OracleVM 2.1 : kernel (OVMSA-2009-0009)

High Nessus Plugin ID 79456

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

CVE-2008-4307 Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.

CVE-2009-1337 The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.

CVE-2009-0834 The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.

CVE-2009-1336 fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.

- CVE-2008-4307 -[nfs] remove bogus lock-if-signalled case (Bryn M. Reeves) [456287 456288]

- CVE-2009-1337 - [misc] exit_notify: kill the wrong capable check

- CVE-2009-0834 - [ptrace] audit_syscall_entry to use right syscall number (Jiri Pirko) [488001 488002]

- CVE-2009-1336 - [nfs] v4: client crash on file lookup with long names (Sachin S. Prabhu) [494078 493942]

Solution

Update the affected packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2009-May/000023.html

Plugin Details

Severity: High

ID: 79456

File Name: oraclevm_OVMSA-2009-0009.nasl

Version: 1.6

Type: local

Published: 2014/11/26

Updated: 2019/01/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-BOOT, p-cpe:/a:oracle:vm:kernel-BOOT-devel, p-cpe:/a:oracle:vm:kernel-kdump, p-cpe:/a:oracle:vm:kernel-kdump-devel, p-cpe:/a:oracle:vm:kernel-ovs, p-cpe:/a:oracle:vm:kernel-ovs-devel, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/05/18

Reference Information

CVE: CVE-2008-4307, CVE-2009-0342, CVE-2009-0343, CVE-2009-0834, CVE-2009-1336, CVE-2009-1337

BID: 33417, 33951, 34405

CWE: 20, 264, 362