OracleVM 2.1 : kernel (OVMSA-2009-0014)

High Nessus Plugin ID 79460

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

CVE-2009-1192 The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.

CVE-2009-1072 nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

CVE-2009-1758 The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in 'certain address ranges.'

CVE-2009-1439 Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.

CVE-2009-1633 Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.

CVE-2009-1630 The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

- [agp] zero pages before sending to userspace (Jiri Olsa) [497025 497026] (CVE-2009-1192)

- [misc] add some long-missing capabilities to CAP_FS_MASK (Eric Paris) [499075 497271 499076 497272] (CVE-2009-1072)

- [x86] xen: fix local denial of service (Chris Lalancette) [500950 500951] (CVE-2009-1758)

- [fs] cifs: unicode alignment and buffer sizing problems (Jeff Layton) [494279 494280] (CVE-2009-1439)

- [fs] cifs: buffer overruns when converting strings (Jeff Layton) [496576 496577] (CVE-2009-1633)

- [fs] cifs: fix error handling in parse_DFS_referrals (Jeff Layton) [496576 496577] (CVE-2009-1633)

- [fs] cifs: fix pointer and checks in cifs_follow_symlink (Jeff Layton) [496576 496577] (CVE-2009-1633)

- [nfs] v4: client handling of MAY_EXEC in nfs_permission (Peter Staubach) [500301 500302] (CVE-2009-1630)

- backport cifs support from OEL5U3

Solution

Update the affected packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2009-July/000027.html

Plugin Details

Severity: High

ID: 79460

File Name: oraclevm_OVMSA-2009-0014.nasl

Version: 1.7

Type: local

Published: 2014/11/26

Updated: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-BOOT, p-cpe:/a:oracle:vm:kernel-BOOT-devel, p-cpe:/a:oracle:vm:kernel-kdump, p-cpe:/a:oracle:vm:kernel-kdump-devel, p-cpe:/a:oracle:vm:kernel-ovs, p-cpe:/a:oracle:vm:kernel-ovs-devel, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/07/06

Reference Information

CVE: CVE-2009-1072, CVE-2009-1192, CVE-2009-1439, CVE-2009-1630, CVE-2009-1633, CVE-2009-1758

BID: 34205, 34453, 34612, 34673, 34934, 34957

CWE: 16, 119, 264, 399