Detections
Analytics

OracleVM 3.3 / 3.4 : dhcp (OVMSA-2018-0042)

high Nessus Plugin ID 109830

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Added oracle-errwarn-message.patch

 - Resolves: #1570897 - Fix comamnd execution in NM script (CVE-2018-1111)

 - Resolves: #1550085 - CVE-2018-5733 Avoid reference overflow

<[12:4.1.1-53.P1.2

 - Resolves: #1550083 - CVE-2018-5732 Avoid options buffer overflow

 - Resolves: #1063217 - failover hangs with both potential-conflict

Solution

Update the affected dhclient / dhcp-common packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000854.html

https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000853.html

Plugin Details

Severity: High

ID: 109830

File Name: oraclevm_OVMSA-2018-0042.nasl

Version: 1.13

Type: local

Published: 5/16/2018

Updated: 10/7/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 6.5

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-1111

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:dhcp-common, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4, p-cpe:/a:oracle:vm:dhclient

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/15/2018

Vulnerability Publication Date: 5/17/2018

Exploitable With

Metasploit (DHCP Client Command Injection (DynoRoot))

Reference Information

CVE: CVE-2018-1111, CVE-2018-5732, CVE-2018-5733

IAVA: 2018-A-0162

IAVB: 2018-B-0034-S