OracleVM 3.2 : xen (OVMSA-2014-0026)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- x86/HVM: properly bound x2APIC MSR range This is
XSA-108. Additional changelog comments added to
4.1.3-25.el5.94.1.3 (CVE-2014-7188)

- Fix for bug 19698532

- x86emul: only emulate software interrupt injection for
real mode Protected mode emulation currently lacks
proper privilege checking of the referenced IDT entry,
and there's currently no legitimate way for any of the
respective instructions to reach the emulator when the
guest is in protected mode. This is XSA-106.

- x86/emulate: check cpl for all privileged instructions
Without this, it is possible for userspace to load its
own IDT or GDT. This is XSA-105. (CVE-2014-7155)

See also :

Solution :

Update the affected xen / xen-devel / xen-tools packages.

Risk factor :

High / CVSS Base Score : 8.3
CVSS Temporal Score : 6.1
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79542 ()

Bugtraq ID: 70057

CVE ID: CVE-2014-7155

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now