OracleVM 3.0 : xen (OVMSA-2012-0020)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- x86-64: detect processors subject to AMD erratum #121
and refuse to boot(CVE-2006-0744)

- guest denial of service on syscall/sysenter exception
generation (CVE-2012-0217)

- Remove unnecessary balloon retries on vm create. This is
a backport from fix for bug 14143327.

- This backport from 3.1.1: Author: amisherf Put back the
patch that prevent older guest that uses kudzu from
hanging on a reboot. Fixed the patch to prevent
excessive watcher writes which causes xend, xenstored to
run at a 100% cpu usage. Now the watch is written only
if console in Initialising, InitWait, Initialised states
which happen once at boot time. [bug 13523487]

- Backport from upstream changeset 20968 xend: notify
xenpv device model that console info is ready Sometimes
PV domain with vfb doesn't boot up. /sbin/kudzu is
stuck. After investigation, I've found that the evtchn
for console is not bound at all. Normal sequence of
evtchn initialization in qemu-dm for xenpv is: 1) watch
xenstore backpath
(/local/domain/0/backend/console/<domid>/0) 2) read
console info (/local/domain/<domid>/console/[type,
ring-ref, port..= ]) 3) bind the evtchn to the port. But
in some case, xend writes to the backpath before the
console info is prepared, and never write to the
backpath again. So the qemu-dm fails at 2) and never
reach to 3). When this happens, manually xenstore-write
command on Domain-0 resumes the guest.

- Set max cstate to 1. This is a backport requirement for
bug 13703504. We have several bugs that cstate made
system unstable, both for ovm2 and ovm3: For OVM3.x: Bug
13703504 - unexplained network disconnect causes ocfs to
fence the server For OVM2.x

See also :

http://www.nessus.org/u?fc519774
http://www.nessus.org/u?f23ffdff
http://www.nessus.org/u?a21b79d3
https://oss.oracle.com/pipermail/oraclevm-errata/2012-June/000083.html

Solution :

Update the affected xen / xen-devel / xen-tools packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79476 ()

Bugtraq ID: 53856

CVE ID: CVE-2006-0744
CVE-2012-0217

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now