 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.66053 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-1907-1) |
| Summary: | The remote host is missing an update for the Debian 'kvm' package(s) announced via the DSA-1907-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'kvm' package(s) announced via the DSA-1907-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5714 Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. CVE-2009-3290 It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. The oldstable distribution (etch) does not contain kvm. For the stable distribution (lenny), these problems have been fixed in version 72+dfsg-5~ lenny3. For the testing distribution (squeeze) these problems will be fixed soon. For the unstable distribution (sid) these problems have been fixed in version 85+dfsg-4.1 We recommend that you upgrade your kvm packages. Affected Software/OS: 'kvm' package(s) on Debian 5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-5714 BugTraq ID: 33020 http://www.securityfocus.com/bid/33020 http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html http://secunia.com/advisories/33568 http://secunia.com/advisories/34642 http://secunia.com/advisories/35062 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://www.ubuntu.com/usn/usn-776-1 XForce ISS Database: qemu-monitor-weak-security(47683) https://exchange.xforce.ibmcloud.com/vulnerabilities/47683 Common Vulnerability Exposure (CVE) ID: CVE-2009-3290 http://www.openwall.com/lists/oss-security/2009/09/18/1 http://www.openwall.com/lists/oss-security/2009/09/21/1 http://www.openwall.com/lists/oss-security/2009/09/22/8 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11328 http://www.redhat.com/support/errata/RHSA-2009-1465.html http://secunia.com/advisories/37105 http://www.ubuntu.com/usn/USN-852-1 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |