Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title xen security update
Informations
Name DSA-2337 First vendor Publication 2011-11-06
Vendor Debian Last vendor Modification 2011-11-06
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 7.4 Attack Range Adjacent network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 4.4 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities were discovered in the Xen virtual machine hypervisor.

CVE-2011-1166

A 64-bit guest can get one of its vCPU'ss into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system.

CVE-2011-1583, CVE-2011-3262

Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image.

CVE-2011-1898

When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS can users to gain host OS privileges by writing to the interrupt injection registers.

The oldstable distribution (lenny) contains a different version of Xen not affected by these problems.

For the stable distribution (squeeze), this problem has been fixed in version 4.0.1-4.

For the testing (wheezy) and unstable distribution (sid), this problem has been fixed in version 4.1.1-1.

We recommend that you upgrade your xen packages.

Original Source

Url : http://www.debian.org/security/2011/dsa-2337

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-399 Resource Management Errors
25 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-189 Numeric Errors (CWE/SANS Top 25)
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15124
 
Oval ID: oval:org.mitre.oval:def:15124
Title: DSA-2337-1 xen -- several vulnerabilities
Description: Several vulnerabilities were discovered in the Xen virtual machine hypervisor. CVE-2011-1166 A 64-bit guest can get one of its vCPU"ss into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system. CVE-2011-1583, CVE-2011-3262 Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image. CVE-2011-1898 When using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, guest OS can users to gain host OS privileges by writing to the interrupt injection registers. The old stable distribution contains a different version of Xen not affected by these problems.
Family: unix Class: patch
Reference(s): DSA-2337-1
CVE-2011-1166
CVE-2011-1583
CVE-2011-1898
CVE-2011-3262
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): xen
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19774
 
Oval ID: oval:org.mitre.oval:def:19774
Title: VMware ESXi and ESX updates to third party library and ESX Service Console
Description: Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1166
Version: 5
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21927
 
Oval ID: oval:org.mitre.oval:def:21927
Title: RHSA-2011:0496: xen security update (Important)
Description: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
Family: unix Class: patch
Reference(s): RHSA-2011:0496-01
CESA-2011:0496
CVE-2011-1583
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): xen
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23074
 
Oval ID: oval:org.mitre.oval:def:23074
Title: ELSA-2011:0496: xen security update (Important)
Description: Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
Family: unix Class: patch
Reference(s): ELSA-2011:0496-01
CVE-2011-1583
Version: 6
Platform(s): Oracle Linux 5
Product(s): xen
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27717
 
Oval ID: oval:org.mitre.oval:def:27717
Title: DEPRECATED: ELSA-2011-0496 -- xen security update (important)
Description: [3.0.3-120.el5_6.2] - Fix logic and integer overflow in xc_try_bzip2_decode() (rhbz 696938) - Fix logic and integer overflow in xc_try_lzma_decode() (rhbz 696938) - Fix integer and buffer overflows in xc_dom_probe_bzimage_kernel() (rhbz 696938)
Family: unix Class: patch
Reference(s): ELSA-2011-0496
CVE-2011-1583
CVE-2011-3262
Version: 4
Platform(s): Oracle Linux 5
Product(s): xen
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5
Application 16
Os 30

