The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory.

    [2.17-326.0.9.3]
    - Forward-port Oracle patches to 2.17-326.3         Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>       Oracle history:
      June-22-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.9
      - OraBug 35517820 Reworked previous patch for OraBug 35318841 and removed         free() of stack allocations.
        Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>       June-20-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.7
      - OraBug 35517820 Do not allocate heap memory in __nptl_tunables_init.
      - This issue was introduced and fixed in patch related to OraBug 35318841.
        Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>       April-21-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.5
      - OraBug 35318841 Glibc tunable to disable huge pages on pthread_create stacks         Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>       December-19-2022 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.3
      - OraBug 34909902 vDSO timer functions support on i686         Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>       May-18-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-326.0.1
      - Forward-port Oracle patches to 2.17-326.
        Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>       April-26-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.3
      - OraBug 33968985 Security Patches         This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999         Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>       October-12-2021 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.1
      - Merge el7 u9 errata4 patch with Oracle patches         Review-exception: Simple merge
      - Merge el7 u9 errata patches with Oracle patches         Review-exception: Simple merge
      - Adding three arm specific patches to allow glibc x86 tree to be used for
      - ILOM and other arm builds         Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>
      - Merge el7 u8 patches with Oracle patches         Review-exception: Simple merge
      - Adding Mike Fabian's C.utf-8 patch (C.utf-8 is a unicode-aware version         of the C locale)         Orabug 29784239.
        Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>
      - Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch
      - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile         Both should test           if ((stream->_flags & _IO_USER_LOCK) == 0)
            _IO_lock_lock (*stream->_lock);
        OraBug 28481550.
        Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>
      - Modify glibc-ora28849085.patch so it works with RHCK kernels.
        Orabug 28849085.
      - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com>
      - Use NLM_F_SKIP_STATS in uek2 and RTEXT_FILTER_SKIP_STATS in uek4 in getifaddrs.
      - Orabug 28849085
      - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com>
      - Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984.
      - Orabug 25558067.
      - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com>
      - Regenerate plural.c
      - OraBug 28806294.
      - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>
      - intl: Port to Bison 3.0
      - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9
      - OraBug 28806294.
      - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com>
      - Fix dbl-64/wordsize-64 remquo (bug 17569).
      - Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae
      - OraBug 19570749.
      - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>
      - libio: Disable vtable validation in case of interposition.
      - Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0.
      - OraBug 28641867.
      - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com>
      - Include-linux-falloc.h-in-bits-fcntl-linux.h
      - Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE,         FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE
      - OraBug 28483336
      - Add MAP_SHARED_VALIDATE and MAP_SYNC flags to
      - sysdeps/unix/sysv/linux/x86/bits/mman.h
      - OraBug 28389572
      - Update bits/siginfo.h with Linux hwpoison SIGBUS changes.
      - Adds new SIGBUS error codes for hardware poison signals, syncing with         the current kernel headers (v3.9).
      - It also adds si_trapno field for alpha.
      - New values: BUS_MCEERR_AR, BUS_MCEERR_AO
      - OraBug 28124569

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 6.5.6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6.5 advisory.

  - Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote     attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the     KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the     protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG     records. (CVE-2023-50387)

  - The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to     it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to     crash an application or overwrite a neighbouring variable. (CVE-2024-2961)

  - nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size     cache is exhausted by client requests then a subsequent client request for netgroup data may result in a     stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This     vulnerability is only present in the nscd binary. (CVE-2024-33599)

  - nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails     to add a not-found netgroup response to the cache, the client request can result in a null pointer     dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability     is only present in the nscd binary. (CVE-2024-33600)

  - nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's     (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a     memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in     glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
    (CVE-2024-33601)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.101026 advisory.

  - A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in     ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. (CVE-2021-39263)

  - EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers     option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain     unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
    (CVE-2023-45234)

  - Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote     attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the     KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the     protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG     records. (CVE-2023-50387)

  - The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped)     allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC     responses in a random subdomain attack, aka the NSEC3 issue. The RFC 5155 specification implies that an     algorithm must perform thousands of iterations of a hash function in certain situations. (CVE-2023-50868)

  - close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. (CVE-2022-48624)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.102001 advisory.

  - squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different     vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link     and then contents under the same filename in a filesystem can cause unsquashfs to first create the     symbolic link pointing outside the expected directory, and then the subsequent write operation will cause     the unsquashfs process to write through the symbolic link elsewhere in the filesystem. (CVE-2021-41072)

  - linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login     process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. (CVE-2024-22365)

  - An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7,     3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks     during cleanup of permissions-related errors. This means users which can run privileged programs are     potentially able to modify permissions of files referenced by symlinks in some circumstances.
    (CVE-2023-6597)

  - An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and     3.8.18 and prior. The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the zip     format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile     module reject zip archives which overlap entries in the archive. (CVE-2024-0450)

  - The DNS message parsing code in `named` includes a section whose computational complexity is overly high.
    It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive     CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative     servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through     9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1     through 9.18.21-S1. (CVE-2023-4408)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
200741	Oracle Linux 7 : glibc (ELSA-2024-12444)	Nessus	Oracle Linux Local Security Checks	6/19/2024	3/27/2025	high
204958	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6.5)	Nessus	Misc.	8/1/2024	2/17/2025	high
206824	Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.101026)	Nessus	Misc.	9/9/2024	2/19/2025	medium
208276	Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.102001)	Nessus	Misc.	10/8/2024	2/20/2025	medium

Detections

Analytics

Plugins Search

high

high

medium

medium