New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote OracleVM host is missing one or more security updates.
DescriptionThe remote OracleVM system is missing necessary patches to address critical security updates :
CVE-2009-1192 The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
CVE-2009-1072 nfsd in the Linux kernel before 220.127.116.11 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
CVE-2009-1758 The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in 'certain address ranges.'
CVE-2009-1439 Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
CVE-2009-1633 Multiple buffer overflows in the cifs subsystem in the Linux kernel before 18.104.22.168 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
CVE-2009-1630 The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 22.214.171.124 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
- [agp] zero pages before sending to userspace (Jiri Olsa) [497025 497026] (CVE-2009-1192)
- [misc] add some long-missing capabilities to CAP_FS_MASK (Eric Paris) [499075 497271 499076 497272] (CVE-2009-1072)
- [x86] xen: fix local denial of service (Chris Lalancette) [500950 500951] (CVE-2009-1758)
- [fs] cifs: unicode alignment and buffer sizing problems (Jeff Layton) [494279 494280] (CVE-2009-1439)
- [fs] cifs: buffer overruns when converting strings (Jeff Layton) [496576 496577] (CVE-2009-1633)
- [fs] cifs: fix error handling in parse_DFS_referrals (Jeff Layton) [496576 496577] (CVE-2009-1633)
- [fs] cifs: fix pointer and checks in cifs_follow_symlink (Jeff Layton) [496576 496577] (CVE-2009-1633)
- [nfs] v4: client handling of MAY_EXEC in nfs_permission (Peter Staubach) [500301 500302] (CVE-2009-1630)
- backport cifs support from OEL5U3
SolutionUpdate the affected packages.