OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0167)

high Nessus Plugin ID 104453

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug:
27037811]

- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013241]

- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988633] (CVE-2017-14489)

- nvme: honor RTD3 Entry Latency for shutdowns (Martin K.
Petersen)

- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27013220] (CVE-2017-7542)

- udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 27013227] (CVE-2017-1000112)

- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943884]

- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26923675]

- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899775] (CVE-2017-10661)

- kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) (CVE-2017-12154) (CVE-2017-12154)

- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx (Tim Tianyang Chen) [Orabug:
26880590] (CVE-2017-7541)

- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 26916575] (CVE-2017-7618)

- ovl: use O_LARGEFILE in ovl_copy_up (David Howells) [Orabug: 25953280]

- rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug:
26880508] (CVE-2017-7482) (CVE-2017-7482)

- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813385] (CVE-2017-14106)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?f3068531

Plugin Details

Severity: High

ID: 104453

File Name: oraclevm_OVMSA-2017-0167.nasl

Version: 3.7

Type: local

Published: 11/8/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, cpe:/o:oracle:vm_server:3.4, p-cpe:/a:oracle:vm:kernel-uek-firmware

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/7/2017

Vulnerability Publication Date: 4/10/2017

Exploitable With

Core Impact

Metasploit (Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation)

Reference Information

CVE: CVE-2017-1000112, CVE-2017-10661, CVE-2017-12154, CVE-2017-14106, CVE-2017-14489, CVE-2017-7482, CVE-2017-7541, CVE-2017-7542, CVE-2017-7618