Virtuozzo 7 : readykernel-patch (VZA-2017-062)

High Nessus Plugin ID 101233

Synopsis

The remote Virtuozzo host is missing a security update.

Description

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :

- The NFSv4 server in the Linux kernel compiled with CONFIG_NFSD_PNFS enabled does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. The attack payload fits to single one-way UDP packet. The provided input value is used for array dereferencing. This may lead to a remote DoS of [knfsd] and so to a soft-lockup of a whole system.

- A vulnerability was found in the implementation of setsockopt() operations in the Linux kernel. A privileged user inside a container could cause a DoS attack on the host (kernel deadlock in ip_ra_control() function) using a specially crafted sequence of system calls.

Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the readykernel patch.

See Also

https://help.virtuozzo.com/customer/portal/articles/2835401

http://www.nessus.org/u?858fd78c

http://www.nessus.org/u?7ef02dd1

http://www.nessus.org/u?f55bb5c8

Plugin Details

Severity: High

ID: 101233

File Name: Virtuozzo_VZA-2017-062.nasl

Version: 3.10

Type: local

Published: 2017/07/06

Updated: 2019/01/14

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:virtuozzo:virtuozzo:readykernel, cpe:/o:virtuozzo:virtuozzo:7

Required KB Items: Host/local_checks_enabled, Host/Virtuozzo/release, Host/Virtuozzo/rpm-list, Host/readykernel-info

Patch Publication Date: 2017/07/05

Reference Information

CVE: CVE-2017-8797