Detections
Analytics
SuSE 11 Security Update : KVM (SAT Patch Number 1553)
high Nessus Plugin ID 42867
Synopsis
The remote SuSE 11 host is missing one or more security updates.Description
This update of QEMU KVM fixes the following bugs :- use-after-free bug in VNC code which might be used to execute code on the host system injected from the guest system. (CVE-2009-3616: CVSS v2 Base Score: 8.5)
- integer overflow in kvm_dev_ioctl_get_supported_cpuid().
(CVE-2009-3638: CVSS v2 Base Score: 7.2)
- update_cr8_intercept() NULL pointer dereference.
(CVE-2009-3640: CVSS v2 Base Score: 2.1)
Solution
Apply SAT patch number 1553.See Also
https://bugzilla.novell.com/show_bug.cgi?id=540247
https://bugzilla.novell.com/show_bug.cgi?id=547555
https://bugzilla.novell.com/show_bug.cgi?id=547624
https://bugzilla.novell.com/show_bug.cgi?id=549487
https://bugzilla.novell.com/show_bug.cgi?id=550072
https://bugzilla.novell.com/show_bug.cgi?id=550732
https://bugzilla.novell.com/show_bug.cgi?id=550917
http://support.novell.com/security/cve/CVE-2009-3616.html
Plugin Details
Severity: High
ID: 42867
File Name: suse_11_kvm-091116.nasl
Version: 1.11
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 11/23/2009
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: High
Base Score: 8.5
Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:11:kvm, p-cpe:/a:novell:suse_linux:11:kvm-kmp-default, p-cpe:/a:novell:suse_linux:11:kvm-kmp-pae, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 11/16/2009