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for xen CESA-2011:0496 centos5 x86_64
File : nvt/gb_CESA-2011_0496_xen_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:1479 centos5 x86_64
File : nvt/gb_CESA-2011_1479_kernel_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2011:0833 centos5 x86_64
File : nvt/gb_CESA-2011_0833_kernel_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for kernel RHSA-2011:1189-01
File : nvt/gb_RHSA-2011_1189-01_kernel.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9430
File : nvt/gb_fedora_2012_9430_xen_fc15.nasl
2012-03-15 Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser...
File : nvt/gb_VMSA-2012-0001.nasl
2012-02-21 Name : Fedora Update for xen FEDORA-2012-1539
File : nvt/gb_fedora_2012_1539_xen_fc15.nasl
2012-02-11 Name : Debian Security Advisory DSA 2337-1 (xen)
File : nvt/deb_2337_1.nasl
2011-12-02 Name : CentOS Update for kernel CESA-2011:1479 centos5 i386
File : nvt/gb_CESA-2011_1479_kernel_centos5_i386.nasl
2011-12-02 Name : RedHat Update for kernel RHSA-2011:1479-01
File : nvt/gb_RHSA-2011_1479-01_kernel.nasl
2011-09-07 Name : Fedora Update for xen FEDORA-2011-10942
File : nvt/gb_fedora_2011_10942_xen_fc15.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2011:0833 centos5 i386
File : nvt/gb_CESA-2011_0833_kernel_centos5_i386.nasl
2011-08-09 Name : CentOS Update for xen CESA-2011:0496 centos5 i386
File : nvt/gb_CESA-2011_0496_xen_centos5_i386.nasl
2011-07-12 Name : Fedora Update for xen FEDORA-2011-8421
File : nvt/gb_fedora_2011_8421_xen_fc15.nasl
2011-07-08 Name : Fedora Update for xen FEDORA-2011-8403
File : nvt/gb_fedora_2011_8403_xen_fc14.nasl
2011-06-06 Name : RedHat Update for kernel RHSA-2011:0833-01
File : nvt/gb_RHSA-2011_0833-01_kernel.nasl
2011-06-06 Name : Fedora Update for xen FEDORA-2011-7421
File : nvt/gb_fedora_2011_7421_xen_fc13.nasl
2011-06-03 Name : Fedora Update for xen FEDORA-2011-6914
File : nvt/gb_fedora_2011_6914_xen_fc14.nasl
2011-05-17 Name : RedHat Update for xen RHSA-2011:0496-01
File : nvt/gb_RHSA-2011_0496-01_xen.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75175 Xen Intel VT-d Chipset PCI Passthrough DMA MSI Interrupt Injection Register P...

73740 Xen Paravirtualised Guests Decompression Local DoS

73739 Xen Paravirtualised Guests Decompression Local Overflow Information Disclosure

73738 Xen Paravirtualised Guests Decompression Local Overflow

71331 Xen xen/arch/x86/domain.c arch_set_info_guest() Pagetable Local DoS

Xen contains a flaw that may allow a local denial of service. The issue is triggered when the 'arch_set_info_guest()' function in 'xen/arch/x86/domain.c' fails to properly verify the presence of a valid usermode pagetable, resulting in a loss of availability.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-02-02 IAVM : 2012-A-0020 - Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity : Category I - VMSKEY : V0031252

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote VMware ESXi / ESX host is missing a security-related patch.
File : vmware_VMSA-2012-0001_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2011-0007.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_xen-201107-110726.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_xen-201105-110510.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_xen-201107-110726.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_xen-201105-110510.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-24.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-2025.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1479.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0496.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0833.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1189.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0833.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1479.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0358.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110509_xen_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110531_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110823_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111129_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-01-31 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0001.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xen-201106-7547.nasl - Type : ACT_GATHER_INFO
2011-11-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1479.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2337.nasl - Type : ACT_GATHER_INFO
2011-10-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xen-201108-7703.nasl - Type : ACT_GATHER_INFO
2011-08-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xen-201107-110808.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1189.nasl - Type : ACT_GATHER_INFO
2011-06-30 Name : The remote Fedora host is missing a security update.
File : fedora_2011-8403.nasl - Type : ACT_GATHER_INFO
2011-06-30 Name : The remote Fedora host is missing a security update.
File : fedora_2011-8421.nasl - Type : ACT_GATHER_INFO
2011-06-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-7421.nasl - Type : ACT_GATHER_INFO
2011-06-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xen-201105-110505.nasl - Type : ACT_GATHER_INFO
2011-06-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0833.nasl - Type : ACT_GATHER_INFO
2011-05-25 Name : The remote Fedora host is missing a security update.
File : fedora_2011-6914.nasl - Type : ACT_GATHER_INFO
2011-05-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-6859.nasl - Type : ACT_GATHER_INFO
2011-05-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0496.nasl - Type : ACT_GATHER_INFO
2011-05-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0496.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:30:33
  • Multiple Updates
2014-01-08 00:22:41
  • Multiple Updates