Detections
Analytics

Virtuozzo 7 : readykernel-patch (VZA-2018-080)

high Nessus Plugin ID 121100

Synopsis

The remote Virtuozzo host is missing a security update.

Description

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :

 - Use-after-free in the implementation of the shared memory. A flaw was found in the implementation of the shared memory in the Linux kernel. shm_mmap() function did not always check if the underlying file structures were valid, which could lead to use-after-free. A local unprivileged user could exploit this to crash the kernel by executing a special sequence of system calls.

Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the readykernel patch.

See Also

https://virtuozzosupport.force.com/s/article/VZA-2018-080

http://www.nessus.org/u?0746847b

http://www.nessus.org/u?7713ef51

http://www.nessus.org/u?9a047c45

Plugin Details

Severity: High

ID: 121100

File Name: Virtuozzo_VZA-2018-080.nasl

Version: 1.2

Type: local

Published: 1/11/2019

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:virtuozzo:virtuozzo:readykernel, cpe:/o:virtuozzo:virtuozzo:7

Required KB Items: Host/local_checks_enabled, Host/Virtuozzo/release, Host/Virtuozzo/rpm-list, Host/readykernel-info

Patch Publication Date: 11/2/2018