检测

OracleVM 3.4:xen (OVMSA-2018-0039)

high Nessus 插件 ID 109545

语言:

简介

远程 OracleVM 主机缺少一个或多个安全更新。

描述

远程 OracleVM 系统缺少解决关键安全更新的必要补丁:

 - BUILDINFO:OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

 - BUILDINFO:xen commit=b68fb6eb2d74ac16bb1e733c5fe5c9d9622b0838

 - BUILDINFO:QEMU 上游 commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO:传统 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - vnuma:如果无法设置 vnuma,请勿使客户机创建失败 (Elena Ufimtseva) [Orabug:27734123]

 - BUILDINFO:OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

 - BUILDINFO:xen commit=2446bf402a359332c21fe3f74d81a4c31191752f

 - BUILDINFO:QEMU 上游 commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO:传统 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - x86/vMSI-X:接受所有掩码请求 (Jan Beulich) [Orabug:27805894]

 - BUILDINFO:OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

 - BUILDINFO:xen commit=b16b37d1e358a490d4cf930fe8efe1432d4723ef

 - BUILDINFO:QEMU 上游 commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO:传统 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - 删除分支中的虚假文件。(Elena Ufimtseva)

 - BUILDINFO:OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

 - BUILDINFO:xen commit=e1d84ac130fa17bafc394684ae9ba0eedfdca9a9

 - BUILDINFO:QEMU 上游 commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO:传统 QEMU commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO:IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO:SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - x86/shadow:修复 ref-counting 错误处理 (Jan Beulich) [Orabug:27803798] (CVE-2017-17564)

 -x86 / shadow:修复 refcount 溢出检查 (Jan Beulich) [Orabug:27803801] (CVE-2017-17563)

解决方案

更新受影响的 xen/xen-tools 程序包。

另见

https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000849.html

插件详情

严重性: High

ID: 109545

文件名: oraclevm_OVMSA-2018-0039.nasl

版本: 1.4

类型: local

发布时间: 2018/5/3

最近更新时间: 2019/9/27

支持的传感器: Nessus

风险信息

VPR

风险因素: Medium

分数: 6.5

CVSS v2

风险因素: Medium

基本分数: 6.9

时间分数: 5.1

矢量: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

风险因素: High

基本分数: 7.8

时间分数: 6.8

矢量: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:U/RL:O/RC:C

漏洞信息

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

必需的 KB 项: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

易利用性: No known exploits are available

补丁发布日期: 2018/5/2

漏洞发布日期: 2017/12/12

参考资料信息

CVE: CVE-2017-17563, CVE-2017-17564