Fedora 16 : xen-4.1.3-2.fc16 (2012-13443)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494]
(#854585) a malicious crash might be able to crash the dom0 or
escalate privileges [XSA-13, CVE-2012-3495] (#854589) a malicious PV
guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590) a malicious
HVM guest can crash the dom0 and might be able to read hypervisor or
guest memory [XSA-16, CVE-2012-3498] (#854593) an HVM guest could use
VT100 escape sequences to escalate privileges to that of the qemu
process [XSA-17, CVE-2012-3515] (#854599) disable qemu monitor by
default [XSA-19, CVE-2012-4411] (#855141)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=851139
https://bugzilla.redhat.com/show_bug.cgi?id=851165
https://bugzilla.redhat.com/show_bug.cgi?id=851172
https://bugzilla.redhat.com/show_bug.cgi?id=851193
https://bugzilla.redhat.com/show_bug.cgi?id=851252
https://bugzilla.redhat.com/show_bug.cgi?id=855140
http://www.nessus.org/u?f7c6ee6d

Solution :

Update the affected xen package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 62155 ()

Bugtraq ID: 55400
55406
55412
55413
55414
55442

CVE ID: CVE-2012-3494
CVE-2012-3495
CVE-2012-3496
CVE-2012-3498
CVE-2012-3515
CVE-2012-4411

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now