This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote OracleVM host is missing one or more security updates.
The remote OracleVM system is missing necessary patches to address
critical security updates :
CVE-2009-1895 The personality subsystem in the Linux kernel before
2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the
ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or
setgid program, which makes it easier for local users to leverage the
details of memory usage to (1) conduct NULL pointer dereference
attacks, (2) bypass the mmap_min_addr protection mechanism, or (3)
defeat address space layout randomization (ASLR).
CVE-2007-5966 Integer overflow in the hrtimer_start function in
kernel/hrtimer.c in the Linux kernel before 220.127.116.11 allows local
users to execute arbitrary code or cause a denial of service (panic)
via a large relative timeout value. NOTE: some of these details are
obtained from third party information.
CVE-2009-1389 Buffer overflow in the RTL8169 NIC driver
(drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote
attackers to cause a denial of service (kernel memory corruption and
crash) via a long packet.
- [misc] personality handling: fix PER_CLEAR_ON_SETID
(Vitaly Mayatskikh) [511173 508842] (CVE-2009-1895)
- [misc] hrtimer: fix a soft lockup (Amerigo Wang) [418061
- [net] r8169: fix crash when large packets are received
(Ivan Vecera) [504731 504732] (CVE-2009-1389)
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true