The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2608-1 advisory.

    Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as     VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary     code on the host as the user running the QEMU process. In the default installation, when QEMU is used with     libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3456)

    Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use     this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected     Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-1779)

    Jan Beulich discovered that QEMU, when used with Xen, didn't properly restrict access to PCI command     registers. A malicious guest could use this issue to cause a denial of service. This issue only affected     Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-2756)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2608-1)

high Nessus Plugin ID 83435

Version 2.33