Detections
Analytics

OracleVM 2.2 : xen (OVMSA-2012-0058)

medium Nessus Plugin ID 79492

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

XSA-27: hvm: Limit the size of large HVM op batches [orabug 15907978] (CVE-2012-5511) XSA-29: add missing guest address range checks to XENMEM_exchange handlers [orabug 15907996] (CVE-2012-5513) XSA-30:
xen: fix error handling of guest_physmap_mark_populate_on_demand [orabug 15908008] (CVE-2012-5514) XSA-31: memop: limit guest specified extent order [orabug 15908028] (CVE-2012-5515)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?0afad7a0

Plugin Details

Severity: Medium

ID: 79492

File Name: oraclevm_OVMSA-2012-0058.nasl

Version: 1.4

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-64, p-cpe:/a:oracle:vm:xen-tools, p-cpe:/a:oracle:vm:xen-pvhvm-devel, p-cpe:/a:oracle:vm:xen, cpe:/o:oracle:vm_server:2.2, p-cpe:/a:oracle:vm:xen-debugger

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/5/2012

Vulnerability Publication Date: 12/13/2012

Reference Information

CVE: CVE-2012-5511, CVE-2012-5513, CVE-2012-5514, CVE-2012-5515

BID: 56796, 56797, 56798, 56803