OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)

Critical Nessus Plugin ID 88783

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Update fix for CVE-2015-7547 (#1296028).

- Create helper threads with enough stack for POSIX AIO and timers (#1301625).

- Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296028).

- Support loading more libraries with static TLS (#1291270).

- Check for NULL arena pointer in _int_pvalloc (#1256890).

- Don't change no_dyn_threshold on mallopt failure (#1256891).

- Unlock main arena after allocation in calloc (#1256812).

- Enable robust malloc change again (#1256812).

- Fix perturbing in malloc on free and simply perturb_byte (#1256812).

- Don't fall back to mmap prematurely (#1256812).

- The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1244002).

- Fix ruserok check to reject, not skip, negative user checks (#1217186).

- Optimize ruserok function for large ~/.rhosts (#1217186).

- Fix crash in valloc due to the backtrace deadlock fix (#1207236).

- Fix buffer overflow in gethostbyname_r with misaligned buffer (#1209376, CVE-2015-1781).

- Avoid deadlock in malloc on backtrace (#1066724).

- Support running applications that use Intel AVX-512 (#1195453).

- Silence logging of record type mismatch for DNSSEC records (#1088301).

- Shrink heap on free when vm.overcommit_memory == 2 (#867679).

- Enhance nscd to detect any configuration file changes (#859965).

- Fix __times handling of EFAULT when buf is NULL (#1124204).

- Fix memory leak with dlopen and thread-local storage variables (#978098).

- Prevent getaddrinfo from writing DNS queries to random fd (CVE-2013-7423, - Implement userspace half of in6.h header coordination (#1053178).

- Correctely size relocation cache used by profiler (#1144132).

- Fix reuse of cached stack leading to bounds overrun of DTV (#1116050).

- Return failure in getnetgrent only when all netgroups have been searched (#1085312).

- Fix valgrind warning in nscd_stats (#1091915).

- Initialize xports array (#1159167).

- Fix tst-default-attr test to not fail on powerpc (#1023306).

- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183534).

- Fix typo in nscd/selinux.c (#1125307).

- Actually run test-iconv modules (#1176907).

- Fix recursive dlopen (#1154563).

- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1172044).

- Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817, #1171296).

- Fix typo in res_send and res_query (#rh1138769).

Solution

Update the affected glibc / glibc-common / nscd packages.

See Also

http://www.nessus.org/u?92d5b0bd

https://www.tenable.com/security/research/tra-2017-08

Plugin Details

Severity: Critical

ID: 88783

File Name: oraclevm_OVMSA-2016-0013.nasl

Version: 2.23

Type: local

Published: 2016/02/17

Updated: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:glibc, p-cpe:/a:oracle:vm:glibc-common, p-cpe:/a:oracle:vm:nscd, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/02/16

Exploitable With

Core Impact

Metasploit (Exim GHOST (glibc gethostbyname) Buffer Overflow)

Reference Information

CVE: CVE-2013-7423, CVE-2014-6040, CVE-2014-7817, CVE-2015-0235, CVE-2015-1781, CVE-2015-7547

BID: 69472, 71216, 72325, 72844, 74255

TRA: TRA-2017-08

IAVA: 2016-A-0053