Rewterz Threat Advisory – Exploitation of automatic DNS registration and auto-discovery
September 6, 2018Internal Attacks and their Impact on Organizations
September 8, 2018Rewterz Threat Advisory – Exploitation of automatic DNS registration and auto-discovery
September 6, 2018Internal Attacks and their Impact on Organizations
September 8, 2018Oracle has issued an update for kernel-uek included in Oracle VM Server for x86 for fixing multiple vulnerabilities.
IMPACT: NORMAL
PUBLISH DATE: 06-09-2018
OVERVIEW
Oracle VM Server 3.x was detected to have multiple vulnerabilities which may lead to Denial of Service, unauthorized exposure of sensitive information or Security Bypass attacks by users with malicious intents. Oracle has issued an update that patches the mentioned vulnerabilities.
ANALYSIS
Below is a brief summary of the vulnerabilities addressed in this update.
CVE-2018-13405
Local users are allowed to create files with an unintended group ownership by the inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4. This happens in a scenario where a directory is SGID to a certain group and is writable by a non-member user, who can trigger creation of a plain file (intended to be a directory) whose group ownership is that group. If the non-member makes that plain file executable and SGID, it’ll lead to privilege escalation.
CVE-2018-10021
Local users are allowed to cause a denial of service by drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16, (ata qc leak) by triggering certain failure conditions.
NOTE: This report is objected on by a third party who claims that only physically proximate attackers can cause the failure who unplug SAS Host Bus Adapter cables.
CVE-2018-10938
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. The kernel may be forced to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c if an attacker remotely sends a crafted network packet. This leads to a denial-of-service. For an attacker to leverage this flaw, a certain non-default configuration of LSM (Linux Security Module) and NetLabel is required.
CVE-2018-15594
It’s easier for attackers to conduct Spectre-v2 attacks against paravirtual guests because arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls.
AFFECTED PRODUCT
Oracle VM Server 3.x
UPDATE
Apply updated packages concerning Oracle VM Server for x86 version 3.4.
Follow the links for help:
https://docs.oracle.com/cd/E64076_01/E64078/html/vmiug-upgrading-ovs-three-three.html
https://docs.oracle.com/html/E50247_08/vmiug-server-upgrading.html