 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.4.2012.0730.1 |
| Category: | SuSE Local Security Checks |
| Title: | SUSE: Security Advisory (SUSE-SU-2012:0730-1) |
| Summary: | The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2012:0730-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'Xen' package(s) announced via the SUSE-SU-2012:0730-1 advisory. Vulnerability Insight: Three security issues were found in XEN. Two security issues are fixed by this update: * CVE-2012-0217: Due to incorrect fault handling in the XEN hypervisor it was possible for a XEN guest domain administrator to execute code in the XEN host environment. * CVE-2012-0218: Also a guest user could crash the guest XEN kernel due to a protection fault bounce. The third fix is changing the Xen behaviour on certain hardware: * CVE-2012-2934: The issue is a denial of service issue on older pre-SVM AMD CPUs (AMD Erratum 121). AMD Erratum #121 is described in 'Revision Guide for AMD Athlon 64 and AMD Opteron Processors': [link moved to references] The following 130nm and 90nm (DDR1-only) AMD processors are subject to this erratum: o First-generation AMD-Opteron(tm) single and dual core processors in either 939 or 940 packages: + AMD Opteron(tm) 100-Series Processors + AMD Opteron(tm) 200-Series Processors + AMD Opteron(tm) 800-Series Processors + AMD Athlon(tm) processors in either 754, 939 or 940 packages + AMD Sempron(tm) processor in either 754 or 939 packages + AMD Turion(tm) Mobile Technology in 754 package This issue does not effect Intel processors. The impact of this flaw is that a malicious PV guest user can halt the host system. As this is a hardware flaw, it is not fixable except by upgrading your hardware to a newer revision, or not allowing untrusted 64bit guestsystems. The patch changes the behaviour of the host system booting, which makes it unable to create guest machines until a specific boot option is set. There is a new XEN boot option 'allow_unsafe' for GRUB which allows the host to start guests again. This is added to /boot/grub/menu.lst in the line looking like this: kernel /boot/xen.gz .... allow_unsafe Note: .... in this example represents the existing boot options for the host. Security Issue references: * CVE-2012-0217 > * CVE-2012-0218 > * CVE-2012-2934 >Special Instructions and Notes: Please reboot the system after installing this update. Affected Software/OS: 'Xen' package(s) on SUSE Linux Enterprise Desktop 10-SP4, SUSE Linux Enterprise Desktop 11-SP1, SUSE Linux Enterprise Server 10-SP2, SUSE Linux Enterprise Server 10-SP3, SUSE Linux Enterprise Server 10-SP4, SUSE Linux Enterprise Server 11-SP1, SUSE Linux Enterprise Software Development Kit 11-SP1. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-0217 Cert/CC Advisory: TA12-164A http://www.us-cert.gov/cas/techalerts/TA12-164A.html CERT/CC vulnerability note: VU#649219 http://www.kb.cert.org/vuls/id/649219 Debian Security Information: DSA-2501 (Google Search) http://www.debian.org/security/2012/dsa-2501 Debian Security Information: DSA-2508 (Google Search) http://www.debian.org/security/2012/dsa-2508 https://www.exploit-db.com/exploits/28718/ https://www.exploit-db.com/exploits/46508/ FreeBSD Security Advisory: FreeBSD-SA-12:04 http://security.freebsd.org/advisories/FreeBSD-SA-12:04.sysret.asc http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html Microsoft Security Bulletin: MS12-042 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-042 NETBSD Security Advisory: NetBSD-SA2012-003 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-003.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15596 http://secunia.com/advisories/55082 Common Vulnerability Exposure (CVE) ID: CVE-2012-0218 http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2012-2934 BugTraq ID: 53961 http://www.securityfocus.com/bid/53961 http://support.amd.com/us/Processor_TechDocs/25759.pdf http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html http://secunia.com/advisories/51413 SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |