Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2019-0007.NASL
HistoryFeb 11, 2019 - 12:00 a.m.

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0007) (Spectre)

2019-02-1100:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
45
JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

  • x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (Tom Lendacky) [Orabug: 28870524] (CVE-2018-3639)

  • x86/bugs: Add AMD’s SPEC_CTRL MSR usage (Konrad Rzeszutek Wilk) [Orabug: 28870524] (CVE-2018-3639)

  • x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to X86_FEATURE_LS_CFG_SSBD (Mihai Carabas) [Orabug:
    28870524] (CVE-2018-3639)

  • Make file credentials available to the seqfile interfaces (Linus Torvalds) [Orabug: 29114879] (CVE-2018-17972)

  • proc: restrict kernel stack dumps to root (Jann Horn) [Orabug: 29114879] (CVE-2018-17972)

  • x86/speculation: Clean up retpoline code in bugs.c (Alejandro Jimenez) [Orabug: 29211617]

  • x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (WANG Chao) [Orabug: 29211617]

  • x86/build: Fix compiler support check for CONFIG_RETPOLINE (Masahiro Yamada) [Orabug: 29211617]

  • x86/retpoline: Remove minimal retpoline support (Zhenzhong Duan) [Orabug: 29211617]

  • x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (Zhenzhong Duan) [Orabug: 29211617]

  • nl80211: check for the required netlink attributes presence (Vladis Dronov) [Orabug: 29245533] (CVE-2017-12153) (CVE-2017-12153)

  • scsi: lpfc: Fix PT2PT PRLI reject (reapply patch) (James Smart) [Orabug: 29281346]

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2019-0007.
#

include("compat.inc");

if (description)
{
  script_id(122087);
  script_version("1.4");
  script_cvs_date("Date: 2020/02/12");

  script_cve_id("CVE-2017-12153", "CVE-2018-17972", "CVE-2018-3639");

  script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0007) (Spectre)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
    (Tom Lendacky) [Orabug: 28870524] (CVE-2018-3639)

  - x86/bugs: Add AMD's SPEC_CTRL MSR usage (Konrad
    Rzeszutek Wilk) [Orabug: 28870524] (CVE-2018-3639)

  - x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to
    X86_FEATURE_LS_CFG_SSBD (Mihai Carabas) [Orabug:
    28870524] (CVE-2018-3639)

  - Make file credentials available to the seqfile
    interfaces (Linus Torvalds) [Orabug: 29114879]
    (CVE-2018-17972)

  - proc: restrict kernel stack dumps to root (Jann Horn)
    [Orabug: 29114879] (CVE-2018-17972)

  - x86/speculation: Clean up retpoline code in bugs.c
    (Alejandro Jimenez) [Orabug: 29211617]

  - x86, modpost: Replace last remnants of RETPOLINE with
    CONFIG_RETPOLINE (WANG Chao) [Orabug: 29211617]

  - x86/build: Fix compiler support check for
    CONFIG_RETPOLINE (Masahiro Yamada) [Orabug: 29211617]

  - x86/retpoline: Remove minimal retpoline support
    (Zhenzhong Duan) [Orabug: 29211617]

  - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler
    support (Zhenzhong Duan) [Orabug: 29211617]

  - nl80211: check for the required netlink attributes
    presence (Vladis Dronov) [Orabug: 29245533]
    (CVE-2017-12153) (CVE-2017-12153)

  - scsi: lpfc: Fix PT2PT PRLI reject (reapply patch) (James
    Smart) [Orabug: 29281346]"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2019-February/000928.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?66ac1732"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel-uek / kernel-uek-firmware packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3639");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/11");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-124.25.1.el6uek")) flag++;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-124.25.1.el6uek")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
}
VendorProductVersionCPE
oraclevmkernel-uekp-cpe:/a:oracle:vm:kernel-uek
oraclevmkernel-uek-firmwarep-cpe:/a:oracle:vm:kernel-uek-firmware
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4

