OracleVM 3.2 : xen (OVMSA-2013-0004)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Xen Security Advisory CVE-2012-5634 / XSA-33 (v3) VT-d
interrupt remapping source validation flaw

The patch supplied for Xen 4.1 (xsa33-4.1.patch)
contained a build error. A corrected patch is attached.
The fix is also now available in as changeset
23441:2a91623a5807

When passing a device which is behind a legacy PCI
Bridge through to a guest Xen incorrectly configures the
VT-d hardware. This could allow incorrect interrupts to
be injected to other guests which also have passthrough
devices. In a typical Xen system many devices are owned
by domain 0 or driver domains, leaving them vulnerable
to such an attack. Such a DoS is likely to have an
impact on other guests running in the system.

A malicious domain, given access to a device which is
behind a legacy PCI bridge, can mount a denial of
service attack affecting the whole system.

Xen version 4.0 onwards is vulnerable. Only systems
using Intel VT-d for PCI passthrough are vulnerable. Any
domain which is given access to a PCI device that is
behind a legacy PCI bridge can take advantage of this
vulnerability. Domains which are given access to PCIe
devices only are not able to take advantage of this
vulnerability.

This issue can be avoided by not assigning PCI devices
which are behind a legacy PCI bridge to untrusted
guests.

See also :

http://www.nessus.org/u?b895879d

Solution :

Update the affected xen / xen-devel / xen-tools packages.

Risk factor :

Medium / CVSS Base Score : 6.1
(CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79496 ()

Bugtraq ID: 57223

CVE ID: CVE-2012-5634

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now