Detections
Analytics

OracleVM 2.1 : kernel (OVMSA-2009-0023)

high Nessus Plugin ID 79465

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - backport for online resize of blockdev [orabug 8585251] [rh bugz 444964]

 - CVE-2009-2692 - [net] make sock_sendpage use kernel_sendpage (Jiri Pirko) [517445 516955]

 - CVE-2009-2698 - [net] prevent null pointer dereference in udp_sendmsg (Vitaly Mayatskikh) [518047 518043]

 - Updated cciss module to 3.6.20

- update bnx2x 1.48.107

- update bnx2 1.8.8b

- update bfa to 1.1.0.9-0 [bugz 9518]

 - Fix dom0 crash in loopback_start_xmit+0x107/0x2BD [bug 7634343]

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?dfbb8f44

Plugin Details

Severity: High

ID: 79465

File Name: oraclevm_OVMSA-2009-0023.nasl

Version: 1.11

Type: local

Published: 11/26/2014

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:oracle:vm_server:2.1, p-cpe:/a:oracle:vm:kernel-kdump-devel, p-cpe:/a:oracle:vm:kernel-boot, p-cpe:/a:oracle:vm:kernel-kdump, p-cpe:/a:oracle:vm:kernel-ovs, p-cpe:/a:oracle:vm:kernel-boot-devel, p-cpe:/a:oracle:vm:kernel-ovs-devel

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/15/2009

Vulnerability Publication Date: 8/14/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux Kernel Sendpage Local Privilege Escalation)

Reference Information

CVE: CVE-2009-2692, CVE-2009-2698

BID: 36038, 36108

CWE: 119