OracleVM 3.3 / 3.4 : procps (OVMSA-2018-0226)

critical Nessus Plugin ID 110306
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing a security update.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug (Konrad Rzeszutek Wilk) [bug 18011019]

- drop leftover assignment in fix for CVE-2018-1124 causing a severe regression

- Resolves: (CVE-2018-1124)

- fix integer overflows leading to heap overflow in file2strvec

- Resolves: CVE-2018-1124 (CVE-2018-1126)

- ps: STIME no longer 1970 if many cores in /proc/stat

- Resolves: rhbz#1460176

- slabtop: additional work on usage computation to work on 32bit archs

- Related: rhbz#1330008

- Removal of patch 92 - procps-3.2.8-pgrep-15-chars-warning.patch

- Related: rhbz#877352

- Rework of patch 91 from 3.2.8-37, stripping removed permanently, no new option

- Resolves: rhbz#1322111

- top: Termination with segfault if /proc becomes inaccessible during run

- Resolves: rhbz#928724

- sysctl manpage: Added explanation of conf files precedence

- Resolves: rhbz#1217077

- sysctl.conf manpage: new NOTES section with predefined vars hint

- Resolves: rhbz#1318644

- slabtop: fixing incorrect usage percent computation - int overflow

- Resolves: rhbz#1330008

- New warning if pattern exceeds 15 characters without -f option

- Resolves: #877352

- Adding option to skip stripping of wchan name data

- Resolves: #1322111

- #1201024 - [RFE] Increase sysctl -p line size limit

- #1246573 - typo in ps man page

- #1251101 - Fixing human readable patch (removing trailing spaces)

- #1284076 - [RFE] Support for thread cgroups

- #1288208 - use of /proc/self/auxv breaks ps when running as a different euid

- #1288497 - pmap - no sums computed for RSS and Dirty column

- Resolves: #1201024 #1246573 #1251101 #1284076 #1288208 #1288497

- #1262870 - Correctly skip vmflags (and other keys starting with A-Z)

- Resolves: #1262870

- #1246379 - free: values truncated to the column width

- Resolves: #1246379

- #1120580 - [RFE] Have sysctl -p read info from /etc/sysctl.d

- Related: rhbz#1120580

- #1120580 - [RFE] Have sysctl -p read info from /etc/sysctl.d

- Related: rhbz#1120580

- #993072 - Make the 'free' command a little more human friendly

- #1172059 - ps coredump in stat2proc

- #1120580 - [RFE] Have sysctl -p read info from /etc/sysctl.d

- #1123311 - RFE: 'w' should have '-n' flag to suppress reverse name resolution of IP addresses

- #1163404 - [procps] find_elf_note invalid read if setenv has been called before libproc init

- Resolves: rhbz#993072 rhbz#1172059 rhbz#1120580 rhbz#1123311 rhbz#1163404

- #977467 - [RFE] Have sysctl -p read info from /etc/sysctl.d

- Resolves: rhbz#977467

- Reimplementing (#1060681) due to regressions

- Related: rhbz#1060681

- #1105125 - Locale dependent float delay in top and watch utilities

- #1039013 - Include an API in RHEL to return the number of opened file descriptors for a process

- Resolves: rhbz#1105125

- Related: rhbz#1034337

- #1060681 - ps -p cycles over all PIDs instead of just one

- #963799 - Should shared memory be accounted in cached in free output?

- Resolves: rhbz#1060681 rhbz#963799

- #1089817 - Return value of pgrep is incorrect

- #950748 - /lib64/libproc.so package both in procps and procps-devel

- #1011216 - Backport man page fix of top utility - RES = CODE + DATA

- #1082877 - top/man: RES - physical memory a task 'has used'->'is using'

- #1034337 - Include man pages for openproc, readproc and readproctab

- Resolves: rhbz#1089817 rhbz#950748 rhbz#1011216 rhbz#1082877 rhbz#1034337

Solution

Update the affected procps package.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2018-June/000861.html

https://oss.oracle.com/pipermail/oraclevm-errata/2018-June/000862.html

Plugin Details

Severity: Critical

ID: 110306

File Name: oraclevm_OVMSA-2018-0226.nasl

Version: 1.6

Type: local

Published: 6/4/2018

Updated: 9/27/2019

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*, cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:vm:procps:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/1/2018

Vulnerability Publication Date: 5/23/2018

Reference Information

CVE: CVE-2018-1124, CVE-2018-1126

IAVA: 2018-A-0174