Detections
Analytics

OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)

high Nessus Plugin ID 88783

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Update fix for CVE-2015-7547 (#1296028).

 - Create helper threads with enough stack for POSIX AIO and timers (#1301625).

 - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296028).

 - Support loading more libraries with static TLS (#1291270).

 - Check for NULL arena pointer in _int_pvalloc (#1256890).

 - Don't change no_dyn_threshold on mallopt failure (#1256891).

 - Unlock main arena after allocation in calloc (#1256812).

 - Enable robust malloc change again (#1256812).

 - Fix perturbing in malloc on free and simply perturb_byte (#1256812).

 - Don't fall back to mmap prematurely (#1256812).

 - The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1244002).

 - Fix ruserok check to reject, not skip, negative user checks (#1217186).

 - Optimize ruserok function for large ~/.rhosts (#1217186).

 - Fix crash in valloc due to the backtrace deadlock fix (#1207236).

 - Fix buffer overflow in gethostbyname_r with misaligned buffer (#1209376, CVE-2015-1781).

 - Avoid deadlock in malloc on backtrace (#1066724).

 - Support running applications that use Intel AVX-512 (#1195453).

 - Silence logging of record type mismatch for DNSSEC records (#1088301).

 - Shrink heap on free when vm.overcommit_memory == 2 (#867679).

 - Enhance nscd to detect any configuration file changes (#859965).

 - Fix __times handling of EFAULT when buf is NULL (#1124204).

 - Fix memory leak with dlopen and thread-local storage variables (#978098).

 - Prevent getaddrinfo from writing DNS queries to random fd (CVE-2013-7423, - Implement userspace half of in6.h header coordination (#1053178).

 - Correctely size relocation cache used by profiler (#1144132).

 - Fix reuse of cached stack leading to bounds overrun of DTV (#1116050).

 - Return failure in getnetgrent only when all netgroups have been searched (#1085312).

 - Fix valgrind warning in nscd_stats (#1091915).

 - Initialize xports array (#1159167).

 - Fix tst-default-attr test to not fail on powerpc (#1023306).

 - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183534).

 - Fix typo in nscd/selinux.c (#1125307).

 - Actually run test-iconv modules (#1176907).

 - Fix recursive dlopen (#1154563).

 - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1172044).

 - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817, #1171296).

 - Fix typo in res_send and res_query (#rh1138769).

Solution

Update the affected glibc / glibc-common / nscd packages.

See Also

http://www.nessus.org/u?92d5b0bd

https://www.tenable.com/security/research/tra-2017-08

Plugin Details

Severity: High

ID: 88783

File Name: oraclevm_OVMSA-2016-0013.nasl

Version: 2.26

Type: local

Published: 2/17/2016

Updated: 6/18/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:vm_server:3.3, p-cpe:/a:oracle:vm:glibc-common, p-cpe:/a:oracle:vm:nscd, p-cpe:/a:oracle:vm:glibc

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/16/2016

Vulnerability Publication Date: 11/24/2014

Exploitable With

Core Impact

Metasploit (Exim GHOST (glibc gethostbyname) Buffer Overflow)

Reference Information

CVE: CVE-2013-7423, CVE-2014-6040, CVE-2014-7817, CVE-2015-0235, CVE-2015-1781, CVE-2015-7547

BID: 69472, 71216, 72325, 72844, 74255

IAVA: 2016-A-0053-S

TRA: TRA-2017-08