Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2019-0014.NASL
HistoryMay 06, 2019 - 12:00 a.m.

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0014)

2019-05-0600:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
74
JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

  • ib_core: initialize shpd field when allocating ‘struct ib_pd’ (Mukesh Kacker) [Orabug: 29384815]

  • Revert ‘x86/apic: Make arch_setup_hwirq NUMA node aware’ (Brian Maly) [Orabug: 29542185]

  • qlcnic: fix Tx descriptor corruption on 82xx devices (Shahed Shaikh) [Orabug: 27708787]

  • block: Fix a race between blk_cleanup_queue and timeout handling (Bart Van Assche) [Orabug: 29158186]

  • can: gw: ensure DLC boundaries after CAN frame modification (Oliver Hartkopp) [Orabug: 29215299] (CVE-2019-3701) (CVE-2019-3701)

  • CIFS: Enable encryption during session setup phase (Pavel Shilovsky) [Orabug: 29338239] (CVE-2018-1066)

  • ext4: clear i_data in ext4_inode_info when removing inline data (Theodore Ts’o) [Orabug: 29540709] (CVE-2018-10881) (CVE-2018-10881)

  • ext4: add more inode number paranoia checks (Theodore Ts’o) [Orabug: 29545566] (CVE-2018-10882) (CVE-2018-10882)

  • Revert ‘KVM: nVMX: Eliminate vmcs02 pool’ (Boris Ostrovsky) [Orabug: 29542029]

  • Revert ‘KVM: VMX: introduce alloc_loaded_vmcs’ (Boris Ostrovsky) [Orabug: 29542029]

  • Revert ‘KVM: VMX: make MSR bitmaps per-VCPU’ (Boris Ostrovsky) [Orabug: 29542029]

  • Revert ‘KVM: x86: pass host_initiated to functions that read MSRs’ (Boris Ostrovsky) [Orabug: 29542029]

  • Revert ‘KVM/x86: Add IBPB support’ (Boris Ostrovsky) [Orabug: 29542029]

  • Revert ‘KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - reloaded’ (Boris Ostrovsky) [Orabug: 29542029]

  • Revert ‘KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL’ (Boris Ostrovsky) [Orabug: 29542029]

  • Revert ‘KVM: SVM: Add MSR-based feature support for serializing LFENCE’ (Boris Ostrovsky) [Orabug: 29542029]

  • Revert ‘x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to X86_FEATURE_LS_CFG_SSBD’ (Boris Ostrovsky) [Orabug:
    29542029]

  • Revert ‘x86/bugs: Add AMD’s SPEC_CTRL MSR usage’ (Boris Ostrovsky) [Orabug: 29542029]

  • Revert ‘x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR’ (Boris Ostrovsky) [Orabug: 29542029]

  • arch: x86: remove unsued SET_IBPB from spec_ctrl.h (Mihai Carabas) [Orabug: 29336760]

  • x86: cpu: microcode: fix late loading SpectreV2 bugs eval (Mihai Carabas) [Orabug: 29336760]

  • x86: cpu: microcode: fix late loading SSBD and L1TF bugs eval (Mihai Carabas) [Orabug: 29336760]

  • x86: cpu: microcode: Re-evaluate bugs in a CPU after microcode loading (Mihai Carabas) [Orabug: 29336760]

  • x86: cpu: microcode: update flags for all cpus (Mihai Carabas) [Orabug: 29336760]

  • x86/apic: Make arch_setup_hwirq NUMA node aware (Henry Willard) [Orabug: 29292411]

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2019-0014.
#

include("compat.inc");

if (description)
{
  script_id(124637);
  script_version("1.3");
  script_cvs_date("Date: 2020/01/21");

  script_cve_id("CVE-2018-1066", "CVE-2018-10881", "CVE-2018-10882", "CVE-2019-3701");

  script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0014)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - ib_core: initialize shpd field when allocating 'struct
    ib_pd' (Mukesh Kacker) [Orabug: 29384815]

  - Revert 'x86/apic: Make arch_setup_hwirq NUMA node aware'
    (Brian Maly) [Orabug: 29542185]

  - qlcnic: fix Tx descriptor corruption on 82xx devices
    (Shahed Shaikh) [Orabug: 27708787]

  - block: Fix a race between blk_cleanup_queue and timeout
    handling (Bart Van Assche) [Orabug: 29158186]

