EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1223)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the qemu-kvm package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- An out-of-bounds memory access issue was found in Quick
Emulator (QEMU) in the VNC display driver. This flaw
could occur while refreshing the VNC display surface
area in the 'vnc_refresh_server_surface'. A user inside
a guest could use this flaw to crash the QEMU process.
(CVE-2017-2633)

- An integer overflow flaw was found in Quick Emulator
(QEMU) in the CCID Card device support. The flaw could
occur while passing messages via command/response
packets to and from the host. A privileged user inside
a guest could use this flaw to crash the QEMU process.
(CVE-2017-5898)

- An information exposure flaw was found in Quick
Emulator (QEMU) in Task Priority Register (TPR)
optimizations for 32-bit Windows guests. The flaw could
occur while accessing TPR. A privileged user inside a
guest could use this issue to read portions of the host
memory. (CVE-2016-4020)

- Quick Emulator (QEMU) built with the Network Block
Device (NBD) Server support is vulnerable to a crash
via a SIGPIPE signal. The crash can occur if a client
aborts a connection due to any failure during
negotiation or read operation. A remote user/process
could use this flaw to crash the qemu-nbd server
resulting in a DoS. (CVE-2017-10664)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?9867c78e

Solution :

Update the affected qemu-kvm packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Huawei Local Security Checks

Nessus Plugin ID: 103081 ()

Bugtraq ID:

CVE ID: CVE-2016-4020
CVE-2017-10664
CVE-2017-2633
CVE-2017-5898

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now