OracleVM 3.4 : microcode_ctl (OVMSA-2018-0011) (Spectre)

2018-01-1800:00:00

www.tenable.com

JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

Enable early microcode load to allow updating Broadwell model 79
Make sure ‘modprobe microcode’ is not executed on Broadwell model 79
Run dracut upon microcode update
Add updated Intel 20180108 microcode for CPUIDs:
(CVE-2017-5715) 306c3 (06-3c-03 rev 0x23, Haswell) 306d4 (06-3d-04 rev 0x28, Broadwell) 306f2 (06-3f-02 rev 0x3b, Haswell) 306f4 (06-3f-04 rev 0x10, Haswell) 306e4 (06-3e-04 rev 0x42a, Ivy Bridge) 40651 (06-45-01 rev 0x21, Haswell) 40661 (06-46-01 rev 0x18, Haswell) 40671 (06-47-01 rev 0x1b, Broadwell) 406e3 (06-4e-03 rev 0xc2, Skylake) 406f1 (06-4f-01 rev 0xb000025, Broadwell) 50654 (06-55-04 rev 0x200003c, Skylake) 50662 (06-56-02 rev 0x14, Broadwell) 50663 (06-56-03 rev 0x7000011, Broadwell) 506e3 (06-5e-03 rev 0xc2, Skylake) 706a1 (06-7a-01 rev 0x22) 806e9 (06-8e-09 rev 0x80, Kaby Lake) 806ea (06-8e-0a rev 0x80) 906e9 (06-9e-09 rev 0x80, Kaby Lake) 906ea (06-9e-0a rev 0x80) 906eb (06-9e-0b rev 0x80)
Use right upstream source for revert
Resolves: #1533978
Revert Microcode from Intel and AMD for Side Channel attack
Resolves: #1533978

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2018-0011.
#

include("compat.inc");

if (description)
{
  script_id(106121);
  script_version("3.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/15");

  script_cve_id("CVE-2017-5715");
  script_xref(name:"IAVA", value:"2018-A-0020");

  script_name(english:"OracleVM 3.4 : microcode_ctl (OVMSA-2018-0011) (Spectre)");
  script_summary(english:"Checks the RPM output for the updated package.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote OracleVM host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - Enable early microcode load to allow updating Broadwell
    model 79

  - Make sure 'modprobe microcode' is not executed on
    Broadwell model 79

  - Run dracut upon microcode update

  - Add updated Intel 20180108 microcode for CPUIDs:
    (CVE-2017-5715) 306c3 (06-3c-03 rev 0x23, Haswell) 
    306d4 (06-3d-04 rev 0x28, Broadwell)  306f2 (06-3f-02
    rev 0x3b, Haswell)  306f4 (06-3f-04 rev 0x10, Haswell) 
    306e4 (06-3e-04 rev 0x42a, Ivy Bridge)  40651 (06-45-01
    rev 0x21, Haswell)  40661 (06-46-01 rev 0x18, Haswell) 
    40671 (06-47-01 rev 0x1b, Broadwell)  406e3 (06-4e-03
    rev 0xc2, Skylake)  406f1 (06-4f-01 rev 0xb000025,
    Broadwell)  50654 (06-55-04 rev 0x200003c, Skylake) 
    50662 (06-56-02 rev 0x14, Broadwell)  50663 (06-56-03
    rev 0x7000011, Broadwell)  506e3 (06-5e-03 rev 0xc2,
    Skylake)  706a1 (06-7a-01 rev 0x22)  806e9 (06-8e-09 rev
    0x80, Kaby Lake)  806ea (06-8e-0a rev 0x80)  906e9
    (06-9e-09 rev 0x80, Kaby Lake) 906ea (06-9e-0a rev
    0x80)  906eb (06-9e-0b rev 0x80)

  - Use right upstream source for revert

  - Resolves: #1533978

  - Revert Microcode from Intel and AMD for Side Channel
    attack

  - Resolves: #1533978"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000821.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0b7e3546"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected microcode_ctl package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:microcode_ctl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/18");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.4", reference:"microcode_ctl-1.17-25.4.0.1.el6_9")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "microcode_ctl");
}

VendorProductVersionCPE
oraclevmmicrocode_ctlp-cpe:/a:oracle:vm:microcode_ctl
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4

Vendor	Product	Version	CPE
oracle	vm	microcode_ctl	p-cpe:/a:oracle:vm:microcode_ctl
oracle	vm_server	3.4	cpe:/o:oracle:vm_server:3.4

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715

www.nessus.org/u?0b7e3546

JSON

Related for ORACLEVM_OVMSA-2018-0011.NASL