NASLDB: SuSE 10 Security Update : Xen (ZYPP Patch Number 8180)
General
ID: 59469
Name: SuSE 10 Security Update : Xen (ZYPP Patch Number 8180)
Summary: Checks rpm output for the updated packages
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –
Port: 0
Family: SuSE Local Security Checks
Type: Local
Description
Three security issues were found in XEN.
Two security issues are fixed by this update :
– Due to incorrect fault handling in the XEN hypervisor it
was possible for a XEN guest domain administrator to
execute code in the XEN host environment.
(CVE-2012-0217)
– Also a guest user could crash the guest XEN kernel due
to a protection fault bounce. (CVE-2012-0218)
The third fix is changing the Xen behaviour on certain hardware :
– The issue is a denial of service issue on older pre-SVM
AMD CPUs (AMD Erratum 121). (CVE-2012-2934)
AMD Erratum #121 is described in ‘Revision Guide for AMD
Athlon 64 and AMD Opteron Processors’:
http://support.amd.com/us/Processor_TechDocs/25759.pdf
The following 130nm and 90nm (DDR1-only) AMD processors
are subject to this erratum :
o
First-generation AMD-Opteron™ single and dual core
processors in either 939 or 940 packages :
– AMD Opteron™ 100-Series Processors
– AMD Opteron™ 200-Series Processors
– AMD Opteron™ 800-Series Processors
– AMD Athlon™ processors in either 754, 939 or 940
packages
– AMD Sempron™ processor in either 754 or 939 packages
– AMD Turion™ Mobile Technology in 754 package This
issue does not effect Intel processors.
The impact of this flaw is that a malicious PV guest
user can halt the host system.
As this is a hardware flaw, it is not fixable except by
upgrading your hardware to a newer revision, or not
allowing untrusted 64bit guestsystems.
The patch changes the behaviour of the host system
booting, which makes it unable to create guest machines
until a specific boot option is set.
There is a new XEN boot option ‘allow_unsafe’ for GRUB
which allows the host to start guests again.
This is added to /boot/grub/menu.lst in the line looking
like this :
kernel /boot/xen.gz …. allow_unsafe
Note: .... in this example represents the existing boot
options for the host.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2012-0217
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2012/06/06
Plugin Release: 2012/06/13
Plugin
Version: 1.5
Filename: suse_xen-201206-8180.nasl
Filesize: 8085 bytes
MD5 Hash: cf287da2b139ae3b541f7d46cfbdfd6b
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack