Detections
Analytics

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0056)

critical Nessus Plugin ID 99162

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug:
 25790387] (CVE-2016-9644)

 - Revert 'fix minor infoleak in get_user_ex' (Brian Maly) [Orabug: 25790387] (CVE-2016-9644)

 - x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] (CVE-2016-9644)

 - rebuild bumping release

 - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] (CVE-2016-8399) (CVE-2016-8399)

 - sg_write/bsg_write is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] (CVE-2016-10088)

 - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] (CVE-2017-7187)

 - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] (CVE-2017-2636)

 - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] (CVE-2017-2636)

 - If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel)

- PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783]

 - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] (CVE-2016-8633)

 - usbnet: cleanup after bind in probe (Oliver Neukum) [Orabug: 25463898] (CVE-2016-3951)

 - cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bj&oslash rn Mork) [Orabug: 25463898] (CVE-2016-3951)

 - cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] (CVE-2016-3951)

 - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] (CVE-2016-3672)

 - kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] (CVE-2017-2596)

 - crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] (CVE-2016-10147)

 - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] (CVE-2016-9588)

 - KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Kr&#x10D m&aacute &#x159 ) [Orabug:
 25507213] (CVE-2016-9756)

 - tcp: take care of truncations done by sk_filter (Eric Dumazet) [Orabug: 25507226] (CVE-2016-8645)

 - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] (CVE-2016-8645)

 - tipc: check minimum bearer MTU (Michal Kube&#x10D ek) [Orabug: 25507239] (CVE-2016-8632) (CVE-2016-8632)

 - fix minor infoleak in get_user_ex (Al Viro) [Orabug:
 25507269] (CVE-2016-9178)

 - scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] (CVE-2016-7425)

 - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer (Dan Carpenter) [Orabug: 25507319] (CVE-2016-7425)

 - tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] (CVE-2016-7097) (CVE-2016-7097)

 - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] (CVE-2016-7097) (CVE-2016-7097)

 - ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] (CVE-2015-8952)

 - ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] (CVE-2015-8952)

 - mbcache2: reimplement mbcache (Jan Kara) [Orabug:
 25512366] (CVE-2015-8952)

 - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] (CVE-2016-3140)

 - net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet) [Orabug: 25682419] (CVE-2017-6345)

 - net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen)

- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] (CVE-2017-5970)

 - perf/core: Fix concurrent sys_perf_event_open vs.
 'move_group' race (Peter Zijlstra) [Orabug: 25698751] (CVE-2017-6001)

 - ip6_gre: fix ip6gre_err invalid reads (Eric Dumazet) [Orabug: 25699015] (CVE-2017-5897)

 - mpt3sas: Don't spam logs if logging level is 0 (Johannes Thumshirn)

- xen-netfront: cast grant table reference first to type int (Dongli Zhang)

 - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?32b057e2

Plugin Details

Severity: Critical

ID: 99162

File Name: oraclevm_OVMSA-2017-0056.nasl

Version: 3.5

Type: local

Published: 4/3/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, cpe:/o:oracle:vm_server:3.4, p-cpe:/a:oracle:vm:kernel-uek-firmware

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/1/2017

Vulnerability Publication Date: 4/27/2016

Reference Information

CVE: CVE-2015-8952, CVE-2016-10088, CVE-2016-10147, CVE-2016-3140, CVE-2016-3672, CVE-2016-3951, CVE-2016-7097, CVE-2016-7425, CVE-2016-8399, CVE-2016-8632, CVE-2016-8633, CVE-2016-8645, CVE-2016-9178, CVE-2016-9588, CVE-2016-9644, CVE-2016-9756, CVE-2017-2596, CVE-2017-2636, CVE-2017-5897, CVE-2017-5970, CVE-2017-6001, CVE-2017-6345, CVE-2017-7187