OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0056)

High Nessus Plugin ID 99162

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug:
25790387] (CVE-2016-9644)

- Revert 'fix minor infoleak in get_user_ex' (Brian Maly) [Orabug: 25790387] (CVE-2016-9644)

- x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] (CVE-2016-9644)

- rebuild bumping release

- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] (CVE-2016-8399) (CVE-2016-8399)

- sg_write/bsg_write is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] (CVE-2016-10088)

- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] (CVE-2017-7187)

- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] (CVE-2017-2636)

- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] (CVE-2017-2636)

- If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel)

- PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783]

- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] (CVE-2016-8633)

- usbnet: cleanup after bind in probe (Oliver Neukum) [Orabug: 25463898] (CVE-2016-3951)

- cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bj&oslash rn Mork) [Orabug: 25463898] (CVE-2016-3951)

- cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] (CVE-2016-3951)

- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] (CVE-2016-3672)

- kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] (CVE-2017-2596)

- crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] (CVE-2016-10147)

- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] (CVE-2016-9588)

- KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Kr&#x10D m&aacute &#x159 ) [Orabug:
25507213] (CVE-2016-9756)

- tcp: take care of truncations done by sk_filter (Eric Dumazet) [Orabug: 25507226] (CVE-2016-8645)

- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] (CVE-2016-8645)

- tipc: check minimum bearer MTU (Michal Kube&#x10D ek) [Orabug: 25507239] (CVE-2016-8632) (CVE-2016-8632)

- fix minor infoleak in get_user_ex (Al Viro) [Orabug:
25507269] (CVE-2016-9178)

- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] (CVE-2016-7425)

- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer (Dan Carpenter) [Orabug: 25507319] (CVE-2016-7425)

- tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] (CVE-2016-7097) (CVE-2016-7097)

- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] (CVE-2016-7097) (CVE-2016-7097)

- ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] (CVE-2015-8952)

- ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] (CVE-2015-8952)

- mbcache2: reimplement mbcache (Jan Kara) [Orabug:
25512366] (CVE-2015-8952)

- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] (CVE-2016-3140)

- net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet) [Orabug: 25682419] (CVE-2017-6345)

- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen)

- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] (CVE-2017-5970)

- perf/core: Fix concurrent sys_perf_event_open vs.
'move_group' race (Peter Zijlstra) [Orabug: 25698751] (CVE-2017-6001)

- ip6_gre: fix ip6gre_err invalid reads (Eric Dumazet) [Orabug: 25699015] (CVE-2017-5897)

- mpt3sas: Don't spam logs if logging level is 0 (Johannes Thumshirn)

- xen-netfront: cast grant table reference first to type int (Dongli Zhang)

- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?32b057e2

Plugin Details

Severity: High

ID: 99162

File Name: oraclevm_OVMSA-2017-0056.nasl

Version: 3.3

Type: local

Published: 2017/04/03

Updated: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/04/01

Reference Information

CVE: CVE-2015-8952, CVE-2016-10088, CVE-2016-10147, CVE-2016-3140, CVE-2016-3672, CVE-2016-3951, CVE-2016-7097, CVE-2016-7425, CVE-2016-8399, CVE-2016-8632, CVE-2016-8633, CVE-2016-8645, CVE-2016-9178, CVE-2016-9588, CVE-2016-9644, CVE-2016-9756, CVE-2017-2596, CVE-2017-2636, CVE-2017-5897, CVE-2017-5970, CVE-2017-6001, CVE-2017-6345, CVE-2017-7187