Detections
Analytics
OracleVM 3.3 / 3.4 : dhcp (OVMSA-2018-0042)
high Nessus Plugin ID 109830
Language:
Synopsis
The remote OracleVM host is missing one or more security updates.Description
The remote OracleVM system is missing necessary patches to address critical security updates :- Added oracle-errwarn-message.patch
- Resolves: #1570897 - Fix comamnd execution in NM script (CVE-2018-1111)
- Resolves: #1550085 - CVE-2018-5733 Avoid reference overflow
<[12:4.1.1-53.P1.2
- Resolves: #1550083 - CVE-2018-5732 Avoid options buffer overflow
- Resolves: #1063217 - failover hangs with both potential-conflict
Solution
Update the affected dhclient / dhcp-common packages.See Also
https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000854.html
https://oss.oracle.com/pipermail/oraclevm-errata/2018-May/000853.html
Plugin Details
Severity: High
ID: 109830
File Name: oraclevm_OVMSA-2018-0042.nasl
Version: 1.12
Type: local
Family: OracleVM Local Security Checks
Published: 5/16/2018
Updated: 7/10/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.9
Temporal Score: 6.5
Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:vm:dhclient, p-cpe:/a:oracle:vm:dhcp-common, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4
Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/15/2018
Vulnerability Publication Date: 5/17/2018
Exploitable With
Metasploit (DHCP Client Command Injection (DynoRoot))
Reference Information
CVE: CVE-2018-1111, CVE-2018-5732, CVE-2018-5733
IAVA: 2018-A-0162
IAVB: 2018-B-0034-S