OracleVM 2.1 : kernel (OVMSA-2009-0004)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

CVE-2008-3528 The error-reporting functionality in (1) fs/ext2/dir.c,
(2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel
2.6.26.5 does not limit the number of printk console messages that
report directory corruption, which allows physically proximate
attackers to cause a denial of service (temporary system hang) by
mounting a filesystem that has corrupted dir->i_size and dir->i_blocks
values and performing (a) read or (b) write operations. NOTE: there
are limited scenarios in which this crosses privilege boundaries.

CVE-2008-5700 libata in the Linux kernel before 2.6.27.9 does not set
minimum timeouts for SG_IO requests, which allows local users to cause
a denial of service (Programmed I/O mode on drives) via multiple
simultaneous invocations of an unspecified test program.

CVE-2009-0028 The clone system call in the Linux kernel 2.6.28 and
earlier allows local users to send arbitrary signals to a parent
process from an unprivileged child process by launching an additional
child process with the CLONE_PARENT flag, and then letting this new
process exit. CVE-2009-0322 drivers/firmware/dell_rbu.c in the Linux
kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local
users to cause a denial of service (system crash) via a read system
call that specifies zero bytes from the (1) image_type or (2)
packet_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0675 The
skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel
before 2.6.28.6 permits SKFP_CLR_STATS requests only when the
CAP_NET_ADMIN capability is absent, instead of when this capability is
present, which allows local users to reset the driver statistics,
related to an 'inverted logic' issue. CVE-2009-0676 The
sock_getsockopt function in net/core/sock.c in the Linux kernel before
2.6.28.6 does not initialize a certain structure member, which allows
local users to obtain potentially sensitive information from kernel
memory via an SO_BSDCOMPAT getsockopt request.

- CVE-2008-3528 - [fs] ext[234]: directory corruption DoS
(Eugene Teo)

- CVE-2008-5700 - [block] enforce a minimum SG_IO timeout
(Eugene Teo)

- CVE-2009-0322 - [firmware] dell_rbu: prevent oops (Don
Howard)

- CVE-2009-0028 - [misc] minor signal handling
vulnerability (Oleg Nesterov) [479963 479964]

- CVE-2009-0676 - [net] memory disclosure in SO_BSDCOMPAT
gsopt (Eugene Teo) [486517 486518]

- CVE-2009-0675 - [net] skfp_ioctl inverted logic flaw
(Eugene Teo)

- CVE-2009-0778 - not required

- CVE-2009-0269 - not required

- Enable enic

- Finish porting infrastructure for fnic but disable it on
32bit

- Add netconsole support for bonding in dom0 (Tina Yang)
[orabug 8231228]

- Add Cisco fnic/enic support, requires fc infrastructure
from el5u3

See also :

http://www.nessus.org/u?8a2723e7

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79453 ()

Bugtraq ID: 33846

CVE ID: CVE-2008-3528
CVE-2008-5700
CVE-2009-0028
CVE-2009-0269
CVE-2009-0322
CVE-2009-0675
CVE-2009-0676
CVE-2009-0778

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now