Detections
Analytics

Oracle Linux 6 : sos (ELSA-2012-0958)

critical Nessus Plugin ID 68562

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2012-0958 advisory.

 [2.2-29.0.1.el6]
 - Direct traceroute to linux.oracle.com (John Haxby) [orabug 11713272]
 - Disable --upload option as it will not work with Oracle support
 - Check oraclelinux-release instead of redhat-release to get OS version (John Haxby) [bug 11681869]
 - Remove RH ftp URL and support email
 - add sos-oracle-enterprise.patch

 [2.2-29.el6]
 - Collect the swift configuration directory in gluster module Resolves: bz822442
 - Update IPA module and related plug-ins Resolves: bz812395

 [2.2-28.el6]
 - Collect mcelog files in the hardware module Resolves: bz810702

 [2.2-27.el6]
 - Add nfs statedump collection to gluster module Resolves: bz752549

 [2.2-26.el6]
 - Use wildcard to match possible libvirt log paths Resolves: bz814474

 [2.2-25.el6]
 - Add forbidden paths for new location of gluster private keys Resolves: bz752549

 [2.2-24.el6]
 - Fix katello and aeolus command string syntax Resolves: bz752666
 - Remove stray hunk from gluster module patch Resolves: bz784061

 [2.2-22.el6]
 - Correct aeolus debug invocation in CloudForms module Resolves: bz752666
 - Update gluster module for gluster-3.3 Resolves: bz784061
 - Add additional command output to gluster module Resolves: bz768641
 - Add support for collecting gluster configuration and logs Resolves: bz752549

 [2.2-19.el6]
 - Collect additional diagnostic information for realtime systems Resolves: bz789096
 - Improve sanitization of RHN user and case number in report name Resolves: bz771393
 - Fix verbose output and debug logging Resolves: bz782339
 - Add basic support for CloudForms data collection Resolves: bz752666
 - Add support for Subscription Asset Manager diagnostics Resolves: bz752670

 [2.2-18.el6]
 - Collect fence_virt.conf in cluster module Resolves: bz760995
 - Fix collection of /proc/net directory tree Resolves: bz730641
 - Gather output of cpufreq-info when present Resolves: bz760424
 - Fix brctl showstp output when bridges contain multiple interfaces Resolves: bz751273
 - Add /etc/modprobe.d to kernel module Resolves: bz749919
 - Ensure relative symlink targets are correctly handled when copying Resolves: bz782589
 - Fix satellite and proxy package detection in rhn plugin Resolves: bz749262
 - Collect stderr output from external commands Resolves: bz739080
 - Collect /proc/cgroups in the cgroups module Resolve: bz784874
 - Collect /proc/irq in the kernel module Resolves: bz784862
 - Fix installed-rpms formatting for long package names Resolves: bz767827
 - Add symbolic links for truncated log files Resolves: bz766583
 - Collect non-standard syslog and rsyslog log files Resolves: bz771501
 - Use correct paths for tomcat6 in RHN module Resolves: bz749279
 - Obscure root password if present in anacond-ks.cfg Resolves: bz790402
 - Do not accept embedded forward slashes in RHN usernames Resolves: bz771393
 - Add new sunrpc module to collect rpcinfo for gluster systems Resolves: bz784061

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected sos package.

See Also

https://linux.oracle.com/errata/ELSA-2012-0958.html

Plugin Details

Severity: Critical

ID: 68562

File Name: oraclelinux_ELSA-2012-0958.nasl

Version: 1.13

Type: local

Agent: unix

Published: 7/12/2013

Updated: 11/1/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-2664

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:sos, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/2/2012

Vulnerability Publication Date: 6/29/2012

Reference Information

CVE: CVE-2012-2664

BID: 54116

RHSA: 2012:0958