Detections
Analytics

OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)

high Nessus Plugin ID 91155

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - fix CVE-2014-3538 (unrestricted regular expression matching)

 - fix #1284826 - try to read ELF header to detect corrupted one

 - fix #1263987 - fix bugs found by coverity in the patch

 - fix CVE-2014-3587 (incomplete fix for CVE-2012-1571)

 - fix CVE-2014-3710 (out-of-bounds read in elf note headers)

 - fix CVE-2014-8116 (multiple DoS issues (resource consumption))

 - fix CVE-2014-8117 (denial of service issue (resource consumption))

 - fix CVE-2014-9620 (limit the number of ELF notes processed)

 - fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory)

 - fix #809898 - add support for detection of Python 2.7 byte-compiled files

 - fix #1263987 - fix coredump execfn detection on ppc64 and s390

 - fix #966953 - include msooxml file in magic.mgc generation

 - fix #966953 - increate the strength of MSOOXML magic patterns

 - fix #1169509 - add support for Java 1.7 and 1.8

 - fix #1243650 - comment out too-sensitive Pascal magic

 - fix #1080453 - remove .orig files from magic directory

 - fix #1161058 - add support for EPUB

 - fix #1162149 - remove parts of patches patching .orig files

 - fix #1154802 - fix detection of zip files containing file named mime

 - fix #1246073 - fix detection UTF8 and UTF16 encoded XML files

 - fix #1263987 - add new execfn to coredump output to show the real name of executable which generated the coredump

 - fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files

 - fix #966953 - backport support for MSOOXML

Solution

Update the affected file / file-libs packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000460.html

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000464.html

Plugin Details

Severity: High

ID: 91155

File Name: oraclevm_OVMSA-2016-0050.nasl

Version: 2.5

Type: local

Published: 5/16/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:file, p-cpe:/a:oracle:vm:file-libs, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/13/2016

Vulnerability Publication Date: 7/17/2012

Reference Information

CVE: CVE-2012-1571, CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653

BID: 52225, 68348, 69325, 70807, 71692, 71700, 71715, 72516