Detections
Analytics

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)

high Nessus Plugin ID 105147

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - tty: Fix race in pty_write leading to NULL deref (Todd Vierling)

- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780]

 - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025]

 - oracleasm: Copy the integrity descriptor (Martin K.
 Petersen)

- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] (CVE-2017-7889)

 - xscore: add dma address check (Zhu Yanjun) [Orabug:
 27058468]

 - more bio_map_user_iov leak fixes (Al Viro) [Orabug:
 27069042] (CVE-2017-12190)

 - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] (CVE-2017-12190)

 - nvme: Drop nvmeq->q_lock before dma_pool_alloc, so as to prevent hard lockups (Aruna Ramakrishna) [Orabug:
 25409587]

 - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600]

 - char: lp: fix possible integer overflow in lp_setup (Willy Tarreau) [Orabug: 26403940] (CVE-2017-1000363)

 - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug:
 26403956] (CVE-2017-1000380)

 - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380)

 - ALSA: timer: fix NULL pointer dereference in read/ioctl race (Vegard Nossum) [Orabug: 26403956] (CVE-2017-1000380)

 - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380)

 - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380)

 - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380)

 - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] (CVE-2017-9077)

 - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126]

 - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126]

 - ping: implement proper locking (Eric Dumazet) [Orabug:
 26540286] (CVE-2017-2671)

 - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug:
 26643598] (CVE-2016-10044)

 - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] (CVE-2016-10044)

 - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] (CVE-2016-10044)

 - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] (CVE-2017-11473)

 - sctp: do not inherit ipv6_[mc|ac|fl]_list from parent (Eric Dumazet) [Orabug: 26650883] (CVE-2017-9075)

 - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] (CVE-2017-8831)

 - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] (CVE-2017-8831)

 - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306]

 - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] (CVE-2017-10661)

 - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988627] (CVE-2017-14489)

 - mqueue: fix a use-after-free in sys_mq_notify (Cong Wang) [Orabug: 26643556] (CVE-2017-11176)

 - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011273] (CVE-2017-7542)

 - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002450] (CVE-2017-1000111)

 - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26883934]

 - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26883934]

 - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] (CVE-2017-1000251)

 - xen: fix bio vec merging (Roger Pau Monne) [Orabug:
 26645550] (CVE-2017-12134)

 - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] (CVE-2017-1000365) (CVE-2017-1000365)

 - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip[,6]_bind (Guillaume Nault) [Orabug: 26586047] (CVE-2016-10200)

 - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586022] (CVE-2016-9685)

 - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585994] (CVE-2016-9604)

 - ipv6: fix out of bound writes in __ip6_append_data (Eric Dumazet) [Orabug: 26578198] (CVE-2017-9242)

 - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507344] (CVE-2016-7097) (CVE-2016-7097)

 - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366022] (CVE-2017-7645)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?08785912

Plugin Details

Severity: High

ID: 105147

File Name: oraclevm_OVMSA-2017-0173.nasl

Version: 3.7

Type: local

Published: 12/11/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, cpe:/o:oracle:vm_server:3.3, p-cpe:/a:oracle:vm:kernel-uek-firmware

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/8/2017

Vulnerability Publication Date: 10/16/2016

Reference Information

CVE: CVE-2016-10044, CVE-2016-10200, CVE-2016-7097, CVE-2016-9604, CVE-2016-9685, CVE-2017-1000111, CVE-2017-1000251, CVE-2017-1000363, CVE-2017-1000365, CVE-2017-1000380, CVE-2017-10661, CVE-2017-11176, CVE-2017-11473, CVE-2017-12134, CVE-2017-12190, CVE-2017-14489, CVE-2017-2671, CVE-2017-7542, CVE-2017-7645, CVE-2017-7889, CVE-2017-8831, CVE-2017-9075, CVE-2017-9077, CVE-2017-9242