Executive Summary
Summary | |
---|---|
Title | virtualbox security update |
Informations | |||
---|---|---|---|
Name | DSA-2878 | First vendor Publication | 2014-03-13 |
Vendor | Debian | Last vendor Modification | 2014-03-13 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 3.5 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 1.5 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86 virtualisation solution, resulting in denial of service, privilege escalation and an information leak. For the oldstable distribution (squeeze), these problems have been fixed in version 3.2.10-dfsg-1+squeeze2 of the virtualbox-ose source package. For the stable distribution (wheezy), these problems have been fixed in version 4.1.18-dfsg-2+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 4.3.6-dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.3.6-dfsg-1. We recommend that you upgrade your virtualbox packages. |
Original Source
Url : http://www.debian.org/security/2014/dsa-2878 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21883 | |||
Oval ID: | oval:org.mitre.oval:def:21883 | ||
Title: | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0407 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22391 | |||
Oval ID: | oval:org.mitre.oval:def:22391 | ||
Title: | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0406 | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0404 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22409 | |||
Oval ID: | oval:org.mitre.oval:def:22409 | ||
Title: | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5892 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22434 | |||
Oval ID: | oval:org.mitre.oval:def:22434 | ||
Title: | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0404 | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0406 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24111 | |||
Oval ID: | oval:org.mitre.oval:def:24111 | ||
Title: | DSA-2878-1 virtualbox - security update | ||
Description: | Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86virtualisation solution, resulting in denial of service, privilege escalation and an information leak. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2878-1 CVE-2013-5892 CVE-2014-0404 CVE-2014-0406 CVE-2014-0407 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | virtualbox-ose virtualbox |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-01-16 | IAVM : 2014-A-0012 - Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity : Category I - VMSKEY : V0043396 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-03-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2878.nasl - Type : ACT_GATHER_INFO |
2014-01-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-13.nasl - Type : ACT_GATHER_INFO |
2014-01-17 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_81f1fdc27ec711e3a6c600163e1ed244.nasl - Type : ACT_GATHER_INFO |
2014-01-17 | Name : The remote host has an application that is affected by multiple security vuln... File : virtualbox_4_3_4.nasl - Type : ACT_GATHER_INFO |
2014-01-17 | Name : The remote host has an application that is affected by an unspecified, local ... File : virtualbox_4_3_6.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-03-15 13:21:36 |
|
2014-03-13 17:20:10 |
|