  - can: gw: ensure DLC boundaries after CAN frame
    modification (Oliver Hartkopp) [Orabug: 29215299]
    (CVE-2019-3701) (CVE-2019-3701)

  - CIFS: Enable encryption during session setup phase
    (Pavel Shilovsky) [Orabug: 29338239] (CVE-2018-1066)

  - ext4: clear i_data in ext4_inode_info when removing
    inline data (Theodore Ts'o) [Orabug: 29540709]
    (CVE-2018-10881) (CVE-2018-10881)

  - ext4: add more inode number paranoia checks (Theodore
    Ts'o) [Orabug: 29545566] (CVE-2018-10882)
    (CVE-2018-10882)

  - Revert 'KVM: nVMX: Eliminate vmcs02 pool' (Boris
    Ostrovsky) [Orabug: 29542029]

  - Revert 'KVM: VMX: introduce alloc_loaded_vmcs' (Boris
    Ostrovsky) [Orabug: 29542029]

  - Revert 'KVM: VMX: make MSR bitmaps per-VCPU' (Boris
    Ostrovsky) [Orabug: 29542029]

  - Revert 'KVM: x86: pass host_initiated to functions that
    read MSRs' (Boris Ostrovsky) [Orabug: 29542029]

  - Revert 'KVM/x86: Add IBPB support' (Boris Ostrovsky)
    [Orabug: 29542029]

  - Revert 'KVM/VMX: Allow direct access to
    MSR_IA32_SPEC_CTRL - reloaded' (Boris Ostrovsky)
    [Orabug: 29542029]

  - Revert 'KVM/SVM: Allow direct access to
    MSR_IA32_SPEC_CTRL' (Boris Ostrovsky) [Orabug: 29542029]

  - Revert 'KVM: SVM: Add MSR-based feature support for
    serializing LFENCE' (Boris Ostrovsky) [Orabug: 29542029]

  - Revert 'x86/cpufeatures: rename X86_FEATURE_AMD_SSBD to
    X86_FEATURE_LS_CFG_SSBD' (Boris Ostrovsky) [Orabug:
    29542029]

  - Revert 'x86/bugs: Add AMD's SPEC_CTRL MSR usage' (Boris
    Ostrovsky) [Orabug: 29542029]

  - Revert 'x86/bugs: Fix the AMD SSBD usage of the
    SPEC_CTRL MSR' (Boris Ostrovsky) [Orabug: 29542029]

  - arch: x86: remove unsued SET_IBPB from spec_ctrl.h
    (Mihai Carabas) [Orabug: 29336760]

  - x86: cpu: microcode: fix late loading SpectreV2 bugs
    eval (Mihai Carabas) [Orabug: 29336760]

  - x86: cpu: microcode: fix late loading SSBD and L1TF bugs
    eval (Mihai Carabas) [Orabug: 29336760]

  - x86: cpu: microcode: Re-evaluate bugs in a CPU after
    microcode loading (Mihai Carabas) [Orabug: 29336760]

  - x86: cpu: microcode: update flags for all cpus (Mihai
    Carabas) [Orabug: 29336760]

  - x86/apic: Make arch_setup_hwirq NUMA node aware (Henry
    Willard) [Orabug: 29292411]"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/oraclevm-errata/2019-May/000936.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel-uek / kernel-uek-firmware packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-124.26.7.el6uek")) flag++;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-124.26.7.el6uek")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
}
VendorProductVersionCPE
oraclevmkernel-uekp-cpe:/a:oracle:vm:kernel-uek
oraclevmkernel-uek-firmwarep-cpe:/a:oracle:vm:kernel-uek-firmware
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4

