Lucene search
Copyright (C) 2020 Greenbone AGOPENVAS:1361412562310844586HistorySep 18, 2020 - 12:00 a.m.
Ubuntu: Security Advisory (USN-4511-1)
2020-09-1800:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
5
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
6.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.2%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.844586");
script_cve_id("CVE-2020-14364");
script_tag(name:"creation_date", value:"2020-09-18 03:00:21 +0000 (Fri, 18 Sep 2020)");
script_version("2024-02-02T05:06:07+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.4");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-09-10 19:20:54 +0000 (Thu, 10 Sep 2020)");
script_name("Ubuntu: Security Advisory (USN-4511-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|20\.04\ LTS)");
script_xref(name:"Advisory-ID", value:"USN-4511-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-4511-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'qemu' package(s) announced via the USN-4511-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Ziming Zhang, Xiao Wei, Gonglei Arei, and Yanyu Zhang discovered that QEMU
incorrectly handled certain USB packets. An attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service, or
possibly execute arbitrary code on the host. In the default installation,
when QEMU is used with libvirt, attackers would be isolated by the libvirt
AppArmor profile.");
script_tag(name:"affected", value:"'qemu' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU16.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"qemu", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-block-extra", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-guest-agent", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-kvm", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-aarch64", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-arm", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-common", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-mips", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-misc", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-ppc", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-s390x", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-sparc", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-x86", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-user", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-user-binfmt", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-user-static", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-utils", ver:"1:2.5+dfsg-5ubuntu10.46", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"qemu", ver:"1:2.11+dfsg-1ubuntu7.32", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system", ver:"1:2.11+dfsg-1ubuntu7.32", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-arm", ver:"1:2.11+dfsg-1ubuntu7.32", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-mips", ver:"1:2.11+dfsg-1ubuntu7.32", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-ppc", ver:"1:2.11+dfsg-1ubuntu7.32", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-s390x", ver:"1:2.11+dfsg-1ubuntu7.32", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-sparc", ver:"1:2.11+dfsg-1ubuntu7.32", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-x86", ver:"1:2.11+dfsg-1ubuntu7.32", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU20.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"qemu", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-arm", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-mips", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-ppc", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-s390x", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-sparc", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-x86", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-x86-microvm", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"qemu-system-x86-xen", ver:"1:4.2-3ubuntu6.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-2157)
2020-09-29 00:00:00
RHEL 7 : qemu-kvm (RHSA-2020:4053)
2020-11-18 00:00:00
Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2020-4056)
2020-12-22 00:00:00
prion
prion
Cross site scripting
2020-08-31 18:15:00
gentoo
gentoo
Xen: Buffer overflow
2020-09-29 00:00:00
QEMU: Multiple vulnerabilities
2020-11-11 00:00:00
openvas
openvas
Fedora: Security Advisory for xen (FEDORA-2020-eeb29955ed)
2020-09-16 00:00:00
Fedora: Security Advisory for xen (FEDORA-2020-3689b67b53)
2020-09-11 00:00:00
CentOS: Security Advisory for qemu-guest-agent (CESA-2020:4056)
2020-11-10 00:00:00
centos
centos
qemu security update
2020-11-09 13:15:26
qemu security update
2020-11-06 22:05:12
redhat
redhat
(RHSA-2020:4050) Important: qemu-kvm security update
2020-09-29 08:04:26
(RHSA-2020:4054) Important: qemu-kvm security update
2020-09-29 08:07:34
(RHSA-2020:4056) Important: qemu-kvm security update
2020-09-29 08:07:42
cve
cve
CVE-2020-14364
2020-08-31 18:15:12
alpinelinux
alpinelinux
CVE-2020-14364
2020-08-31 18:15:12
ubuntu
ubuntu
QEMU vulnerability
2020-09-17 00:00:00
QEMU vulnerabilities
2021-02-02 00:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2020-09-30 00:00:00
qemu-kvm security update
2020-10-08 00:00:00
virt:ol security update
2020-10-01 00:00:00
f5
f5
K09081535 : QEMU vulnerability CVE-2020-14364
2020-12-15 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-09-11 21:53:46
cbl_mariner
cbl_mariner
CVE-2020-14364 affecting package qemu-kvm 4.2.0-48
2020-11-30 19:31:04
nvd
nvd
CVE-2020-14364
2020-08-31 18:15:12
osv
osv
CVE-2020-14364
2020-08-31 18:15:12
qemu vulnerability
2020-09-17 11:10:51
Important: virt:rhel security update
2020-09-29 08:09:34
cvelist
cvelist
CVE-2020-14364
2020-08-31 17:11:52
ubuntucve
ubuntucve
CVE-2020-14364
2020-08-24 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: xen-4.12.3-4.fc31
2020-09-10 17:34:33
[SECURITY] Fedora 32 Update: xen-4.13.1-5.fc32
2020-09-15 16:17:33
ibm
ibm
debiancve
debiancve
CVE-2020-14364
2020-08-31 18:15:12
redhatcve
redhatcve
CVE-2020-14364
2020-08-24 13:04:32
xen
xen
QEMU: usb: out-of-bounds r/w access issue
2020-08-24 12:00:00
huawei
huawei
rocky
rocky
virt:rhel security update
2020-09-29 08:09:34
almalinux
almalinux
Important: virt:rhel security update
2020-09-29 08:09:34
amazon
amazon
Important: qemu
2020-11-09 21:04:00
Important: qemu-kvm
2020-11-14 01:23:00
citrix
citrix
Citrix Hypervisor Security Update
2020-08-24 04:00:00
suse
suse
Security update for qemu (important)
2020-10-13 00:00:00
Security update for qemu (important)
2021-07-11 00:00:00
Security update for qemu (moderate)
2021-07-14 00:00:00
debian
debian
[SECURITY] [DSA 4760-1] qemu security update
2020-09-06 18:00:48
[SECURITY] [DLA 2373-1] qemu security update
2020-09-13 18:47:47
archlinux
archlinux
[ASA-202012-26] qemu: multiple issues
2020-12-16 00:00:00
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
6.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.2%
Related for OPENVAS:1361412562310844586