FreeBSD : xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends (0d732fd1-27e0-11e5-a4a5-002590263bf5)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

When instantiating an emulated VGA device for an x86 HVM guest qemu
will by default enable a backend to expose that device, either SDL or
VNC depending on the version of qemu and the build time configuration.

The libxl toolstack library does not explicitly disable these default
backends when they are not enabled, leading to an unexpected backend
running.

If either SDL or VNC is explicitly enabled in the guest configuration
then only the expected backends will be enabled.

This affects qemu-xen and qemu-xen-traditional differently.

If qemu-xen was compiled with SDL support then this would result in an
SDL window being opened if $DISPLAY is valid, or a failure to start
the guest if not.

If qemu-xen was compiled without SDL support then qemu would instead
start a VNC server listening on ::1 (IPv6 localhost) or 127.0.0.1
(IPv4 localhost) with IPv6 preferred if available. A VNC password will
not be configured even if one is present in the guest configuration.

qemu-xen-traditional will never start a vnc backend unless explicitly
configured. However by default it will start an SDL backend if it was
built with SDL support and $DISPLAY is valid.

See also :

http://xenbits.xen.org/xsa/advisory-119.html
http://www.nessus.org/u?10cc857f

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 84693 ()

Bugtraq ID:

CVE ID: CVE-2015-2152

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now