OracleVM 2.1 : kernel (OVMSA-2009-0017)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

CVE-2009-1895 The personality subsystem in the Linux kernel before
2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the
ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or
setgid program, which makes it easier for local users to leverage the
details of memory usage to (1) conduct NULL pointer dereference
attacks, (2) bypass the mmap_min_addr protection mechanism, or (3)
defeat address space layout randomization (ASLR).

CVE-2007-5966 Integer overflow in the hrtimer_start function in
kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local
users to execute arbitrary code or cause a denial of service (panic)
via a large relative timeout value. NOTE: some of these details are
obtained from third party information.

CVE-2009-1389 Buffer overflow in the RTL8169 NIC driver
(drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote
attackers to cause a denial of service (kernel memory corruption and
crash) via a long packet.

- [misc] personality handling: fix PER_CLEAR_ON_SETID
(Vitaly Mayatskikh) [511173 508842] (CVE-2009-1895)

- [misc] hrtimer: fix a soft lockup (Amerigo Wang) [418061
418071] (CVE-2007-5966)

- [net] r8169: fix crash when large packets are received
(Ivan Vecera) [504731 504732] (CVE-2009-1389)

See also :

http://www.nessus.org/u?c1bca70a

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79461 ()

Bugtraq ID: 26880
35281
35647

CVE ID: CVE-2007-5966
CVE-2009-1389
CVE-2009-1895

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now