Detections
Analytics

OracleVM 2.2 : xen (OVMSA-2013-0074)

high Nessus Plugin ID 79521

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - x86: check segment descriptor read result in 64-bit OUTS emulation XSA-67 (Matthew Daley) [orabug 17571640] (CVE-2013-4368)

 - x86: properly set up fbld emulation operand address XSA-66 (Jan Beulich) [orabug 17472492] (CVE-2013-4361)

 - x86: properly handle hvm_copy_from_guest_[phys,virt] errors XSA-63 (Jan Beulich) [orabug 17472461] (CVE-2013-4355)

 - libxc: builder: limit maximum size of kernel/ramdisk (Ian Campbell) [orabug 15852491] (CVE-2012-4544)

 - libxc: builder: Correct fix for CVE-2012-4544 (Ian Campbell) [orabug 15852491] (CVE-2012-4544)

 - [PATCH 01/21] libelf: abolish libelf-relocate.c (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 02/21] libxc: introduce xc_dom_seg_to_ptr_pages (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 03/21] libxc: Fix range checking in xc_dom_pfn_to_ptr etc. (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 04/21] libelf: abolish elf_sval and elf_access_signed (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 05/21] libelf/xc_dom_load_elf_symtab: Do not use 'syms' uninitialised (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 06/21] libelf: introduce macros for memory access and pointer handling (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 07/21] tools/xcutils/readnotes: adjust print_l1_mfn_valid_note (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 08/21] libelf: check nul-terminated strings properly (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 09/21] libelf: check all pointer accesses (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 10/21] libelf: Check pointer references in elf_is_elfbinary (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 11/21] libelf: Make all callers call elf_check_broken (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 12/21] libelf: use C99 bool for booleans (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 13/21] libelf: use only unsigned integers (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 14/21] libxc: Introduce xc_bitops.h (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 15/21] libelf: check loops for running away (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 16/21] libelf: abolish obsolete macros (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 17/21] libxc: Add range checking to xc_dom_binloader (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 18/21] libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 19/21] libxc: check return values from malloc (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 20/21] libxc: range checks in xc_dom_p2m_host and
 _guest (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - [PATCH 21/21] libxc: check blob size before proceeding in xc_dom_check_gzip (Matthew Daley) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - libxc: define INVALID_MFN for the XSA-55 patchset (Chuck Anderson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

 - fix page refcount handling in page table pin error path (Andrew Cooper) [orabug 16949882] (CVE-2013-1432)

 - remove CVE-2013-1919 (Chuck Anderson) [orabug 16635741] (CVE-2013-1919)

 - x86: make vcpu_destroy_pagetables preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

 - x86: make new_guest_cr3 preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

 - x86: make MMUEXT_NEW_USER_BASEPTR preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

 - x86: make vcpu_reset preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

 - x86: make arch_set_info_guest preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

 - x86: make page table unpinning preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

 - x86: make page table handling error paths preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?82e75a28

Plugin Details

Severity: High

ID: 79521

File Name: oraclevm_OVMSA-2013-0074.nasl

Version: 1.5

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-64, p-cpe:/a:oracle:vm:xen-debugger, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-pvhvm-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:2.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/16/2013

Vulnerability Publication Date: 10/31/2012

Reference Information

CVE: CVE-2012-4544, CVE-2013-1432, CVE-2013-1918, CVE-2013-1919, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196, CVE-2013-4355, CVE-2013-4361, CVE-2013-4368

BID: 56289, 59292, 59615, 60701, 60702, 60703, 60799, 62708, 62710, 62935