4.4 - USN-1008-1

Executive Summary

Summary
Title	libvirt vulnerabilities

Informations
Name	USN-1008-1	First vendor Publication	2010-10-21
Vendor	Ubuntu	Last vendor Modification	2010-10-21
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:S/C:C/I:N/A:N)
Cvss Base Score	4.4	Attack Range	Local
Cvss Impact Score	6.9	Attack Complexity	Medium
Cvss Expoit Score	2.7	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS:
libvirt-bin 0.4.0-2ubuntu8.3
libvirt0 0.4.0-2ubuntu8.3

Ubuntu 9.04:
libvirt-bin 0.6.1-0ubuntu5.2
libvirt0 0.6.1-0ubuntu5.2

Ubuntu 9.10:
libvirt-bin 0.7.0-1ubuntu13.2
libvirt0 0.7.0-1ubuntu13.2

Ubuntu 10.04 LTS:
libvirt-bin 0.7.5-5ubuntu27.5
libvirt0 0.7.5-5ubuntu27.5

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: The previous version of libvirt on Ubuntu 10.04 LTS would probe a qemu disk to determine its format and did not require that the format be declared in the XML. This is considered a security problem in most deployments and this version of libvirt will default to the 'raw' format when the format is not specified in the XML. As a result, non-raw disks without a specified disk format will no longer be available in existing virtual machines.

The libvirt-migrate-qemu-disks tool is provided to aid in transitioning virtual machine definitions to the new required format. In essence, it will check all domains for affected virtual machines, probe the affected disks and update the domain definition accordingly. This command will be run automatically on upgrade. For new virtual machines using non-raw images, the disk format must be specified in the domain XML provided to libvirt, otherwise the disk will not be available to the virtual machine. See man 1 libvirt-migrate-qemu-disks for details.

Users who require the old behavior can adjust the 'allow_disk_format_probing' option in /etc/libvirt/qemu.conf.

Details follow:

It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. (CVE-2010-2237, CVE-2010-2238)

It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. (CVE-2010-2239)

Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host. (CVE-2010-2242)

Original Source

Url : http://www.ubuntu.com/usn/USN-1008-1

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12561

Oval ID:	oval:org.mitre.oval:def:12561
Title:	USN-1008-2 -- virtinst update
Description:	Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to "raw" when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not specify a format in the XML. This update adds the "format=" option when specifying a disk. For example, to import an existing VM which uses a qcow2 disk format, use somthing like the following: virt-install --connect=qemu:///session --name test-import --ram=256 \ --disk path=<path to qcow2 image>,format=qcow2 --import For more information, see man 1 virt-install. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host
Family:	unix	Class:	patch
Reference(s):	USN-1008-2 CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242	Version:	5
Platform(s):	Ubuntu 10.04	Product(s):	virtinst
Definition Synopsis:
Ubuntu 10.04 is installed AND Installed architecture is all Packages section virtinst DPKG is earlier than 0.500.1-2ubuntu6.1 AND python-virtinst DPKG is earlier than 0.500.1-2ubuntu6.1

Definition Id: oval:org.mitre.oval:def:13033

Oval ID:	oval:org.mitre.oval:def:13033
Title:	USN-1008-3 -- libvirt update
Description:	USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04 LTS reverted a recent bug fix update. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host
Family:	unix	Class:	patch
Reference(s):	USN-1008-3 CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242	Version:	5
Platform(s):	Ubuntu 10.04	Product(s):	libvirt
Definition Synopsis:
Ubuntu 10.04 is installed Architecture section Architecture independet section Installed architecture is all AND libvirt-doc DPKG is earlier than 0.7.5-5ubuntu27.6 OR Architecture depended section Supported architectures section Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libvirt0 DPKG is earlier than 0.7.5-5ubuntu27.6 AND libvirt-dev DPKG is earlier than 0.7.5-5ubuntu27.6 AND libvirt0-dbg DPKG is earlier than 0.7.5-5ubuntu27.6 AND python-libvirt DPKG is earlier than 0.7.5-5ubuntu27.6 AND libvirt-bin DPKG is earlier than 0.7.5-5ubuntu27.6

