OracleVM 2.2 : kernel (OVMSA-2009-0033)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- [security] require root for mmap_min_addr (Eric Paris)
[518142 518143] (CVE-2009-2695)

- [md] prevent crash when accessing suspend_* sysfs attr
(Danny Feng) [518135 518136] (CVE-2009-2849)

- [nfs] knfsd: fix NFSv4 O_EXCL creates (Jeff Layton)
[522163 524521] (CVE-2009-3286)

- [fs] fix pipe null pointer dereference (Jeff Moyer)
[530938 530939] (CVE-2009-3547)

- [net] r8169: balance pci_map/unmap pair, use hw padding
(Ivan Vecera) [529143 515857] (CVE-2009-3613)

- [net] tc: fix uninitialized kernel memory leak (Jiri
Pirko) [520994 520863](CVE-2009-3228)

See also :

http://www.nessus.org/u?c6f5df51

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79470 ()

Bugtraq ID: 36304
36472
36706
36901

CVE ID: CVE-2009-2695
CVE-2009-2849
CVE-2009-3228
CVE-2009-3286
CVE-2009-3547
CVE-2009-3613

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now