OracleVM 2.1 : kernel (OVMSA-2009-0004)

High Nessus Plugin ID 79453

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

CVE-2008-3528 The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.

CVE-2008-5700 libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.

CVE-2009-0028 The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. CVE-2009-0322 drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. CVE-2009-0675 The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an 'inverted logic' issue. CVE-2009-0676 The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.

- CVE-2008-3528 - [fs] ext[234]: directory corruption DoS (Eugene Teo)

- CVE-2008-5700 - [block] enforce a minimum SG_IO timeout (Eugene Teo)

- CVE-2009-0322 - [firmware] dell_rbu: prevent oops (Don Howard)

- CVE-2009-0028 - [misc] minor signal handling vulnerability (Oleg Nesterov) [479963 479964]

- CVE-2009-0676 - [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene Teo) [486517 486518]

- CVE-2009-0675 - [net] skfp_ioctl inverted logic flaw (Eugene Teo)

- CVE-2009-0778 - not required

- CVE-2009-0269 - not required

- Enable enic

- Finish porting infrastructure for fnic but disable it on 32bit

- Add netconsole support for bonding in dom0 (Tina Yang) [orabug 8231228]

- Add Cisco fnic/enic support, requires fc infrastructure from el5u3

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?8a2723e7

Plugin Details

Severity: High

ID: 79453

File Name: oraclevm_OVMSA-2009-0004.nasl

Version: 1.8

Type: local

Published: 2014/11/26

Updated: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.1

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-BOOT, p-cpe:/a:oracle:vm:kernel-BOOT-devel, p-cpe:/a:oracle:vm:kernel-kdump, p-cpe:/a:oracle:vm:kernel-kdump-devel, p-cpe:/a:oracle:vm:kernel-ovs, p-cpe:/a:oracle:vm:kernel-ovs-devel, cpe:/o:oracle:vm_server:2.1

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/04/16

Reference Information

CVE: CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778

BID: 33846

CWE: 189, 264, 399