OracleVM 2.1 : kernel (OVMSA-2009-0004)

High Nessus Plugin ID 79453


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

CVE-2008-3528 The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.

CVE-2008-5700 libata in the Linux kernel before does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.

CVE-2009-0028 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. CVE-2009-0322 drivers/firmware/dell_rbu.c in the Linux kernel before, and 2.6.28.x before, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0675 The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an 'inverted logic' issue. CVE-2009-0676 The sock_getsockopt function in net/core/sock.c in the Linux kernel before does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.

- CVE-2008-3528 - [fs] ext[234]: directory corruption DoS (Eugene Teo)

- CVE-2008-5700 - [block] enforce a minimum SG_IO timeout (Eugene Teo)

- CVE-2009-0322 - [firmware] dell_rbu: prevent oops (Don Howard)

- CVE-2009-0028 - [misc] minor signal handling vulnerability (Oleg Nesterov) [479963 479964]

- CVE-2009-0676 - [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene Teo) [486517 486518]

- CVE-2009-0675 - [net] skfp_ioctl inverted logic flaw (Eugene Teo)

- CVE-2009-0778 - not required

- CVE-2009-0269 - not required

- Enable enic

- Finish porting infrastructure for fnic but disable it on 32bit

- Add netconsole support for bonding in dom0 (Tina Yang) [orabug 8231228]

- Add Cisco fnic/enic support, requires fc infrastructure from el5u3


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 79453

File Name: oraclevm_OVMSA-2009-0004.nasl

Version: $Revision: 1.7 $

Type: local

Published: 2014/11/26

Modified: 2017/10/16

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-BOOT, p-cpe:/a:oracle:vm:kernel-BOOT-devel, p-cpe:/a:oracle:vm:kernel-kdump, p-cpe:/a:oracle:vm:kernel-kdump-devel, p-cpe:/a:oracle:vm:kernel-ovs, p-cpe:/a:oracle:vm:kernel-ovs-devel, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/04/16

Reference Information

CVE: CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778

BID: 33846

OSVDB: 51606, 52204

CWE: 189, 264, 399