Lucene search

K
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2016-0174.NASL
HistoryDec 08, 2016 - 12:00 a.m.

OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0174)

2016-12-0800:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.736

Percentile

98.1%

The remote OracleVM system is missing necessary patches to address critical security updates :

  • ocfs2: fix trans extend while free cached blocks (Junxiao Bi)

  • ocfs2: fix trans extend while flush truncate log (Junxiao Bi)

  • ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (Xue jiufei) [Orabug: 25136991]

  • mpi: Fix NULL ptr dereference in mpi_powm [ver #3] (Andrey Ryabinin) [Orabug: 25154096] (CVE-2016-8650) (CVE-2016-8650)

  • mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25159035]

  • NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25144380]

  • sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142868] (CVE-2016-9555)

  • rebuild bumping release

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2016-0174.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(95621);
  script_version("3.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2016-8650", "CVE-2016-9555");

  script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0174)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - ocfs2: fix trans extend while free cached blocks
    (Junxiao Bi) 

  - ocfs2: fix trans extend while flush truncate log
    (Junxiao Bi) 

  - ocfs2: extend enough credits for freeing one truncate
    record while replaying truncate records (Xue jiufei)
    [Orabug: 25136991]

  - mpi: Fix NULL ptr dereference in mpi_powm [ver #3]
    (Andrey Ryabinin) [Orabug: 25154096] (CVE-2016-8650)
    (CVE-2016-8650)

  - mlx4: avoid multiple free on id_map_ent (Wengang Wang)
    [Orabug: 25159035]

  - NVMe: reduce queue depth as workaround for Samsung EPIC
    SQ errata (Ashok Vairavan) [Orabug: 25144380]

  - sctp: validate chunk len before actually using it
    (Marcelo Ricardo Leitner) [Orabug: 25142868]
    (CVE-2016-9555)

  - rebuild bumping release"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2016-December/000601.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e63f9df4"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel-uek / kernel-uek-firmware packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/08");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-61.1.22.el6uek")) flag++;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-61.1.22.el6uek")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
}
VendorProductVersionCPE
oraclevmkernel-uekp-cpe:/a:oracle:vm:kernel-uek
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4
oraclevmkernel-uek-firmwarep-cpe:/a:oracle:vm:kernel-uek-firmware

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.736

Percentile

98.1%