Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2017-0143.NASL
HistoryAug 18, 2017 - 12:00 a.m.

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0143)

2017-08-1800:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.6%

JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

  • dentry name snapshots (Al Viro) [Orabug: 26630936] (CVE-2017-7533)

  • scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin)

  • mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug:
    26621191]

  • KEYS: Disallow keyrings beginning with ‘.’ to be joined as session keyrings (David Howells) [Orabug: 26621179] (CVE-2016-9604) (CVE-2016-9604)

  • l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip[,6]_bind (Guillaume Nault) [Orabug: 26621176] (CVE-2016-10200)

  • mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26621171] (CVE-2016-6213) (CVE-2016-6213)

  • ipv6: fix out of bound writes in __ip6_append_data (Eric Dumazet) [Orabug: 26621163] (CVE-2017-9242)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2017-0143.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(102573);
  script_version("3.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2016-10200", "CVE-2016-6213", "CVE-2016-9604", "CVE-2017-7533", "CVE-2017-9242");

  script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0143)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - dentry name snapshots (Al Viro) [Orabug: 26630936]
    (CVE-2017-7533)

  - scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle
    Fortin) 

  - mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug:
    26621191]

  - KEYS: Disallow keyrings beginning with '.' to be joined
    as session keyrings (David Howells) [Orabug: 26621179]
    (CVE-2016-9604) (CVE-2016-9604)

  - l2tp: fix racy SOCK_ZAPPED flag check in
    l2tp_ip[,6]_bind (Guillaume Nault) [Orabug: 26621176]
    (CVE-2016-10200)

  - mnt: Add a per mount namespace limit on the number of
    mounts (Eric W. Biederman) [Orabug: 26621171]
    (CVE-2016-6213) (CVE-2016-6213)

  - ipv6: fix out of bound writes in __ip6_append_data (Eric
    Dumazet) [Orabug: 26621163] (CVE-2017-9242)"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2017-August/000757.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?57ec0abd"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel-uek / kernel-uek-firmware packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-94.5.9.el6uek")) flag++;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-94.5.9.el6uek")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
}
VendorProductVersionCPE
oraclevmkernel-uekp-cpe:/a:oracle:vm:kernel-uek
oraclevmkernel-uek-firmwarep-cpe:/a:oracle:vm:kernel-uek-firmware
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4

Related

nessus 58
oraclelinux 6
avleonov 1
openvas 38
suse 34
android 1
veracode 5
cve 5
nvd 5
debiancve 5
redhatcve 5
f5 1
prion 5
cvelist 5
ubuntucve 5
zdt 1
redhat 6
fedora 3
virtuozzo 4
centos 1
exploitpack 1
ubuntu 2
exploitdb 1
photon 1
nessus
nessus
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3605)
2017-08-18 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3606)
2017-08-21 00:00:00
Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3607)
2017-08-21 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2017-08-17 00:00:00
Unbreakable Enterprise kernel security update
2017-08-18 00:00:00
Unbreakable Enterprise kernel security update
2017-08-18 00:00:00
avleonov
avleonov
Vulners NASL Plugin Feeds for OpenVAS 9
2017-10-04 17:57:22
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:2102-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2098-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2094-1)
2021-04-19 00:00:00
suse
suse
Security update for Linux Kernel Live Patch 15 for SLE 12 SP1 (important)
2017-08-08 15:13:09
Security update for Linux Kernel Live Patch 16 for SLE 12 SP1 (important)
2017-08-08 15:09:41
Security update for Linux Kernel Live Patch 23 for SLE 12 (important)
2017-08-08 18:09:40
android
android
CVE-2016-10200
2017-03-01 00:00:00
veracode
veracode
Use-After-Free
2019-05-02 06:36:11
Signature Verification Bypass
2019-05-02 06:36:12
Denial Of Service (DoS)
2019-05-02 06:36:11
cve
cve
CVE-2016-10200
2017-03-07 21:59:00
CVE-2016-6213
2016-12-28 07:59:00
CVE-2016-9604
2018-07-11 13:29:00
nvd
nvd
CVE-2016-10200
2017-03-07 21:59:00
CVE-2016-6213
2016-12-28 07:59:00
CVE-2016-9604
2018-07-11 13:29:00
debiancve
debiancve
CVE-2016-10200
2017-03-07 21:59:00
CVE-2016-9604
2018-07-11 13:29:00
CVE-2016-6213
2016-12-28 07:59:00
redhatcve
redhatcve
CVE-2016-10200
2019-10-19 12:27:41
CVE-2016-9604
2017-04-28 11:18:12
CVE-2016-6213
2016-07-14 08:18:51
f5
f5
K68852819 : Linux kernel vulnerability CVE-2016-10200
2017-05-02 00:00:00
prion
prion
Race condition
2017-03-07 21:59:00
Design/Logic Flaw
2018-07-11 13:29:00
Code injection
2016-12-28 07:59:00
cvelist
cvelist
CVE-2016-10200
2017-03-07 21:00:00
CVE-2016-6213
2016-12-28 07:42:00
CVE-2016-9604
2018-07-11 13:00:00
ubuntucve
ubuntucve
CVE-2016-10200
2017-03-07 00:00:00
CVE-2016-6213
2016-07-14 00:00:00
CVE-2016-9604
2016-12-31 00:00:00
zdt
zdt
Linux Kernel < 3.16.39 (Debian 8 x64) - inotfiy Local Privilege Escalation Exploit
2018-03-20 00:00:00
redhat
redhat
(RHSA-2017:2473) Important: kernel security and bug fix update
2017-08-15 10:14:18
(RHSA-2017:2770) Important: kernel security and bug fix update
2017-09-19 15:39:59
(RHSA-2017:2869) Important: kernel security and bug fix update
2017-10-10 12:15:50
fedora
fedora
[SECURITY] Fedora 26 Update: kernel-4.12.5-300.fc26
2017-08-14 21:54:42
[SECURITY] Fedora 25 Update: kernel-4.10.13-200.fc25
2017-05-02 02:04:32
[SECURITY] Fedora 24 Update: kernel-4.10.13-100.fc24
2017-05-04 18:27:06
virtuozzo
virtuozzo
Kernel security update: CVE-2017-7533; Virtuozzo ReadyKernel patch 28.0 for Virtuozzo 7.0.x
2017-08-10 00:00:00
Kernel security update: CVE-2017-9242 and other; Virtuozzo ReadyKernel patch 30.3 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3
2017-09-06 00:00:00
Kernel security update: CVE-2017-9242 and other; Virtuozzo ReadyKernel patch 30.3 for Virtuozzo 7.0.5
2017-09-06 00:00:00
centos
centos
kernel, perf, python security update
2017-08-24 09:44:03
exploitpack
exploitpack
Linux Kernel 3.16.39 (Debian 8 x64) - inotfiy Local Privilege Escalation
2017-10-16 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2016-12-20 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2016-12-20 00:00:00
exploitdb
exploitdb
Linux Kernel &lt; 3.16.39 (Debian 8 x64) - &#039;inotfiy&#039; Local Privilege Escalation
2017-10-16 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2017-0040
2017-05-08 00:00:00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.6%

JSON
Related for ORACLEVM_OVMSA-2017-0143.NASL
nessus58oraclelinux6avleonov1openvas38suse34android1veracode5cve5nvd5debiancve5redhatcve5f51prion5cvelist5ubuntucve5zdt1redhat6fedora3virtuozzo4centos1exploitpack1ubuntu2exploitdb1photon1