SuSE 10 Security Update : Xen (ZYPP Patch Number 8180)

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

Three security issues were found in XEN.

Two security issues are fixed by this update :

- Due to incorrect fault handling in the XEN hypervisor it
was possible for a XEN guest domain administrator to
execute code in the XEN host environment.

- Also a guest user could crash the guest XEN kernel due
to a protection fault bounce. (CVE-2012-0218)

The third fix is changing the Xen behaviour on certain hardware :

- The issue is a denial of service issue on older pre-SVM
AMD CPUs (AMD Erratum 121). (CVE-2012-2934)

AMD Erratum #121 is described in 'Revision Guide for AMD
Athlon 64 and AMD Opteron Processors':

The following 130nm and 90nm (DDR1-only) AMD processors
are subject to this erratum :


First-generation AMD-Opteron(tm) single and dual core
processors in either 939 or 940 packages :

- AMD Opteron(tm) 100-Series Processors

- AMD Opteron(tm) 200-Series Processors

- AMD Opteron(tm) 800-Series Processors

- AMD Athlon(tm) processors in either 754, 939 or 940

- AMD Sempron(tm) processor in either 754 or 939 packages

- AMD Turion(tm) Mobile Technology in 754 package This
issue does not effect Intel processors.

The impact of this flaw is that a malicious PV guest
user can halt the host system.

As this is a hardware flaw, it is not fixable except by
upgrading your hardware to a newer revision, or not
allowing untrusted 64bit guestsystems.

The patch changes the behaviour of the host system
booting, which makes it unable to create guest machines
until a specific boot option is set.

There is a new XEN boot option 'allow_unsafe' for GRUB
which allows the host to start guests again.

This is added to /boot/grub/menu.lst in the line looking
like this :

kernel /boot/xen.gz .... allow_unsafe

Note: .... in this example represents the existing boot
options for the host.

See also :

Solution :

Apply ZYPP patch number 8180.

Risk factor :

High / CVSS Base Score : 7.2
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 59469 ()

Bugtraq ID:

CVE ID: CVE-2012-0217

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now