OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0058)

high Nessus Plugin ID 99164

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - RHEL: complement upstream workaround for CVE-2016-10142.
 (Quentin Casasnovas) [Orabug: 25765786] (CVE-2016-10142) (CVE-2016-10142)

 - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] (CVE-2016-8399)

 - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] (CVE-2016-10142)

 - sg_write/bsg_write is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] (CVE-2016-10088)

 - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] (CVE-2017-7187)

 - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] (CVE-2017-2636)

 - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] (CVE-2017-2636)

 - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] (CVE-2017-2636)

 - list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] (CVE-2017-2636)

 - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] (CVE-2016-8633)

 - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] (CVE-2016-3672)

 - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] (CVE-2016-3672)

 - sg_start_req: make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] (CVE-2015-5707)

 - tcp: take care of truncations done by sk_filter (Eric Dumazet) [Orabug: 25507232] (CVE-2016-8645)

 - rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] (CVE-2016-8645)

 - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer (Dan Carpenter) [Orabug: 25507330] (CVE-2016-7425)

 - x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] (CVE-2015-4700)

 - net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] (CVE-2016-4580)

 - USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] (CVE-2016-3140)

 - net/llc: avoid BUG_ON in skb_orphan (Eric Dumazet) [Orabug: 25682437] (CVE-2017-6345)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?243735fd

Plugin Details

Severity: High

ID: 99164

File Name: oraclevm_OVMSA-2017-0058.nasl

Version: 3.5

Type: local

Published: 4/3/2017

Updated: 1/4/2021

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/1/2017

Vulnerability Publication Date: 8/31/2015

Reference Information

CVE: CVE-2015-4700, CVE-2015-5707, CVE-2016-10088, CVE-2016-10142, CVE-2016-3140, CVE-2016-3672, CVE-2016-4580, CVE-2016-7425, CVE-2016-8399, CVE-2016-8633, CVE-2016-8645, CVE-2017-2636, CVE-2017-6345, CVE-2017-7187

BID: 75356