OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0138)

High Nessus Plugin ID 93907

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24803597] (CVE-2016-5829)

- ocfs2: Fix start offset to ocfs2_zero_range_for_truncate (Ashish Samant) [Orabug: 24790230]

- ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree (Ashish Samant) [Orabug:
24691860]

- megaraid_sas: Don't issue kill adapter for MFI controllers in case of PD list DCMD failure (Sumit Saxena) [Orabug: 24506797]

- netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug:
24691226] (CVE-2016-3134)

- netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug:
24691226] (CVE-2016-3134)

- netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug:
24691226] (CVE-2016-3134)

- netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

- netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24691226] (CVE-2016-3134)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?44da5715

Plugin Details

Severity: High

ID: 93907

File Name: oraclevm_OVMSA-2016-0138.nasl

Version: 2.5

Type: local

Published: 2016/10/07

Updated: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.4

Temporal Score: 7.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/10/06

Reference Information

CVE: CVE-2016-3134, CVE-2016-5829