OracleVM 3.3 / 3.4 : coreutils (OVMSA-2017-0052)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- clean up empty file if cp is failed [Orabug 15973168]

- pure rebuild to bring back support for
acl_extended_file_nofollow on x86_64

- su: deny killing other processes with root privileges
(CVE-2017-2616)

- fix the functionality of 'sort -h -k ...' in multi-byte
locales (#1357979)

- use correct path to grep(1) in colorls.sh (#1376892)

- make colorls.sh compatible with ksh (#1321643)

- sed should actually be /bin/sed (related #1222140)

- colorls.sh,colorls.csh - call utilities with complete
path (#1222140)

- mkdir, mkfifo, mknod - respect default umask/acls when
COREUTILS_CHILD_DEFAULT_ACLS envvar is set (to match
rhel 7 behaviour,

- ls: improve efficiency on filesystems without support
for ACLs, xattrs or SELinux (#1248141)

- su: suppress PAM info messages for -c or non-login
sessions (#1267588)

- tail, stat: recognize several new filesystems - up2date
by Jan 1st 2016 (#1280333)

- du: improve du error message of coreutils commands in a
chrooted environment (patch by Boris Ranto) (#1086916)

- su: fix incorrect message printing when su is killed
(#1147532)

See also :

http://www.nessus.org/u?40167d41
http://www.nessus.org/u?7493a037

Solution :

Update the affected coreutils / coreutils-libs packages.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 99079 ()

Bugtraq ID:

CVE ID: CVE-2017-2616

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now