Executive Summary

Summary
Title VirtualBox: Multiple vulnerabilities
Informations
Name GLSA-201204-01 First vendor Publication 2012-04-09
Vendor Gentoo Last vendor Modification 2012-04-09
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 6.8 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.1 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities were found in VirtualBox, allowing local attackers to gain escalated privileges.

Background

VirtualBox is a powerful virtualization product from Oracle.

Description

Multiple unspecified vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details.

Impact

A local attacker may be able to gain escalated privileges via unknown attack vectors.

Workaround

There is no known workaround at this time.

Resolution

All VirtualBox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-4.1.8"

All VirtualBox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/virtualbox-bin-4.1.8"

References

[ 1 ] CVE-2010-4414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4414
[ 2 ] CVE-2011-2300
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2300
[ 3 ] CVE-2011-2305
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2305
[ 4 ] CVE-2012-0105
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0105
[ 5 ] CVE-2012-0111
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0111

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201204-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201204-01.xml

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12576
 
Oval ID: oval:org.mitre.oval:def:12576
Title: Unspecified vulnerability in Oracle VM VirtualBox 4.0
Description: Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4414
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle VM VirtualBox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12983
 
Oval ID: oval:org.mitre.oval:def:12983
Title: Unspecified vulnerability in Oracle VM VirtualBox
Description: Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2305
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle VirtualBox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13148
 
Oval ID: oval:org.mitre.oval:def:13148
Title: Unspecified vulnerability in Oracle VM VirtualBox related to Guest Additions for Windows
Description: Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2300
Version: 15
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Oracle VirtualBox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16235
 
Oval ID: oval:org.mitre.oval:def:16235
Title: Unspecified vulnerability in the Oracle VM VirtualBox 4.1 component
Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0105
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): VirtualBox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16722
 
Oval ID: oval:org.mitre.oval:def:16722
Title: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders
Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0111
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): VirtualBox
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 5

OpenVAS Exploits

Date Description
2012-04-30 Name : Gentoo Security Advisory GLSA 201204-01 (virtualbox)
File : nvt/glsa_201204_01.nasl
2012-01-24 Name : Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows)
File : nvt/secpod_oracle_virtualbox_mult_unspecified_vuln_win.nasl
2012-01-24 Name : Oracle VM VirtualBox Unspecified Vulnerability (MAC OS X)
File : nvt/secpod_oracle_virtualbox_unspecified_vuln_macosx.nasl
2011-07-29 Name : Oracle VM VirtualBox Unspecified Vulnerability (Windows)
File : nvt/secpod_oracle_virtualbox_unspecified_vuln_win.nasl
2011-01-31 Name : Oracle VM VirtualBox Extensions Local Privilege Escalation Vulnerability (Linux)
File : nvt/gb_oracle_virtualbox_loc_prev_escl_vuln_lin.nasl
2011-01-27 Name : Oracle VM VirtualBox Extensions Local Privilege Escalation Vulnerability
File : nvt/gb_oracle_virtualbox_loc_prev_escl_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78443 Oracle VM VirtualBox Shared Folders Component Unspecified Local Issue

Oracle VM VirtualBox contains a flaw related to the Shared Folders component that may allow a local attacker to affect confidentiality and integrity. No further details have been provided.
78442 Oracle VM VirtualBox Windows Guest Additions Component Unspecified Local Issue

Oracle VM VirtualBox contains a flaw related to the Windows Guest Additions component that may allow a local attacker to affect confidentiality, integrity and availability. No further details have been provided.
73897 Oracle VM VirtualBox Guest Additions for Windows XPDM Display Driver Local Ov...

73896 Oracle VM VirtualBox Host-Guest Communication Manager SHCRGL_GUEST_FN_WRITE_B...

70549 Oracle VM VirtualBox Extensions Unspecified Local Issue

Oracle VM VirtualBox contains a flaw related to the 'Extensions' component that may allow a local attacker to severely affect confidentiality, integrity, and availability. No further details have been provided.

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-696.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_python-virtualbox-110802.nasl - Type : ACT_GATHER_INFO
2012-11-13 Name : The remote Windows host has an application that is affected by unspecified lo...
File : virtualbox_4_1_8.nasl - Type : ACT_GATHER_INFO
2012-11-02 Name : The remote Windows host has an application that is affected by two local over...
File : virtualbox_4_0_8.nasl - Type : ACT_GATHER_INFO
2012-06-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201204-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:18
  • Multiple Updates