Detections
Analytics

OracleVM 2.2 : xen (OVMSA-2016-0012)

high Nessus Plugin ID 88737

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - XSA-125: Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64 GFNs (or less) (Jan Beulich) [20732412] (CVE-2015-2752)

 - XSA-126: xen: limit guest control of PCI command register (Jan Beulich) [20739399] (CVE-2015-2756)

 - XSA-128: xen: properly gate host writes of modified PCI CFG contents (Jan Beulich) [21157440] (CVE-2015-4103)

 - XSA-129: xen: don't allow guest to control MSI mask register (Jan Beulich) [21158692] (CVE-2015-4104)

 - XSA-130: xen/MSI-X: disable logging by default (Jan Beulich) [21159408] (CVE-2015-4105)

 - XSA-131: [PATCH 1/8] xen/MSI: don't open-code pass-through of enable bit modifications (Jan Beulich) [21164529] (CVE-2015-4106)

 - XSA-131: [PATCH 2/8] xen/pt: consolidate PM capability emu_mask [21164529] (CVE-2015-4106)

 - XSA-131: [PATCH 3/8] xen/pt: correctly handle PM status bit [21164529] (CVE-2015-4106)

 - XSA-131: [PATCH 4/8] xen/pt: split out calculation of throughable mask in PCI config space handling [21164529] (CVE-2015-4106)

 - XSA-131: [PATCH 5/8] xen/pt: mark all PCIe capability bits read-only [21164529] (CVE-2015-4106)

 - XSA-131: [PATCH 6/8] xen/pt: mark reserved bits in PCI config space fields [21164529] (CVE-2015-4106)

 - XSA-131: [PATCH 7/8] xen/pt: add a few PCI config space field descriptions [21164529] (CVE-2015-4106)

 - XSA-131: [PATCH 8/8] xen/pt: unknown PCI config space fields should be read-only [21164529] (CVE-2015-4106)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?8b4a9eaa

Plugin Details

Severity: High

ID: 88737

File Name: oraclevm_OVMSA-2016-0012.nasl

Version: 2.5

Type: local

Published: 2/15/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-64, p-cpe:/a:oracle:vm:xen-debugger, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-pvhvm-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:2.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/12/2016

Vulnerability Publication Date: 4/1/2015

Reference Information

CVE: CVE-2015-2752, CVE-2015-2756, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106

BID: 72577, 73448, 74947, 74948, 74949, 74950