OracleVM 3.2 : dhcp (OVMSA-2016-0058)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing a security update.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- exit(2) after sending DHCPDECLINE when dhclient has been
started with '-1' (RHBZ #756490)

- An error in the handling of malformed client identifiers
can cause a denial-of-service condition in affected
servers. (CVE-2012-3571, #843125)

- Propagate libdhcp timeout to internal timeout_arg (RHBZ
#736515)

- A pair of defects cause the server to halt upon
processing certain packets (CVE-2011-2748,
CVE-2011-2749, #729881)

- dhclient.conf(5), dhclient(8) mention that interface-mtu
option is also requested by default (RHBZ #694264)

- Better fix for CVE-2011-0997: making domain-name check
more lenient (RHBZ #690577)

- dhclient requests interface-mtu option by default (RHBZ
#694264)

- dhclient.conf(5) fix (RHBZ #585855)

- Make dhcpd init script LSB compliant (RHBZ #610128)

- Use PID for seeding the random number generator in
dhclient (RHBZ #623953)

- Add DHCRELAYARGS variable to /etc/sysconfig/dhcrelay
(RHBZ #624965)

- 'lease imbalance' messages are not logged unless
rebalance was actually attempted (RHBZ #661939)

- Explicitly clear the ARP cache and flush all addresses &
routes instead of bringing the interface down (RHBZ
#685048)

- IPoIB support (RHBZ #660679)

- dhclient: insufficient sanitization of certain DHCP
response values (CVE-2011-0997, #690577)

- A partner-down failover server no longer emits 'peer
holds all free leases' if it is able to newly-allocate
one of the peer's leases. (RHBZ #610219)

- The server's 'by client-id' and 'by hardware address'
hash table lists are now sorted according to the
preference to re-allocate that lease to returning
clients. This should eliminate pool starvation problems
arising when 'INIT' clients were given new leases rather
than presently active ones. (RHBZ #615995)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000486.html

Solution :

Update the affected dhclient package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 91742 ()

Bugtraq ID: 47176
49120
54665

CVE ID: CVE-2011-0997
CVE-2011-2748
CVE-2011-2749
CVE-2012-3571

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now