OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Update fix for CVE-2015-7547 (#1296028).

- Create helper threads with enough stack for POSIX AIO
and timers (#1301625).

- Fix CVE-2015-7547: getaddrinfo stack-based buffer
overflow (#1296028).

- Support loading more libraries with static TLS
(#1291270).

- Check for NULL arena pointer in _int_pvalloc (#1256890).

- Don't change no_dyn_threshold on mallopt failure
(#1256891).

- Unlock main arena after allocation in calloc (#1256812).

- Enable robust malloc change again (#1256812).

- Fix perturbing in malloc on free and simply perturb_byte
(#1256812).

- Don't fall back to mmap prematurely (#1256812).

- The malloc deadlock avoidance support has been
temporarily removed since it triggers deadlocks in
certain applications (#1244002).

- Fix ruserok check to reject, not skip, negative user
checks (#1217186).

- Optimize ruserok function for large ~/.rhosts
(#1217186).

- Fix crash in valloc due to the backtrace deadlock fix
(#1207236).

- Fix buffer overflow in gethostbyname_r with misaligned
buffer (#1209376, CVE-2015-1781).

- Avoid deadlock in malloc on backtrace (#1066724).

- Support running applications that use Intel AVX-512
(#1195453).

- Silence logging of record type mismatch for DNSSEC
records (#1088301).

- Shrink heap on free when vm.overcommit_memory == 2
(#867679).

- Enhance nscd to detect any configuration file changes
(#859965).

- Fix __times handling of EFAULT when buf is NULL
(#1124204).

- Fix memory leak with dlopen and thread-local storage
variables (#978098).

- Prevent getaddrinfo from writing DNS queries to random
fd (CVE-2013-7423, - Implement userspace half of in6.h
header coordination (#1053178).

- Correctely size relocation cache used by profiler
(#1144132).

- Fix reuse of cached stack leading to bounds overrun of
DTV (#1116050).

- Return failure in getnetgrent only when all netgroups
have been searched (#1085312).

- Fix valgrind warning in nscd_stats (#1091915).

- Initialize xports array (#1159167).

- Fix tst-default-attr test to not fail on powerpc
(#1023306).

- Fix parsing of numeric hosts in gethostbyname_r
(CVE-2015-0235, #1183534).

- Fix typo in nscd/selinux.c (#1125307).

- Actually run test-iconv modules (#1176907).

- Fix recursive dlopen (#1154563).

- Fix crashes on invalid input in IBM gconv modules
(CVE-2014-6040, #1172044).

- Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817,
#1171296).

- Fix typo in res_send and res_query (#rh1138769).

See also :

http://www.nessus.org/u?92d5b0bd
https://www.tenable.com/security/research/tra-2017-08

Solution :

Update the affected glibc / glibc-common / nscd packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 88783 ()

Bugtraq ID: 69472
71216
72325
72844
74255

CVE ID: CVE-2013-7423
CVE-2014-6040
CVE-2014-7817
CVE-2015-0235
CVE-2015-1781
CVE-2015-7547

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now