FreeBSD : xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends (0d732fd1-27e0-11e5-a4a5-002590263bf5)

Low Nessus Plugin ID 84693


The remote FreeBSD host is missing a security-related update.


The Xen Project reports :

When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration.

The libxl toolstack library does not explicitly disable these default backends when they are not enabled, leading to an unexpected backend running.

If either SDL or VNC is explicitly enabled in the guest configuration then only the expected backends will be enabled.

This affects qemu-xen and qemu-xen-traditional differently.

If qemu-xen was compiled with SDL support then this would result in an SDL window being opened if $DISPLAY is valid, or a failure to start the guest if not.

If qemu-xen was compiled without SDL support then qemu would instead start a VNC server listening on ::1 (IPv6 localhost) or (IPv4 localhost) with IPv6 preferred if available. A VNC password will not be configured even if one is present in the guest configuration.

qemu-xen-traditional will never start a vnc backend unless explicitly configured. However by default it will start an SDL backend if it was built with SDL support and $DISPLAY is valid.


Update the affected package.

See Also

Plugin Details

Severity: Low

ID: 84693

File Name: freebsd_pkg_0d732fd127e011e5a4a5002590263bf5.nasl

Version: $Revision: 2.1 $

Type: local

Published: 2015/07/14

Modified: 2015/07/14

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xen-tools, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/07/11

Vulnerability Publication Date: 2015/03/13

Reference Information

CVE: CVE-2015-2152