OracleVM 3.0 : xen (OVMSA-2012-0020)

high Nessus Plugin ID 79476

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- x86-64: detect processors subject to AMD erratum #121 and refuse to boot(CVE-2006-0744)

- guest denial of service on syscall/sysenter exception generation (CVE-2012-0217)

- Remove unnecessary balloon retries on vm create. This is a backport from fix for bug 14143327.

- This backport from 3.1.1: Author: amisherf Put back the patch that prevent older guest that uses kudzu from hanging on a reboot. Fixed the patch to prevent excessive watcher writes which causes xend, xenstored to run at a 100% cpu usage. Now the watch is written only if console in Initialising, InitWait, Initialised states which happen once at boot time. [bug 13523487]

- Backport from upstream changeset 20968 xend: notify xenpv device model that console info is ready Sometimes PV domain with vfb doesn't boot up. /sbin/kudzu is stuck. After investigation, I've found that the evtchn for console is not bound at all. Normal sequence of evtchn initialization in qemu-dm for xenpv is: 1) watch xenstore backpath (/local/domain/0/backend/console/<domid>/0) 2) read console info (/local/domain/<domid>/console/[type, ring-ref, port..= ]) 3) bind the evtchn to the port. But in some case, xend writes to the backpath before the console info is prepared, and never write to the backpath again. So the qemu-dm fails at 2) and never reach to 3). When this happens, manually xenstore-write command on Domain-0 resumes the guest.

- Set max cstate to 1. This is a backport requirement for bug 13703504. We have several bugs that cstate made system unstable, both for ovm2 and ovm3: For OVM3.x: Bug 13703504 - unexplained network disconnect causes ocfs to fence the server For OVM2.x

Solution

Update the affected xen / xen-devel / xen-tools packages.

See Also

http://www.nessus.org/u?fc519774

http://www.nessus.org/u?f23ffdff

http://www.nessus.org/u?a21b79d3

https://oss.oracle.com/pipermail/oraclevm-errata/2012-June/000083.html

Plugin Details

Severity: High

ID: 79476

File Name: oraclevm_OVMSA-2012-0020.nasl

Version: 1.11

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.0

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/13/2012

Vulnerability Publication Date: 4/18/2006

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (FreeBSD Intel SYSRET Privilege Escalation)

Reference Information

CVE: CVE-2006-0744, CVE-2012-0217

BID: 53856

CWE: 20