OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)

high Nessus Plugin ID 91155
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 4.2


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- fix CVE-2014-3538 (unrestricted regular expression matching)

- fix #1284826 - try to read ELF header to detect corrupted one

- fix #1263987 - fix bugs found by coverity in the patch

- fix CVE-2014-3587 (incomplete fix for CVE-2012-1571)

- fix CVE-2014-3710 (out-of-bounds read in elf note headers)

- fix CVE-2014-8116 (multiple DoS issues (resource consumption))

- fix CVE-2014-8117 (denial of service issue (resource consumption))

- fix CVE-2014-9620 (limit the number of ELF notes processed)

- fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory)

- fix #809898 - add support for detection of Python 2.7 byte-compiled files

- fix #1263987 - fix coredump execfn detection on ppc64 and s390

- fix #966953 - include msooxml file in magic.mgc generation

- fix #966953 - increate the strength of MSOOXML magic patterns

- fix #1169509 - add support for Java 1.7 and 1.8

- fix #1243650 - comment out too-sensitive Pascal magic

- fix #1080453 - remove .orig files from magic directory

- fix #1161058 - add support for EPUB

- fix #1162149 - remove parts of patches patching .orig files

- fix #1154802 - fix detection of zip files containing file named mime

- fix #1246073 - fix detection UTF8 and UTF16 encoded XML files

- fix #1263987 - add new execfn to coredump output to show the real name of executable which generated the coredump

- fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files

- fix #966953 - backport support for MSOOXML


Update the affected file / file-libs packages.

See Also

Plugin Details

Severity: High

ID: 91155

File Name: oraclevm_OVMSA-2016-0050.nasl

Version: 2.5

Type: local

Published: 5/16/2016

Updated: 1/4/2021

Risk Information

Risk Factor: High

VPR Score: 4.2

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:file, p-cpe:/a:oracle:vm:file-libs, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/13/2016

Vulnerability Publication Date: 7/17/2012

Reference Information

CVE: CVE-2012-1571, CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653

BID: 52225, 68348, 69325, 70807, 71692, 71700, 71715, 72516