SuSE 10 Security Update : Xen (ZYPP Patch Number 8180)

high Nessus Plugin ID 59469

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

Three security issues were found in XEN.

Two security issues are fixed by this update :

- Due to incorrect fault handling in the XEN hypervisor it was possible for a XEN guest domain administrator to execute code in the XEN host environment.
(CVE-2012-0217)

- Also a guest user could crash the guest XEN kernel due to a protection fault bounce. (CVE-2012-0218)

The third fix is changing the Xen behaviour on certain hardware :

- The issue is a denial of service issue on older pre-SVM AMD CPUs (AMD Erratum 121). (CVE-2012-2934)

AMD Erratum #121 is described in 'Revision Guide for AMD Athlon 64 and AMD Opteron Processors':
http://support.amd.com/us/Processor_TechDocs/25759.pdf

The following 130nm and 90nm (DDR1-only) AMD processors are subject to this erratum :

o

First-generation AMD-Opteron(tm) single and dual core processors in either 939 or 940 packages :

- AMD Opteron(tm) 100-Series Processors

- AMD Opteron(tm) 200-Series Processors

- AMD Opteron(tm) 800-Series Processors

- AMD Athlon(tm) processors in either 754, 939 or 940 packages

- AMD Sempron(tm) processor in either 754 or 939 packages

- AMD Turion(tm) Mobile Technology in 754 package This issue does not effect Intel processors.

The impact of this flaw is that a malicious PV guest user can halt the host system.

As this is a hardware flaw, it is not fixable except by upgrading your hardware to a newer revision, or not allowing untrusted 64bit guestsystems.

The patch changes the behaviour of the host system booting, which makes it unable to create guest machines until a specific boot option is set.

There is a new XEN boot option 'allow_unsafe' for GRUB which allows the host to start guests again.

This is added to /boot/grub/menu.lst in the line looking like this :

kernel /boot/xen.gz .... allow_unsafe

Note: .... in this example represents the existing boot options for the host.

Solution

Apply ZYPP patch number 8180.

See Also

http://support.novell.com/security/cve/CVE-2012-0217.html

http://support.novell.com/security/cve/CVE-2012-0218.html

http://support.novell.com/security/cve/CVE-2012-2934.html

Plugin Details

Severity: High

ID: 59469

File Name: suse_xen-201206-8180.nasl

Version: 1.12

Type: local

Agent: unix

Published: 6/13/2012

Updated: 1/19/2021

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/6/2012

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (FreeBSD Intel SYSRET Privilege Escalation)

Reference Information

CVE: CVE-2012-0217, CVE-2012-0218, CVE-2012-2934