Definition Id: oval:org.mitre.oval:def:13109

Oval ID:	oval:org.mitre.oval:def:13109
Title:	USN-1008-1 -- libvirt vulnerabilities
Description:	It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host
Family:	unix	Class:	patch
Reference(s):	USN-1008-1 CVE-2010-2237 CVE-2010-2238 CVE-2010-2239 CVE-2010-2242	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.04 Ubuntu 9.10	Product(s):	libvirt
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND libvirt-doc DPKG is earlier than 0.4.0-2ubuntu8.3 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libvirt0 DPKG is earlier than 0.4.0-2ubuntu8.3 AND libvirt-dev DPKG is earlier than 0.4.0-2ubuntu8.3 AND libvirt0-dbg DPKG is earlier than 0.4.0-2ubuntu8.3 AND libvirt-bin DPKG is earlier than 0.4.0-2ubuntu8.3 AND python-libvirt DPKG is earlier than 0.4.0-2ubuntu8.3 OR Release section Ubuntu 10.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND libvirt-doc DPKG is earlier than 0.7.5-5ubuntu27.5 OR Architecture depended section Supported architectures section Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libvirt0 DPKG is earlier than 0.7.5-5ubuntu27.5 AND libvirt-dev DPKG is earlier than 0.7.5-5ubuntu27.5 AND libvirt0-dbg DPKG is earlier than 0.7.5-5ubuntu27.5 AND python-libvirt DPKG is earlier than 0.7.5-5ubuntu27.5 AND libvirt-bin DPKG is earlier than 0.7.5-5ubuntu27.5 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independet section Installed architecture is all AND libvirt-doc DPKG is earlier than 0.6.1-0ubuntu5.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libvirt0 DPKG is earlier than 0.6.1-0ubuntu5.2 AND libvirt-dev DPKG is earlier than 0.6.1-0ubuntu5.2 AND libvirt0-dbg DPKG is earlier than 0.6.1-0ubuntu5.2 AND python-libvirt DPKG is earlier than 0.6.1-0ubuntu5.2 AND libvirt-bin DPKG is earlier than 0.6.1-0ubuntu5.2 OR Release section Ubuntu 9.10 is installed AND Architecture section Architecture independet section Installed architecture is all AND libvirt-doc DPKG is earlier than 0.7.0-1ubuntu13.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libvirt0 DPKG is earlier than 0.7.0-1ubuntu13.2 AND libvirt-dev DPKG is earlier than 0.7.0-1ubuntu13.2 AND libvirt0-dbg DPKG is earlier than 0.7.0-1ubuntu13.2 AND python-libvirt DPKG is earlier than 0.7.0-1ubuntu13.2 AND libvirt-bin DPKG is earlier than 0.7.0-1ubuntu13.2

Definition Id: oval:org.mitre.oval:def:13143

Oval ID:	oval:org.mitre.oval:def:13143
Title:	USN-1008-4 -- libvirt regression
Description:	USN-1008-1 fixed vulnerabilities in libvirt. The upstream fixes for CVE-2010-2238 changed the behavior of libvirt such that the domain XML could not specify "host_device" as the qemu sub-type. While libvirt 0.8.3 and later will longer support specifying this sub-type, this update restores the old behavior on Ubuntu 10.04 LTS. We apologize for the inconvenience. Original advisory details: It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host
Family:	unix	Class:	patch
Reference(s):	USN-1008-4 CVE-2010-2238 CVE-2010-2237 CVE-2010-2239 CVE-2010-2242	Version:	5
Platform(s):	Ubuntu 10.04	Product(s):	libvirt
Definition Synopsis:
Ubuntu 10.04 is installed Architecture section Architecture independet section Installed architecture is all AND libvirt-doc DPKG is earlier than 0.7.5-5ubuntu27.7 OR Architecture depended section Supported architectures section Installed architecture is powerpc AND Installed architecture is armel AND Installed architecture is amd64 AND Installed architecture is i386 AND Packages section libvirt0 DPKG is earlier than 0.7.5-5ubuntu27.7 AND libvirt-dev DPKG is earlier than 0.7.5-5ubuntu27.7 AND libvirt0-dbg DPKG is earlier than 0.7.5-5ubuntu27.7 AND libvirt-bin DPKG is earlier than 0.7.5-5ubuntu27.7 AND python-libvirt DPKG is earlier than 0.7.5-5ubuntu27.7

