The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4285 advisory.

    - net: ignore packet size greater than INT_MAX (Jason Wang)  [Orabug: 28763782]  {CVE-2018-17963}
    - pcnet: fix possible buffer overflow (Jason Wang)  [Orabug: 28763774]  {CVE-2018-17962}
    - rtl8139: fix possible out of bound access (Jason Wang)  [Orabug: 28763765]  {CVE-2018-17958}
    - ne2000: fix possible out of bound access in ne2000_receive (Jason Wang)  [Orabug: 28763758]     {CVE-2018-10839}
    - seccomp: set the seccomp filter to all threads (Marc-Andre Lureau)  [Orabug: 28763748]  {CVE-2018-15746}
    - Document various CVEs as fixed (Mark Kanda)  [Orabug: 28763710]  {CVE-2017-10806} {CVE-2017-11334}     {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038}     {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381}     {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753}     {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379}     {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-3639} {CVE-2018-5683}     {CVE-2018-7550} {CVE-2018-7858}
    - multiboot.c: Document as fixed against CVE-2018-7550 (Jack Schwartz)  [Orabug: 27832332]     {CVE-2018-7550}
    - CVE-2017-18030: cirrus_invalidate_region() lets priv guest user cause DoS (Mark Kanda)  [Orabug:
    27832319]  {CVE-2017-18030}
    - vga: fix region calculation (Gerd Hoffmann)  [Orabug: 27832309]  {CVE-2018-7858}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 7 : qemu (ELSA-2018-4285)

critical Nessus Plugin ID 180778

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Nov 2, 2024, 2:28 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202411020228
Version 1.2 Oct 23, 2024, 10:51 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202410232251
Version 1.1 Sep 8, 2023, 4:12 PM Exploit attributes ("Exploit framework canvas" set to "True". "Exploited by malware" set to "True") Plugin Feed: 202309081612
Version 1.0 Sep 7, 2023, 9:48 PM New Plugin Feed: 202309072148