Detections
Analytics
OracleVM 2.1 : kernel (OVMSA-2009-0004)
high Nessus Plugin ID 79453
Language:
Synopsis
The remote OracleVM host is missing one or more security updates.Description
The remote OracleVM system is missing necessary patches to address critical security updates :CVE-2008-3528 The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.
CVE-2008-5700 libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.
CVE-2009-0028 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. CVE-2009-0322 drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0675 The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an 'inverted logic' issue. CVE-2009-0676 The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
- CVE-2008-3528 - [fs] ext[234]: directory corruption DoS (Eugene Teo)
- CVE-2008-5700 - [block] enforce a minimum SG_IO timeout (Eugene Teo)
- CVE-2009-0322 - [firmware] dell_rbu: prevent oops (Don Howard)
- CVE-2009-0028 - [misc] minor signal handling vulnerability (Oleg Nesterov) [479963 479964]
- CVE-2009-0676 - [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene Teo) [486517 486518]
- CVE-2009-0675 - [net] skfp_ioctl inverted logic flaw (Eugene Teo)
- CVE-2009-0778 - not required
- CVE-2009-0269 - not required
- Enable enic
- Finish porting infrastructure for fnic but disable it on 32bit
- Add netconsole support for bonding in dom0 (Tina Yang) [orabug 8231228]
- Add Cisco fnic/enic support, requires fc infrastructure from el5u3
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 79453
File Name: oraclevm_OVMSA-2009-0004.nasl
Version: 1.12
Type: local
Family: OracleVM Local Security Checks
Published: 11/26/2014
Updated: 1/14/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.1
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:oracle:vm:kernel-boot, p-cpe:/a:oracle:vm:kernel-boot-devel, p-cpe:/a:oracle:vm:kernel-kdump, p-cpe:/a:oracle:vm:kernel-kdump-devel, p-cpe:/a:oracle:vm:kernel-ovs, p-cpe:/a:oracle:vm:kernel-ovs-devel, cpe:/o:oracle:vm_server:2.1
Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/16/2009
Vulnerability Publication Date: 9/27/2008
Reference Information
CVE: CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778
BID: 33846