OracleVM 2.1 : xen (OVMSA-2009-0001)

high Nessus Plugin ID 79451

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Fix permissions problem with VM.GuestMetrics [bugz 7265]

- Disable ovs-disabled-create-netif-if-vif-type-set-ioemu.patch

- Include proper patch for bugz 7807

- Implement VM.GuestMetrics to communicate info with guest OS [bugz 7265]

- Support long command line [bugz 7264]

- Fix bug in valid_object function in XendAPI.py [bugz 7363]

- Update MAC address for HVM guest after live migration [bugz 7978] [bug 7573550]

- Fix problem preventing guest from rebooting after migration [bugz 7807]

- Fix guest hang when migrating HVM guests in parallel [bugz #7816]

- Disable creating backend network device when vif type set ioemu [bugz #7592]

- pull in cs18449 from xen-3.3-stable

- fix invalid reference to XendDomain.VMROOT

- Updates from EL5U2 for (CVE-2008-4405, CVE-2008-4993)

- Fix unsafe use of xenstore data (CVE-2008-4405)

- Remove qemu-dm.debug wrapper script (CVE-2008-4993)

- Fix reboots after CVE-2008-4405 changes

- Fix block-detach regression due to (CVE-2008-4405)

- make coredump-[destroy|restart] work through traditional domU config, back ported from xen unstable cs16989

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?5659c439

Plugin Details

Severity: High

ID: 79451

File Name: oraclevm_OVMSA-2009-0001.nasl

Version: 1.7

Type: local

Published: 11/26/2014

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.8

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-64, p-cpe:/a:oracle:vm:xen-debugger, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-pvhvm-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Patch Publication Date: 2/18/2009

Vulnerability Publication Date: 10/3/2008

Reference Information

CVE: CVE-2008-4405, CVE-2008-4993

CWE: 264, 59