Executive Summary
Summary | |
---|---|
Title | Xen: Denial of Service |
Informations | |||
---|---|---|---|
Name | GLSA-201412-42 | First vendor Publication | 2014-12-26 |
Vendor | Gentoo | Last vendor Modification | 2014-12-26 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.3 | Attack Range | Adjacent network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in Xen, possibly resulting in Denial of Service. Background Description Impact Workaround Resolution All Xen 4.4 users should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-201412-42.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201412-42.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:26783 | |||
Oval ID: | oval:org.mitre.oval:def:26783 | ||
Title: | DSA-3041-1 xen - security update | ||
Description: | Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-3041-1 CVE-2013-2072 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 | Version: | 3 |
Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | xen |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28083 | |||
Oval ID: | oval:org.mitre.oval:def:28083 | ||
Title: | SUSE-SU-2014:1318-1 -- Security update for Xen (moderate) | ||
Description: | The SUSE Linux Enterprise 11 Service Pack 3 Xen package was updated to fix various bugs and security issues. The following security issues have been fixed: * XSA-108: CVE-2014-7188: Improper MSR range used for x2APIC emulation (bnc#897657) * XSA-106: CVE-2014-7156: Missing privilege level checks in x86 emulation of software interrupts (bnc#895802) * XSA-105: CVE-2014-7155: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation (bnc#895799) * XSA-104: CVE-2014-7154: Race condition in HVMOP_track_dirty_vram (bnc#895798) * XSA-100: CVE-2014-4021: Hypervisor heap contents leaked to guests (bnc#880751) * XSA-96: CVE-2014-3967, CVE-2014-3968: Vulnerabilities in HVM MSI injection (bnc#878841) * XSA-89: CVE-2014-2599: HVMOP_set_mem_access is not preemptible (bnc#867910) * XSA-65: CVE-2013-4344: qemu SCSI REPORT LUNS buffer overflow (bnc#842006) * CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load (bnc#864801) The following non-security issues have been fixed: * xend: Fix netif convertToDeviceNumber for running domains (bnc#891539) * Installing SLES12 as a VM on SLES11 SP3 fails because of btrfs in the VM (bnc#882092) * XEN kernel panic do_device_not_available() (bnc#881900) * Boot Failure with xen kernel in UEFI mode with error "No memory for trampoline" (bnc#833483) * SLES 11 SP3 vm-install should get RHEL 7 support when released (bnc#862608) * SLES 11 SP3 XEN kiso version cause softlockup on 8 blades npar(480 cpu) (bnc#858178) * Local attach support for PHY backends using scripts local_attach_support_for_phy.patch (bnc#865682) * Improve multipath support for npiv devices block-npiv (bnc#798770) Security Issues: * CVE-2013-4344 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344> * CVE-2013-4540 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4540> * CVE-2014-2599 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2599> * CVE-2014-3967 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3967> * CVE-2014-3968 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3968> * CVE-2014-4021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021> * CVE-2014-7154 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7154> * CVE-2014-7155 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7155> * CVE-2014-7156 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7156> * CVE-2014-7188 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1318-1 CVE-2013-4344 CVE-2013-4540 CVE-2014-2599 CVE-2014-3967 CVE-2014-3968 CVE-2014-4021 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Xen |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-06-12 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0068.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1691-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1710-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1732-1.nasl - Type : ACT_GATHER_INFO |
2014-12-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-42.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0025.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0026.nasl - Type : ACT_GATHER_INFO |
2014-10-23 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xen-201409-141002.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12000.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12036.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-579.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-580.nasl - Type : ACT_GATHER_INFO |
2014-10-09 | Name : The remote Fedora host is missing a security update. File : fedora_2014-12002.nasl - Type : ACT_GATHER_INFO |
2014-10-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3041.nasl - Type : ACT_GATHER_INFO |
2014-09-29 | Name : The remote Fedora host is missing a security update. File : fedora_2014-11271.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-12-30 13:25:12 |
|
2014-12-26 21:22:43 |
|