Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title New kvm packages fix several vulnerabilities
Informations
Name DSA-1907 First vendor Publication 2009-10-13
Vendor Debian Last vendor Modification 2009-10-13
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-5714

Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

CVE-2009-3290

It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory.

For the stable distribution (lenny), these problems have been fixed in version 72+dfsg-5~lenny3.

The oldstable distribution (etch) does not contain kvm.

For the testing distribution (squeeze) these problems will be fixed soon.

For the unstable distribution (sid) these problems have been fixed in version 85+dfsg-4.1

We recommend that you upgrade your kvm packages.

Original Source

Url : http://www.debian.org/security/2009/dsa-1907

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
50 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11328
 
Oval ID: oval:org.mitre.oval:def:11328
Title: The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."
Description: The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."
Family: unix Class: vulnerability
Reference(s): CVE-2009-3290
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13413
 
Oval ID: oval:org.mitre.oval:def:13413
Title: DSA-1907-1 kvm -- several vulnerabilities
Description: Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5714 Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. CVE-2009-3290 It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service and read or write guest kernel memory. For the stable distribution, these problems have been fixed in version 72+dfsg-5~lenny3. The oldstable distribution does not contain kvm. For the testing distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 85+dfsg-4.1 We recommend that you upgrade your kvm packages.
Family: unix Class: patch
Reference(s): DSA-1907-1
CVE-2008-5714
CVE-2009-3290
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13482
 
Oval ID: oval:org.mitre.oval:def:13482
Title: USN-776-1 -- kvm vulnerabilities
Description: Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM�s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM�s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM�s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service
Family: unix Class: patch
Reference(s): USN-776-1
CVE-2008-1945
CVE-2008-2004
CVE-2008-2382
CVE-2008-4539
CVE-2008-5714
 Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
 Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13656
 
Oval ID: oval:org.mitre.oval:def:13656
Title: USN-776-2 -- kvm regression
Description: USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM�s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM�s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM�s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service
Family: unix Class: patch
Reference(s): USN-776-2
CVE-2008-1945
CVE-2008-2004
CVE-2008-2382
CVE-2008-4539
CVE-2008-5714
 Version: 5
Platform(s): Ubuntu 8.04
 Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22837
 
Oval ID: oval:org.mitre.oval:def:22837
Title: ELSA-2009:1465: kvm security and bug fix update (Important)
Description: The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."
Family: unix Class: patch
Reference(s): ELSA-2009:1465-01
CVE-2009-3290
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7760
 
Oval ID: oval:org.mitre.oval:def:7760
Title: DSA-1907 kvm -- several vulnerabilities
Description: Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. The oldstable distribution (etch) does not contain kvm.
Family: unix Class: patch
Reference(s): DSA-1907
CVE-2008-5714
CVE-2009-3290
 Version: 3
Platform(s): Debian GNU/Linux 5.0
 Product(s): kvm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Os 1149

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for kvm-83-105.el5_ CESA-2009:1465 centos5 i386
File : nvt/gb_CESA-2009_1465_kvm-83-105.el5__centos5_i386.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-1804
File : nvt/gb_fedora_2010_1804_kernel_fc11.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-0919
File : nvt/gb_fedora_2010_0919_kernel_fc11.nasl
2010-03-02 Name : Fedora Update for kernel FEDORA-2010-1500
File : nvt/gb_fedora_2010_1500_kernel_fc11.nasl
2009-12-30 Name : Fedora Core 11 FEDORA-2009-13694 (kernel)
File : nvt/fcore_2009_13694.nasl
2009-12-14 Name : Fedora Core 10 FEDORA-2009-13098 (kernel)
File : nvt/fcore_2009_13098.nasl
2009-12-10 Name : Fedora Core 11 FEDORA-2009-12786 (kernel)
File : nvt/fcore_2009_12786.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1465 (kvm)
File : nvt/ovcesa2009_1465.nasl
2009-11-11 Name : Mandriva Security Advisory MDVSA-2009:289 (kernel)
File : nvt/mdksa_2009_289.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10639 (kernel)
File : nvt/fcore_2009_10639.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-11032 (kernel)
File : nvt/fcore_2009_11032.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-11038 (kernel)
File : nvt/fcore_2009_11038.nasl
2009-10-27 Name : Debian Security Advisory DSA 1915-1 (linux-2.6)
File : nvt/deb_1915_1.nasl
2009-10-19 Name : Debian Security Advisory DSA 1907-1 (kvm)
File : nvt/deb_1907_1.nasl
2009-10-19 Name : Fedora Core 10 FEDORA-2009-10525 (kernel)
File : nvt/fcore_2009_10525.nasl
2009-10-06 Name : Fedora Core 10 FEDORA-2009-10165 (kernel)
File : nvt/fcore_2009_10165.nasl
2009-10-06 Name : RedHat Security Advisory RHSA-2009:1465
File : nvt/RHSA_2009_1465.nasl
2009-06-05 Name : Ubuntu USN-707-1 (cupsys)
File : nvt/ubuntu_707_1.nasl
2009-06-05 Name : Ubuntu USN-776-2 (kvm)
File : nvt/ubuntu_776_2.nasl
2009-05-20 Name : Ubuntu USN-776-1 (kvm)
File : nvt/ubuntu_776_1.nasl
2009-04-06 Name : SuSE Security Summary SUSE-SR:2009:008
File : nvt/suse_sr_2009_008.nasl
2009-01-20 Name : Mandrake Security Advisory MDVSA-2009:008 (qemu)
File : nvt/mdksa_2009_008.nasl
2009-01-20 Name : Mandrake Security Advisory MDVSA-2009:009 (kvm)
File : nvt/mdksa_2009_009.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:002
File : nvt/suse_sr_2009_002.nasl
2009-01-20 Name : Ubuntu USN-708-1 (hplip)
File : nvt/ubuntu_708_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
58214 Linux Kernel arch/x86/kvm/x86.c kvm_emulate_hypercall() Function Arbitrary Gu...
51033 Qemu monitor.c Off-by-one VNC Password Weakness

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1465.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1465.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1907.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1915.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1465.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10639.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-289.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-852-1.nasl - Type : ACT_GATHER_INFO
2009-10-05 Name : The remote Fedora host is missing a security update.
File : fedora_2009-10165.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kvm-090112.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_qemu-090325.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kvm-090112.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_qemu-090325.nasl - Type : ACT_GATHER_INFO
2009-05-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-776-2.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-776-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-008.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-009.nasl - Type : ACT_GATHER_INFO
2009-04-03 Name : The remote openSUSE host is missing a security update.
File : suse_qemu-6123.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:28:54
  • Multiple Updates