Related

oraclelinux 4
nessus 61
prion 4
cve 4
redhatcve 3
debiancve 4
ubuntucve 4
altlinux 2
veracode 2
openvas 47
fedora 16
f5 1
amazon 1
ubuntu 13
cloudfoundry 4
suse 5
photon 5
mageia 5
ibm 5
debian 4
osv 4
redhat 1
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-03-31 00:00:00
Unbreakable Enterprise kernel security update
2019-04-08 00:00:00
Unbreakable Enterprise kernel security update
2019-04-09 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4596)
2019-04-02 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4600)
2019-04-10 00:00:00
Fedora 29 : kernel / kernel-headers / kernel-tools (2019-b0f7a7b74b)
2019-01-15 00:00:00
prion
prion
Design/Logic Flaw
2018-07-27 18:29:00
Design/Logic Flaw
2018-07-26 18:29:00
Null pointer dereference
2018-03-02 08:29:00
cve
cve
CVE-2018-10881
2018-07-26 18:29:00
CVE-2018-10882
2018-07-27 18:29:00
CVE-2019-3701
2019-01-03 16:29:00
redhatcve
redhatcve
CVE-2018-10882
2018-06-29 19:19:48
CVE-2018-10881
2019-10-21 06:03:17
CVE-2019-3701
2019-11-02 09:44:53
debiancve
debiancve
CVE-2018-10882
2018-07-27 18:29:00
CVE-2018-10881
2018-07-26 18:29:00
CVE-2018-1066
2018-03-02 08:29:00
ubuntucve
ubuntucve
CVE-2018-10882
2018-07-27 00:00:00
CVE-2018-10881
2018-07-26 00:00:00
CVE-2018-1066
2018-03-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package kernel-image-std-pae version 1:4.4.140-alt0.M80P.1
2018-07-16 00:00:00
Security fix for the ALT Linux 9 package kernel-image-tegra version 4.9.140-alt2
2019-07-10 00:00:00
veracode
veracode
Memory Corruption
2019-05-16 03:18:34
Denial Of Service (DoS)
2021-06-17 07:21:47
openvas
openvas
Fedora Update for kernel-headers FEDORA-2019-337484d88b
2019-01-15 00:00:00
Fedora Update for kernel-tools FEDORA-2019-337484d88b
2019-01-15 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1234)
2020-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: kernel-tools-4.19.14-200.fc28
2019-01-15 01:54:14
[SECURITY] Fedora 29 Update: kernel-headers-4.19.14-300.fc29
2019-01-15 02:34:34
[SECURITY] Fedora 29 Update: kernel-tools-4.19.14-300.fc29
2019-01-15 02:34:34
f5
f5
K17957133 : Linux kernel vulnerability CVE-2019-3701
2019-04-12 00:00:00
amazon
amazon
Medium: kernel
2018-04-19 04:44:00
ubuntu
ubuntu
Linux kernel (Xenial HWE) vulnerabilities
2018-08-24 00:00:00
Linux kernel vulnerabilities
2018-08-24 00:00:00
Linux kernel vulnerabilities
2019-02-04 00:00:00
cloudfoundry
cloudfoundry
USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3871-4: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2019-02-15 00:00:00
USN-3752-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2018-09-27 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2018-08-17 12:32:52
Security update for the Linux Kernel (important)
2018-08-17 12:20:07
Security update for the Linux Kernel (important)
2020-04-23 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2018-0033
2018-04-02 00:00:00
Important Photon OS Security Update - PHSA-2018-0165
2018-07-16 00:00:00
Important Photon OS Security Update - PHSA-2018-0076
2018-07-27 00:00:00
mageia
mageia
Updated kernel packages fixes security vulnerabilities
2018-07-25 11:24:17
Updated kernel-tmb packages fix security vulnerabilities
2018-08-15 18:45:26
Updated kernel-linus packages fix security vulnerabilities
2018-08-15 18:45:26
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-09-26 19:00:02
Security Bulletin: IBM API Connect is affected by multiple third-party vulnerabilities (Node.js, nghttp2, Linux, Intel CPU, Android)
2018-10-31 20:10:01
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
2018-12-17 14:20:01
debian
debian
[SECURITY] [DLA 1423-1] linux-4.9 new package
2018-07-18 15:37:11
[SECURITY] [DLA 1422-1] linux security update
2018-07-14 19:32:04
[SECURITY] [DLA 1422-2] linux security update
2018-07-15 03:01:36
osv
osv
linux-4.9 - security update
2018-07-14 00:00:00
linux - security update
2018-07-14 00:00:00
linux - security update
2018-10-03 00:00:00
redhat
redhat
(RHSA-2018:2948) Important: kernel-alt security, bug fix, and enhancement update
2018-10-30 08:15:20
JSON
Related for ORACLEVM_OVMSA-2019-0014.NASL
oraclelinux4nessus61prion4cve4redhatcve3debiancve4ubuntucve4altlinux2veracode2openvas47fedora16f51amazon1ubuntu13cloudfoundry4suse5photon5mageia5ibm5debian4osv4redhat1