FreeBSD : xen-tools -- libxl fails to honour readonly flag on disks with qemu-xen (301b04d7-881c-11e5-ab94-002590263bf5)

low Nessus Plugin ID 86835

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Xen Project reports :

Callers of libxl can specify that a disk should be read-only to the guest. However, there is no code in libxl to pass this information to qemu-xen (the upstream-based qemu); and indeed there is no way in qemu to make a disk read-only.

The vulnerability is exploitable only via devices emulated by the device model, not the parallel PV devices for supporting PVHVM.
Normally the PVHVM device unplug protocol renders the emulated devices inaccessible early in boot.

Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images.

CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected.

Solution

Update the affected package.

See Also

http://xenbits.xen.org/xsa/advisory-142.html

http://www.nessus.org/u?0bf48876

Plugin Details

Severity: Low

ID: 86835

File Name: freebsd_pkg_301b04d7881c11e5ab94002590263bf5.nasl

Version: 2.4

Type: local

Published: 11/11/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xen-tools, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/11/2015

Vulnerability Publication Date: 9/22/2015

Reference Information

CVE: CVE-2015-7311