Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702582
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2582-1 (xen - several vulnerabilities)
Summary:Multiple denial of service vulnerabilities have been discovered;in the Xen Hypervisor. One of the issue;(CVE-2012-5513);could even lead to privilege escalation from guest to host.;;Some of the recently published Xen Security Advisories;(XSA 25 and 28);are not fixed by this update and should be fixed in a future release.;;CVE-2011-3131 (XSA 5):;DoS using I/OMMU faults from PCI-passthrough guest;A VM that controls a PCI[E] device directly can cause it to issue DMA;requests to invalid addresses. Although these requests are denied by the;I/OMMU, the hypervisor needs to handle the interrupt and clear the error from;the I/OMMU, and this can be used to live-lock a CPU and potentially hang the;host.;;Description truncated. Please see the references for more information.
Description:Summary:
Multiple denial of service vulnerabilities have been discovered
in the Xen Hypervisor. One of the issue
(CVE-2012-5513)
could even lead to privilege escalation from guest to host.

Some of the recently published Xen Security Advisories
(XSA 25 and 28)
are not fixed by this update and should be fixed in a future release.

CVE-2011-3131 (XSA 5):
DoS using I/OMMU faults from PCI-passthrough guest
A VM that controls a PCI[E] device directly can cause it to issue DMA
requests to invalid addresses. Although these requests are denied by the
I/OMMU, the hypervisor needs to handle the interrupt and clear the error from
the I/OMMU, and this can be used to live-lock a CPU and potentially hang the
host.

Description truncated. Please see the references for more information.

Affected Software/OS:
xen on Debian Linux

Solution:
For the stable distribution (squeeze), these problems have been fixed in
version 4.0.1-5.5.

For the testing distribution (wheezy), these problems have been fixed in
version 4.1.3-6.

For the unstable distribution (sid), these problems have been fixed in
version 4.1.3-6.

We recommend that you upgrade your xen packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5513
BugTraq ID: 56797
http://www.securityfocus.com/bid/56797
Debian Security Information: DSA-2582 (Google Search)
http://www.debian.org/security/2012/dsa-2582
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.openwall.com/lists/oss-security/2012/12/03/11
http://www.osvdb.org/88131
RedHat Security Advisories: RHSA-2012:1540
http://rhn.redhat.com/errata/RHSA-2012-1540.html
http://secunia.com/advisories/51397
http://secunia.com/advisories/51468
http://secunia.com/advisories/51486
http://secunia.com/advisories/51487
http://secunia.com/advisories/51495
http://secunia.com/advisories/55082
SuSE Security Announcement: SUSE-SU-2012:1606 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00000.html
SuSE Security Announcement: SUSE-SU-2012:1615 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html
SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
SuSE Security Announcement: SUSE-SU-2014:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html
SuSE Security Announcement: openSUSE-SU-2012:1685 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html
SuSE Security Announcement: openSUSE-SU-2012:1687 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html
SuSE Security Announcement: openSUSE-SU-2013:0133 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html
SuSE Security Announcement: openSUSE-SU-2013:0636 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
SuSE Security Announcement: openSUSE-SU-2013:0637 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
XForce ISS Database: xen-xenmemexchange-priv-esc(80482)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80482
Common Vulnerability Exposure (CVE) ID: CVE-2012-4538
BugTraq ID: 56498
http://www.securityfocus.com/bid/56498
https://security.gentoo.org/glsa/201604-03
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
http://www.openwall.com/lists/oss-security/2012/11/13/3
http://osvdb.org/87306
http://www.securitytracker.com/id?1027762
http://secunia.com/advisories/51200
http://secunia.com/advisories/51324
http://secunia.com/advisories/51352
http://secunia.com/advisories/51413
SuSE Security Announcement: SUSE-SU-2012:1486 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
SuSE Security Announcement: SUSE-SU-2012:1487 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html
SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
XForce ISS Database: xen-hvmop-dos(80025)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80025
Common Vulnerability Exposure (CVE) ID: CVE-2012-4535
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
http://www.openwall.com/lists/oss-security/2012/11/13/1
http://osvdb.org/87298
http://www.securitytracker.com/id?1027759
XForce ISS Database: xen-vcpu-dos(80022)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80022
Common Vulnerability Exposure (CVE) ID: CVE-2011-3131
BugTraq ID: 49146
http://www.securityfocus.com/bid/49146
http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html
http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html
http://secunia.com/advisories/45622
Common Vulnerability Exposure (CVE) ID: CVE-2012-5515
BugTraq ID: 56798
http://www.securityfocus.com/bid/56798
http://lists.xen.org/archives/html/xen-announce/2012-12/msg00001.html
http://www.openwall.com/lists/oss-security/2012/12/03/9
http://www.osvdb.org/88127
XForce ISS Database: xen-extentorder-dos(80479)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80479
Common Vulnerability Exposure (CVE) ID: CVE-2012-4539
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html
http://www.openwall.com/lists/oss-security/2012/11/13/4
http://www.osvdb.org/87305
http://www.securitytracker.com/id?1027763
XForce ISS Database: xen-gnttabopgetstatus-dos(80026)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80026
Common Vulnerability Exposure (CVE) ID: CVE-2012-5514
BugTraq ID: 56803
http://www.securityfocus.com/bid/56803
http://www.openwall.com/lists/oss-security/2012/12/03/12
http://www.osvdb.org/88130
XForce ISS Database: xen-guestphysmapmark-dos(80483)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80483
Common Vulnerability Exposure (CVE) ID: CVE-2012-5510
BugTraq ID: 56794
http://www.securityfocus.com/bid/56794
http://www.openwall.com/lists/oss-security/2012/12/03/6
http://www.osvdb.org/88128
XForce ISS Database: xen-grant-table-dos(80478)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80478
Common Vulnerability Exposure (CVE) ID: CVE-2012-4537
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
http://www.openwall.com/lists/oss-security/2012/11/13/6
http://osvdb.org/87307
http://www.securitytracker.com/id?1027761
XForce ISS Database: xen-setp2mentry-dos(80024)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80024
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.