Definition Id: oval:org.mitre.oval:def:22120

Oval ID:	oval:org.mitre.oval:def:22120
Title:	RHSA-2010:0615: libvirt security and bug fix update (Low)
Description:	Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0615-01 CESA-2010:0615 CVE-2010-2239 CVE-2010-2242	Version:	29
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	libvirt
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section libvirt-devel is earlier than 0:0.6.3-33.el5_5.3 AND libvirt is earlier than 0:0.6.3-33.el5_5.3 AND libvirt-python is earlier than 0:0.6.3-33.el5_5.3

Definition Id: oval:org.mitre.oval:def:22785

Oval ID:	oval:org.mitre.oval:def:22785
Title:	ELSA-2010:0615: libvirt security and bug fix update (Low)
Description:	Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0615-01 CVE-2010-2239 CVE-2010-2242	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	libvirt
Definition Synopsis:
Oracle Linux 5.x rpm test libvirt-devel is earlier than 0:0.6.3-33.el5_5.3 AND libvirt is earlier than 0:0.6.3-33.el5_5.3 AND libvirt-python is earlier than 0:0.6.3-33.el5_5.3

Definition Id: oval:org.mitre.oval:def:28238

Oval ID:	oval:org.mitre.oval:def:28238
Title:	DEPRECATED: ELSA-2010-0615 -- libvirt security and bug fix update (low)
Description:	[0.6.3-33.0.1.el5_5.3] - Replaced docs/et.png in tarball [0.6.3-33.el5_5.3] - Explicitly set qcow2 backing store format (CVE-2010-2239) - Remap privileged source ports from guests behind NAT (CVE-2010-2242) - Eliminate memory leak in xenUnifiedDomainInfoListFree (rhbz 619711) [0.6.3-33.el5_5.2] - Fix discrepancy between xm list and virsh list (rhbz 618200) - Set a stable & high MAC addr for guest TAP devices on host (rhbz 617243)
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-0615 CVE-2010-2239 CVE-2010-2242	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	libvirt
Definition Synopsis:
Oracle Linux 5.x Packages match section libvirt is earlier than 0:0.6.3-33.0.1.el5_5.3 AND libvirt-devel is earlier than 0:0.6.3-33.0.1.el5_5.3 AND libvirt-python is earlier than 0:0.6.3-33.0.1.el5_5.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Libvirt cpe:2.3:a:libvirt:libvirt:0.8.2:::::::* cpe:2.3:a:libvirt:libvirt:0.8.1:::::::* cpe:2.3:a:libvirt:libvirt:0.8.0:::::::* cpe:2.3:a:libvirt:libvirt:0.7.7:::::::* cpe:2.3:a:libvirt:libvirt:0.7.6:::::::* cpe:2.3:a:libvirt:libvirt:0.7.5:::::::* cpe:2.3:a:libvirt:libvirt:0.7.4:::::::* cpe:2.3:a:libvirt:libvirt:0.7.3:::::::* cpe:2.3:a:libvirt:libvirt:0.7.2:::::::* cpe:2.3:a:libvirt:libvirt:0.7.1:::::::* cpe:2.3:a:libvirt:libvirt:0.7.0:::::::* cpe:2.3:a:libvirt:libvirt:0.6.5:::::::* cpe:2.3:a:libvirt:libvirt:0.6.4:::::::* cpe:2.3:a:libvirt:libvirt:0.6.3:::::::* cpe:2.3:a:libvirt:libvirt:0.6.2:::::::* cpe:2.3:a:libvirt:libvirt:0.6.1:::::::* cpe:2.3:a:libvirt:libvirt:0.6.0:::::::* cpe:2.3:a:libvirt:libvirt:0.5.1:::::::* cpe:2.3:a:libvirt:libvirt:0.5.0:::::::* cpe:2.3:a:libvirt:libvirt:0.4.6:::::::* cpe:2.3:a:libvirt:libvirt:0.4.4:::::::* cpe:2.3:a:libvirt:libvirt:0.4.3:::::::* cpe:2.3:a:libvirt:libvirt:0.4.2:::::::* cpe:2.3:a:libvirt:libvirt:0.4.1:::::::* cpe:2.3:a:libvirt:libvirt:0.4.0:::::::* cpe:2.3:a:libvirt:libvirt:0.3.3:::::::* cpe:2.3:a:libvirt:libvirt:0.3.2:::::::* cpe:2.3:a:libvirt:libvirt:0.3.1:::::::* cpe:2.3:a:libvirt:libvirt:0.3.0:::::::* cpe:2.3:a:libvirt:libvirt:0.2.3:::::::* cpe:2.3:a:libvirt:libvirt:0.2.2:::::::* cpe:2.3:a:libvirt:libvirt:0.2.1:::::::* cpe:2.3:a:libvirt:libvirt:0.2.0:::::::*	33

