Lucene search
OracleVM 3.2 : xen (OVMSA-2018-0225)
🗓️ 04 Jun 2018 00:00:00Reported by This script is Copyright (C) 2018-2025 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus🔗 www.tenable.com👁 32 Views
OracleVM 3.2 xen system missing critical security updates to address multiple CVEs identified by Jan Beulic
Show more
| Reporter | Title | Published | Views | Family All 119 |
|---|---|---|---|---|
| Debian DSA-4112-1 : xen - security update | 15 Feb 201800:00 | – | nessus |
| Fedora 27 : xen (2017-5945560816) | 15 Jan 201800:00 | – | nessus |
| Citrix XenServer Multiple Vulnerabilities (CTX232096) | 6 Apr 201800:00 | – | nessus |
| Debian DLA-1230-1 : xen security update | 8 Jan 201800:00 | – | nessus |
| OracleVM 3.3 : xen (OVMSA-2018-0224) (Meltdown) (Spectre) | 25 May 201800:00 | – | nessus |
| Citrix XenServer Multiple Vulnerabilities (CTX231390) (Meltdown)(Spectre) | 5 Jan 201800:00 | – | nessus |
| Fedora 26 : xen (2017-16a414b3c5) | 3 Jan 201800:00 | – | nessus |
| OracleVM 3.4 : xen (OVMSA-2018-0039) | 3 May 201800:00 | – | nessus |
| SUSE SLES12 Security Update : xen (SUSE-SU-2018:0601-1) (Meltdown) (Spectre) | 6 Mar 201800:00 | – | nessus |
| SUSE SLES11 Security Update : xen (SUSE-SU-2018:0638-1) (Meltdown) (Spectre) | 9 Mar 201800:00 | – | nessus |
10
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2018-0225.
#
include('compat.inc');
if (description)
{
script_id(110305);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/04/01");
script_cve_id(
"CVE-2017-17563",
"CVE-2017-17564",
"CVE-2017-17565",
"CVE-2017-17566"
);
script_name(english:"OracleVM 3.2 : xen (OVMSA-2018-0225)");
script_set_attribute(attribute:"synopsis", value:
"The remote OracleVM host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :
- From: Jan Beulich Subject: x86/paging: don't
unconditionally BUG on finding SHARED_M2P_ENTRY PV
guests can fully control the values written into the
P2M. This is XSA-251. (CVE-2017-17565)
- From: Jan Beulich Subject: x86/shadow: fix ref-counting
error handling The old-Linux handling in shadow_set_l4e
mistakenly ORed together the results of sh_get_ref and
sh_pin. As the latter failing is not a correctness
problem, simply ignore its return value. In
sh_set_toplevel_shadow a failing sh_get_ref must not be
accompanied by installing the entry, despite the domain
being crashed. This is XSA-250. (CVE-2017-17564)
- From: Jan Beulich Subject: x86/shadow: fix refcount
overflow check Commit c385d27079 ('x86 shadow: for
multi-page shadows, explicitly track the first page')
reduced the refcount width to 25, without adjusting the
overflow check. Eliminate the disconnect by using a
manifest constant. Interestingly, up to commit
047782fa01 ('Out-of-sync L1 shadows: OOS snapshot') the
refcount was 27 bits wide, yet the check was already
using 26. This is XSA-249. v2: Simplify expression back
to the style it was. (CVE-2017-17563)
- From: Jan Beulich Subject: x86/mm: don't wrongly set
page ownership PV domains can obtain mappings of any
pages owned by the correct domain, including ones that
aren't actually assigned as 'normal' RAM, but used by
Xen internally. At the moment such 'internal' pages
marked as owned by a guest include pages used to track
logdirty bits, as well as p2m pages and the 'unpaged
pagetable' for HVM guests. Since the PV memory
management and shadow code conflict in their use of
struct page_info fields, and since shadow code is being
used for log-dirty handling for PV domains, pages coming
from the shadow pool must, for PV domains, not have the
domain set as their owner. While the change could be
done conditionally for just the PV case in shadow code,
do it unconditionally (and for consistency also for
HAP), just to be on the safe side. There's one special
case though for shadow code: The page table used for
running a HVM guest in unpaged mode is subject to
get_page (in set_shadow_status) and hence must have its
owner set. This is XSA-248.
Conflict: xen/arch/x86/mm/hap/hap.c
xen/arch/x86/mm/shadow/common.c (CVE-2017-17566)");
script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2018-June/000860.html");
script_set_attribute(attribute:"solution", value:
"Update the affected xen / xen-devel / xen-tools packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-17566");
script_set_attribute(attribute:"cvss3_score_rationale", value:"Scoring adjustsed to align with CVSS 3.1 attack complexity guidance.");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/12");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"OracleVM Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"OVS3.2", reference:"xen-4.1.3-25.el5.223.170")) flag++;
if (rpm_check(release:"OVS3.2", reference:"xen-devel-4.1.3-25.el5.223.170")) flag++;
if (rpm_check(release:"OVS3.2", reference:"xen-tools-4.1.3-25.el5.223.170")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-devel / xen-tools");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo04 Jun 2018 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS26.9
CVSS37.8
EPSS0.00067