Related

nessus 87
oraclelinux 9
prion 2
ubuntucve 2
cve 2
redhatcve 2
debiancve 3
fedora 11
openvas 24
veracode 1
f5 2
googleprojectzero 1
amazon 4
osv 1
suse 4
zdt 1
ibm 6
photon 1
kaspersky 1
centos 5
redhat 24
citrix 1
mageia 1
debian 1
virtuozzo 1
almalinux 1
threatpost 1
nessus
nessus
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4531)
2019-02-07 00:00:00
Fedora 28 : kernel / kernel-headers / kernel-tools (2018-9f4381d8c4)
2019-01-03 00:00:00
Fedora 27 : kernel / kernel-headers / kernel-tools (2018-2ee3411cb8)
2018-10-17 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-02-06 00:00:00
libvirt security and bug fix update
2018-06-27 00:00:00
kernel security and bug fix update
2018-05-22 00:00:00
prion
prion
Null pointer dereference
2017-09-21 15:29:00
Stack overflow
2018-10-03 22:29:00
ubuntucve
ubuntucve
CVE-2017-12153
2017-09-21 00:00:00
CVE-2018-17972
2018-10-03 00:00:00
cve
cve
CVE-2017-12153
2017-09-21 15:29:00
CVE-2018-17972
2018-10-03 22:29:00
redhatcve
redhatcve
CVE-2017-12153
2017-09-12 23:18:34
CVE-2018-17972
2020-04-08 22:15:56
debiancve
debiancve
CVE-2017-12153
2017-09-21 15:29:00
CVE-2018-17972
2018-10-03 22:29:00
CVE-2018-3639
2018-05-22 12:29:00
fedora
fedora
[SECURITY] Fedora 29 Update: kernel-4.18.13-300.fc29
2018-10-30 17:45:14
[SECURITY] Fedora 29 Update: kernel-tools-4.18.13-300.fc29
2018-10-30 17:45:14
[SECURITY] Fedora 29 Update: kernel-headers-4.18.13-300.fc29
2018-10-30 17:45:14
openvas
openvas
Fedora Update for kernel-headers FEDORA-2018-ec3bf1b228
2019-05-07 00:00:00
Fedora Update for kernel FEDORA-2018-ec3bf1b228
2019-05-07 00:00:00
Fedora Update for kernel-tools FEDORA-2018-ec3bf1b228
2019-05-07 00:00:00
veracode
veracode
Information Disclosure
2019-05-16 03:58:18
f5
f5
K27673650 : Linux kernel vulnerability CVE-2018-17972
2019-02-12 00:00:00
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
2018-07-10 00:00:00
googleprojectzero
googleprojectzero
Mitigations are attack surface, too
2020-02-12 00:00:00
amazon
amazon
Important: kernel
2018-11-05 19:47:00
Important: java-1.8.0-openjdk
2018-06-08 18:10:00
Important: java-1.7.0-openjdk
2018-06-08 18:05:00
osv
osv
xen - security update
2018-05-25 00:00:00
suse
suse
Security update for libvirt (important)
2018-06-09 15:07:56
Security update for libvirt (moderate)
2018-08-13 12:07:25
Security update for qemu (important)
2018-05-23 15:07:21
zdt
zdt
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit
2018-05-23 00:00:00
ibm
ibm
Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4.
2018-08-17 23:06:03
Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as SpectreNG (CVE-2018-3639)
2018-08-08 04:13:55
Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.
2019-10-18 03:36:34
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0151
2018-06-22 00:00:00
kaspersky
kaspersky
KLA11893 Microsoft Advisory for Microsoft Products (ESU)
2018-05-21 00:00:00
centos
centos
java security update
2018-05-22 18:16:51
qemu security update
2018-07-03 18:54:02
java security update
2018-05-22 15:32:03
redhat
redhat
(RHSA-2018:2006) Important: libvirt security and bug fix update
2018-06-26 15:04:16
(RHSA-2018:1738) Important: kernel security, bug fix, and enhancement update
2018-05-29 20:17:42
(RHSA-2018:1638) Important: kernel security update
2018-05-29 13:59:32
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
mageia
mageia
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
debian
debian
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1; Virtuozzo 6.0 Update 12 Hotfix 25 (6.0.12-3705)
2018-05-23 00:00:00
almalinux
almalinux
java-1.8.0-openjdk bug fix and enhancement update
2021-01-21 10:00:00
threatpost
threatpost
Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4
2018-05-24 15:18:03
JSON
Related for ORACLEVM_OVMSA-2019-0007.NASL
nessus87oraclelinux9prion2ubuntucve2cve2redhatcve2debiancve3fedora11openvas24veracode1f52googleprojectzero1amazon4osv1suse4zdt1ibm6photon1kaspersky1centos5redhat24citrix1mageia1debian1virtuozzo1almalinux1threatpost1