OracleVM 2.2 : xen (OVMSA-2013-0074)

high Nessus Plugin ID 79521
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- x86: check segment descriptor read result in 64-bit OUTS emulation XSA-67 (Matthew Daley) [orabug 17571640] (CVE-2013-4368)

- x86: properly set up fbld emulation operand address XSA-66 (Jan Beulich) [orabug 17472492] (CVE-2013-4361)

- x86: properly handle hvm_copy_from_guest_[phys,virt] errors XSA-63 (Jan Beulich) [orabug 17472461] (CVE-2013-4355)

- libxc: builder: limit maximum size of kernel/ramdisk (Ian Campbell) [orabug 15852491] (CVE-2012-4544)

- libxc: builder: Correct fix for CVE-2012-4544 (Ian Campbell) [orabug 15852491] (CVE-2012-4544)

- [PATCH 01/21] libelf: abolish libelf-relocate.c (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 02/21] libxc: introduce xc_dom_seg_to_ptr_pages (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 03/21] libxc: Fix range checking in xc_dom_pfn_to_ptr etc. (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 04/21] libelf: abolish elf_sval and elf_access_signed (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 05/21] libelf/xc_dom_load_elf_symtab: Do not use 'syms' uninitialised (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 06/21] libelf: introduce macros for memory access and pointer handling (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 07/21] tools/xcutils/readnotes: adjust print_l1_mfn_valid_note (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 08/21] libelf: check nul-terminated strings properly (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 09/21] libelf: check all pointer accesses (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 10/21] libelf: Check pointer references in elf_is_elfbinary (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 11/21] libelf: Make all callers call elf_check_broken (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 12/21] libelf: use C99 bool for booleans (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 13/21] libelf: use only unsigned integers (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 14/21] libxc: Introduce xc_bitops.h (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 15/21] libelf: check loops for running away (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 16/21] libelf: abolish obsolete macros (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 17/21] libxc: Add range checking to xc_dom_binloader (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 18/21] libxc: check failure of xc_dom_*_to_ptr, xc_map_foreign_range (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 19/21] libxc: check return values from malloc (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 20/21] libxc: range checks in xc_dom_p2m_host and
_guest (Ian Jackson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- [PATCH 21/21] libxc: check blob size before proceeding in xc_dom_check_gzip (Matthew Daley) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- libxc: define INVALID_MFN for the XSA-55 patchset (Chuck Anderson) [orabug 16902308] (CVE-2013-2194 CVE-2013-2195 CVE-2013-2196)

- fix page refcount handling in page table pin error path (Andrew Cooper) [orabug 16949882] (CVE-2013-1432)

- remove CVE-2013-1919 (Chuck Anderson) [orabug 16635741] (CVE-2013-1919)

- x86: make vcpu_destroy_pagetables preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

- x86: make new_guest_cr3 preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

- x86: make MMUEXT_NEW_USER_BASEPTR preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

- x86: make vcpu_reset preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

- x86: make arch_set_info_guest preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

- x86: make page table unpinning preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

- x86: make page table handling error paths preemptible (Jan Beulich) [orabug 16714903] (CVE-2013-1918)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?82e75a28

Plugin Details

Severity: High

ID: 79521

File Name: oraclevm_OVMSA-2013-0074.nasl

Version: 1.5

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6

CVSS v2

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-64, p-cpe:/a:oracle:vm:xen-debugger, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-pvhvm-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:2.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/16/2013

Vulnerability Publication Date: 10/31/2012

Reference Information

CVE: CVE-2012-4544, CVE-2013-1432, CVE-2013-1918, CVE-2013-1919, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196, CVE-2013-4355, CVE-2013-4361, CVE-2013-4368

BID: 56289, 59292, 59615, 60701, 60702, 60703, 60799, 62708, 62710, 62935