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for libvirt CESA-2010:0615 centos5 i386 File : nvt/gb_CESA-2010_0615_libvirt_centos5_i386.nasl
2011-06-20	Name : Ubuntu Update for libvirt USN-1152-1 File : nvt/gb_ubuntu_USN_1152_1.nasl
2010-11-16	Name : Ubuntu Update for libvirt regression USN-1008-4 File : nvt/gb_ubuntu_USN_1008_4.nasl
2010-10-26	Name : Ubuntu Update for libvirt update USN-1008-3 File : nvt/gb_ubuntu_USN_1008_3.nasl
2010-10-22	Name : Ubuntu Update for libvirt vulnerabilities USN-1008-1 File : nvt/gb_ubuntu_USN_1008_1.nasl
2010-10-22	Name : Ubuntu Update for virtinst update USN-1008-2 File : nvt/gb_ubuntu_USN_1008_2.nasl
2010-07-30	Name : Fedora Update for libvirt FEDORA-2010-10960 File : nvt/gb_fedora_2010_10960_libvirt_fc13.nasl
2010-07-30	Name : Fedora Update for libvirt FEDORA-2010-11021 File : nvt/gb_fedora_2010_11021_libvirt_fc12.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
67300	libvirt on Red Hat iptables Rules Privileged Source Port Mapping Guest OS Acc...
67299	libvirt on Red Hat New Image Creation User-defined Backing-store Format Weakn...
67298	libvirt on Red Hat Disk Backing-store Format Disk-image Backing Stores Recurs...
67297	libvirt on Red Hat Main Disk Format Disk Backing Store Lookup Guest OS Arbitr...

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libvirt-100810.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0615.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0615.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100810_libvirt_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-06-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1152-1.nasl - Type : ACT_GATHER_INFO
2011-01-21	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libvirt-100819.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libvirt-100723.nasl - Type : ACT_GATHER_INFO
2010-11-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1008-4.nasl - Type : ACT_GATHER_INFO
2010-10-24	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1008-3.nasl - Type : ACT_GATHER_INFO
2010-10-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1008-1.nasl - Type : ACT_GATHER_INFO
2010-10-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1008-2.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libvirt-7150.nasl - Type : ACT_GATHER_INFO
2010-09-17	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libvirt-100730.nasl - Type : ACT_GATHER_INFO
2010-09-17	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libvirt-100723.nasl - Type : ACT_GATHER_INFO
2010-08-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0615.nasl - Type : ACT_GATHER_INFO
2010-07-27	Name : The remote Fedora host is missing a security update. File : fedora_2010-11021.nasl - Type : ACT_GATHER_INFO
2010-07-27	Name : The remote Fedora host is missing a security update. File : fedora_2010-10960.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:58:00	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	4
Oval ID(s)	7
CPE ID(s)	33
osvdb(s)	4
Openvas Exploit(s)	8
Nessus® Exploit(s)	17

	Related
4.4	USN-1008-4
4.4	USN-1008-3
4.4	CVE-2010-2239
4.4	CVE-2010-2238
4.4	CVE-2010-2237
2.1	CVE-2010-2242
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

4.4 - USN-1008-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU