Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2020-0020.NASL
HistoryJun 08, 2020 - 12:00 a.m.

OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0020) (Stack Clash)

2020-06-0800:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
44

7.3 High

AI Score

Confidence

Low

JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

  • Input: ff-memless - kill timer in destroy (Oliver Neukum) [Orabug: 31213691] (CVE-2019-19524)

  • libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351307] (CVE-2019-14896) (CVE-2019-14897) (CVE-2019-14897)

  • binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Kees Cook) [Orabug: 31352068] (CVE-2017-1000370) (CVE-2017-1000371) (CVE-2017-1000370)

  • NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357212]

  • NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever)

  • xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31387466]

  • acpi: disable erst (Wengang Wang) [Orabug: 31194253]

  • mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222292] (CVE-2019-12819)

  • rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge)

  • vxlan: don’t migrate permanent fdb entries during learn (Roopa Prabhu)

  • USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351061] (CVE-2019-19528)

  • usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351061] (CVE-2019-19528)

  • mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352011] (CVE-2018-18281)

  • Input: add safety guards to input_set_keycode (Dmitry Torokhov) [Orabug: 31200558] (CVE-2019-20636)

  • media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200579] (CVE-2020-11609)

  • media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213758] (CVE-2020-11608)

  • media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213767] (CVE-2020-11668)

  • mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug:
    31263147] (CVE-2019-19057)

  • USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317667] (CVE-2019-19537)

#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2020-0020.
#

include('compat.inc');

if (description)
{
  script_id(137217);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/07");

  script_cve_id(
    "CVE-2017-1000370",
    "CVE-2017-1000371",
    "CVE-2018-18281",
    "CVE-2019-12819",
    "CVE-2019-14896",
    "CVE-2019-14897",
    "CVE-2019-19057",
    "CVE-2019-19524",
    "CVE-2019-19528",
    "CVE-2019-19537",
    "CVE-2019-20636",
    "CVE-2020-11608",
    "CVE-2020-11609",
    "CVE-2020-11668"
  );

  script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0020) (Stack Clash)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OracleVM host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - Input: ff-memless - kill timer in destroy (Oliver
    Neukum) [Orabug: 31213691] (CVE-2019-19524)

  - libertas: Fix two buffer overflows at parsing bss
    descriptor (Wen Huang) [Orabug: 31351307]
    (CVE-2019-14896) (CVE-2019-14897) (CVE-2019-14897)

  - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Kees Cook)
    [Orabug: 31352068] (CVE-2017-1000370) (CVE-2017-1000371)
    (CVE-2017-1000370)

  - NFSv4.0: Remove transport protocol name from non-UCS
    client ID (Chuck Lever) [Orabug: 31357212]

  - NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck
    Lever) 

  - xen/manage: enable C_A_D to force reboot (Dongli Zhang)
    [Orabug: 31387466]

  - acpi: disable erst (Wengang Wang) [Orabug: 31194253]

  - mdio_bus: Fix use-after-free on device_register fails
    (YueHaibing) [Orabug: 31222292] (CVE-2019-12819)

  - rds: ib: Fix dysfunctional long address resolve timeout
    (Hakon Bugge) 

  - vxlan: don't migrate permanent fdb entries during learn
    (Roopa Prabhu) 

  - USB: iowarrior: fix use-after-free on disconnect (Johan
    Hovold) [Orabug: 31351061] (CVE-2019-19528)

  - usb: iowarrior: fix deadlock on disconnect (Oliver
    Neukum) [Orabug: 31351061] (CVE-2019-19528)

  - mremap: properly flush TLB before releasing the page
    (Linus Torvalds) [Orabug: 31352011] (CVE-2018-18281)

  - Input: add safety guards to input_set_keycode (Dmitry
    Torokhov) [Orabug: 31200558] (CVE-2019-20636)

  - media: stv06xx: add missing descriptor sanity checks
    (Johan Hovold) [Orabug: 31200579] (CVE-2020-11609)

  - media: ov519: add missing endpoint sanity checks (Johan
    Hovold) [Orabug: 31213758] (CVE-2020-11608)

  - media: xirlink_cit: add missing descriptor sanity checks
    (Johan Hovold) [Orabug: 31213767] (CVE-2020-11668)

  - mwifiex: pcie: Fix memory leak in
    mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug:
    31263147] (CVE-2019-19057)

  - USB: core: Fix races in character device registration
    and deregistraion (Alan Stern) [Orabug: 31317667]
    (CVE-2019-19537)");
  script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000983.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel-uek / kernel-uek-firmware packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14896");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-14897");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"OracleVM Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-124.39.5.el6uek")) flag++;
if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-124.39.5.el6uek")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
}
VendorProductVersionCPE
oraclevmkernel-uekp-cpe:/a:oracle:vm:kernel-uek
oraclevmkernel-uek-firmwarep-cpe:/a:oracle:vm:kernel-uek-firmware
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4

References

Related

nessus 35
oraclelinux 7
exploitpack 3
debiancve 14
prion 14
ubuntucve 14
redhatcve 14
cve 14
openvas 25
ibm 2
mageia 10
f5 6
exploitdb 2
photon 3
amazon 1
ubuntu 10
veracode 10
cloudfoundry 2
cbl_mariner 3
osv 3
symantec 1
suse 1
packetstorm 1
redhat 3
centos 1
nessus
nessus
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5708)
2020-06-05 00:00:00
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5715)
2020-06-10 00:00:00
NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0003)
2022-05-10 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2020-06-03 00:00:00
Unbreakable Enterprise kernel security update
2020-06-09 00:00:00
Unbreakable Enterprise kernel security update
2020-06-04 00:00:00
exploitpack
exploitpack
Linux Kernel - offset2lib Stack Clash
2017-06-28 00:00:00
Linux Kernel (Debian 910 Ubuntu 14.04.516.04.217.04 Fedora 232425) - ldso_dynamic Stack Clash Local Privilege Escalation
2017-06-28 00:00:00
Linux Kernel (Debian 78910 Fedora 232425 CentOS 5.35.116.06.87.2.1511) - ldso_hwcap Stack Clash Local Privilege Escalation
2017-06-28 00:00:00
debiancve
debiancve
CVE-2017-1000370
2017-06-19 16:29:00
CVE-2017-1000371
2017-06-19 16:29:00
CVE-2019-19528
2019-12-03 16:15:00
prion
prion
Design/Logic Flaw
2017-06-19 16:29:00
Design/Logic Flaw
2017-06-19 16:29:00
Out-of-bounds
2020-04-08 14:15:00
ubuntucve
ubuntucve
CVE-2017-1000370
2017-06-19 00:00:00
CVE-2017-1000371
2017-06-19 00:00:00
CVE-2019-20636
2020-04-08 00:00:00
redhatcve
redhatcve
CVE-2017-1000370
2017-06-19 16:19:12
CVE-2019-20636
2020-04-16 07:03:33
CVE-2019-19528
2020-04-06 11:04:32
cve
cve
CVE-2017-1000370
2017-06-19 16:29:00
CVE-2017-1000371
2017-06-19 16:29:00
CVE-2019-19528
2019-12-03 16:15:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:0204-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2017-0260)
2022-01-28 00:00:00
Mageia: Security Advisory (MGASA-2017-0261)
2022-01-28 00:00:00
ibm
ibm
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
2020-09-23 12:26:54
Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management
2020-10-12 11:48:01
mageia
mageia
Updated kernel-linus packages fixes security and other bugs
2017-08-13 16:17:41
Updated kernel packages fixes security and other bugs
2017-07-30 21:27:15
Updated kernel-linus packages fixes security and other bugs
2017-08-13 16:17:41
f5
f5
K97457339 : Linux kernel vulnerabilities CVE-2017-1000370 and CVE-2017-1000371
2017-08-03 00:00:00
K45501314 : Linux kernel vulnerability CVE-2019-20636
2020-05-15 00:00:00
K28135205 : Linux kernel vulnerability CVE-2019-19057
2020-01-23 00:00:00
exploitdb
exploitdb
Linux Kernel - &#039;offset2lib&#039; Stack Clash
2017-06-28 00:00:00
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - &#039;ldso_dynamic Stack Clash&#039; Local Privilege Escalation
2017-06-28 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0230
2020-04-15 00:00:00
Important Photon OS Security Update - PHSA-2020-0230
2020-04-13 00:00:00
Critical Photon OS Security Update - PHSA-2017-0052
2017-06-30 00:00:00
amazon
amazon
Critical: kernel
2017-06-19 08:58:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2020-05-19 00:00:00
Linux kernel vulnerabilities
2020-01-07 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2020-01-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-24 13:23:39
Use-after-free
2020-09-21 06:18:54
Out-Of-Bounds Write
2020-11-05 03:09:51
cloudfoundry
cloudfoundry
USN-4345-1: Linux kernel vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
USN-4227-1: Linux kernel vulnerabilities | Cloud Foundry
2020-02-05 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-11609 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
CVE-2020-11608 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
CVE-2020-11668 affecting package kernel 5.4.91-6
2021-04-06 23:51:14
osv
osv
CVE-2019-19057
2019-11-18 06:15:12
CVE-2019-20636
2020-04-08 14:15:12
Android Vomit Report
2020-07-01 00:00:00
symantec
symantec
Linux Kernel CVE-2019-19524 Local Denial of Service Vulnerability
2019-12-03 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2018-12-15 00:15:13
packetstorm
packetstorm
Linux mremap() TLB Flush Too Late
2018-10-29 00:00:00
redhat
redhat
(RHSA-2020:1524) Important: kernel security update
2020-04-22 06:36:51
(RHSA-2020:3548) Important: kernel security and bug fix update
2020-08-25 12:52:50
(RHSA-2021:0019) Moderate: kernel security and bug fix update
2021-01-05 09:12:39
centos
centos
kernel, perf, python security update
2020-04-28 00:28:59

7.3 High

AI Score

Confidence

Low

JSON
Related for ORACLEVM_OVMSA-2020-0020.NASL
nessus35oraclelinux7exploitpack3debiancve14prion14ubuntucve14redhatcve14cve14openvas25ibm2mageia10f56exploitdb2photon3amazon1ubuntu10veracode10cloudfoundry2cbl_mariner3osv3symantec1suse1packetstorm1redhat3centos1