97af34f',
'f799329', '0a3eb9b', 'd3d8a29', '83c0f6b', '9e3c8b1', 'def4352',
'95197d4', 'ef8b235', 'f17d848', 'fa5afbb', '4d54414', '287f229',
'e289ed6', '2841329', '33049e3', '53f4ce9', '8113b02', '0e711a0',
'21e1ae3', '4352a49', 'e93d278', '231237c', 'ca06bce', '5aef2c5',
'5de1558', 'e3bcd4d');
fixes['4.14']['fixed_ver'] = '4.14.3';
fixes['4.14']['fixed_ver_display'] = '4.14.3-pre (changeset c439f5e)';
fixes['4.14']['affected_ver_regex'] = "^4\.14([^0-9]|$)";
fixes['4.14']['affected_changesets'] = make_list('66f5e86', 'b81187f',
'29aeeda', '98bcd53', '6f4c214', '9685265', 'e4c2384', '1958758',
'fe6da09', '4a24451', '100b2e2', '8da1491', 'f7a9730', '61f2806',
'49299c4', 'b46af13', 'e32e184', 'bb731fd', 'c3cc6e2', 'bb9377a',
'f6aec84', '23d5e3d', '3cfccd7', '1ed3661', '645fcf8', '86c223c',
'79774e0', 'e06d0c1', '1dae9fd', '64d93d6', '3ae25fc', '665024b',
'ecd6b17', 'c6ee6d4', 'b6a8c4f', '45710c0', 'ee5425c', '4b4ee05',
'768138c', '0ff7f9c', 'fcf98ef', '51278ce', '766b1f4', 'e5bce3a',
'46ff245', '2665d97', '7053c8e', '5caa690', 'b046e05', '3f85493',
'ac507e0', 'ebfdf0c', '9d963a7', 'b15c24a', 'f23cb47', 'c2f78b4', 'a351751');
fixes['4.15']['fixed_ver'] = '4.15.1';
fixes['4.15']['fixed_ver_display'] = '4.15.1-pre (changeset 9bc2a68)';
fixes['4.15']['affected_ver_regex'] = "^4\.15([^0-9]|$)";
fixes['4.15']['affected_changesets'] = make_list('8a8b16c', '2f6ebce',
'9bfbde4', 'd40287a', '7850fe5', '9f44ed1', '27bc41d', 'd39756f',
'711aeb1', '34d141e', '29a6cf1', '92c8b92', '1beb196', '6bbdcef',
'abfbb29', 'c3cf33b', 'e0da171', 'c773053', '0f1002d', '00bd594',
'0e419e4', 'e3f5318', '4b60715', 'e949445', '9cb597a', '6165dcf',
'da659f6', '17dca16', '99633c5', '2b23bb6', 'dba7748', 'e98cacf',
'0e1407f', '61dea45', '429b0a5', '41f0903', '67f7989', 'e9709a8',
'1a68249', 'e6d098e', '16d2641', '7b658fd', '6ba107c', '2ba0d81',
'3581714', '0b80b34', 'd8a530e', '9892901', '3556dc6', '13ea8af',
'77069ea', 'ec457ac', '4586e64', '796d405', '0aabeb9', 'a339cea',
'874dac9', 'f034c96', '894636d', '12ebf0f', '35b5836', '8368f21',
'7044184', '0a64b18', 'eae0dfa', '89c6e84', '7c3c984', '6a7e21a',
'ee2b1d6', 'edeaa04', 'cacad0c', '3e6c1b6', '78a7c3b', '280d472',
'eb1f325', 'dfcce09', 'c129b5f', 'e2e80ff', '5788a7e', 'bb071ce',
'92dd3b5', 'baa6957', 'c86d8ec', 'e72bf72');
fixes['4.16']['fixed_ver'] = '4.16';
fixes['4.16']['fixed_ver_display'] = '4.16-unstable (changeset b75838a)';
fixes['4.16']['affected_ver_regex'] = "^4\.16([^0-9]|$)";
fixes['4.16']['affected_changesets'] = make_list('57f8785', '1e6706b',
'2f5f0a1', '9516d01', '4cfab44', 'a0ffee6', '048de2c', '9e319e5',
'dbb9481', 'c8c6cd9', 'f929448', '3b38b1d', 'a1743fc', 'eb7518b',
'2faeb42', 'd3b05f9', '2d7f191', '834cb87', '036432e', 'e5ba9f7',
'aa44f3c', '71cf763', 'e26f810', 'bc2bdd4', '4817dbf', 'f38c859',
'e8b42a4', '2fac4e3', 'b6b672e', '24b0ce9', '664cc3c', 'd4c9845',
'e17abb2', '86e84e5', '8858dfa', '305f193', 'b11380f', '1d34553',
'2075b41', 'a095542', '1da6a07', '6ec9176', '15517ed', 'f9187cf',
'2a04f39', '74c48d4', '192aaf7', 'd6bdad3', 'efbd25c', '58ce57a',
'4b88b4b', 'b6fe410', '60649d4', '4eb1728', 'a9a34e2', 'c2f40d8',
'c9aa02e', '5d15f90', 'f01be29', '65ca66c', '1907cfc', 'a3a476f',
'a12ceae', 'ab4a830');
vcf::xen_hypervisor::check_version_and_report(app_info:app_info, fixes:fixes, severity:SECURITY_WARNING);
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
74.5%