Executive Summary
Summary | |
---|---|
Title | VirtualBox: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201204-01 | First vendor Publication | 2012-04-09 |
Vendor | Gentoo | Last vendor Modification | 2012-04-09 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.1 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities were found in VirtualBox, allowing local attackers to gain escalated privileges. Background Description Impact Workaround Resolution All VirtualBox binary users should upgrade to the latest version: References Availability |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201204-01.xml |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12576 | |||
Oval ID: | oval:org.mitre.oval:def:12576 | ||
Title: | Unspecified vulnerability in Oracle VM VirtualBox 4.0 | ||
Description: | Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-4414 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle VM VirtualBox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12983 | |||
Oval ID: | oval:org.mitre.oval:def:12983 | ||
Title: | Unspecified vulnerability in Oracle VM VirtualBox | ||
Description: | Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2305 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13148 | |||
Oval ID: | oval:org.mitre.oval:def:13148 | ||
Title: | Unspecified vulnerability in Oracle VM VirtualBox related to Guest Additions for Windows | ||
Description: | Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2300 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Oracle VirtualBox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16235 | |||
Oval ID: | oval:org.mitre.oval:def:16235 | ||
Title: | Unspecified vulnerability in the Oracle VM VirtualBox 4.1 component | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0105 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VirtualBox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16722 | |||
Oval ID: | oval:org.mitre.oval:def:16722 | ||
Title: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0111 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VirtualBox |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 5 |
OpenVAS Exploits
Date | Description |
---|---|
2012-04-30 | Name : Gentoo Security Advisory GLSA 201204-01 (virtualbox) File : nvt/glsa_201204_01.nasl |
2012-01-24 | Name : Oracle VM VirtualBox Multiple Unspecified Vulnerabilities (Windows) File : nvt/secpod_oracle_virtualbox_mult_unspecified_vuln_win.nasl |
2012-01-24 | Name : Oracle VM VirtualBox Unspecified Vulnerability (MAC OS X) File : nvt/secpod_oracle_virtualbox_unspecified_vuln_macosx.nasl |
2011-07-29 | Name : Oracle VM VirtualBox Unspecified Vulnerability (Windows) File : nvt/secpod_oracle_virtualbox_unspecified_vuln_win.nasl |
2011-01-31 | Name : Oracle VM VirtualBox Extensions Local Privilege Escalation Vulnerability (Linux) File : nvt/gb_oracle_virtualbox_loc_prev_escl_vuln_lin.nasl |
2011-01-27 | Name : Oracle VM VirtualBox Extensions Local Privilege Escalation Vulnerability File : nvt/gb_oracle_virtualbox_loc_prev_escl_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78443 | Oracle VM VirtualBox Shared Folders Component Unspecified Local Issue Oracle VM VirtualBox contains a flaw related to the Shared Folders component that may allow a local attacker to affect confidentiality and integrity. No further details have been provided. |
78442 | Oracle VM VirtualBox Windows Guest Additions Component Unspecified Local Issue Oracle VM VirtualBox contains a flaw related to the Windows Guest Additions component that may allow a local attacker to affect confidentiality, integrity and availability. No further details have been provided. |
73897 | Oracle VM VirtualBox Guest Additions for Windows XPDM Display Driver Local Ov... |
73896 | Oracle VM VirtualBox Host-Guest Communication Manager SHCRGL_GUEST_FN_WRITE_B... |
70549 | Oracle VM VirtualBox Extensions Unspecified Local Issue Oracle VM VirtualBox contains a flaw related to the 'Extensions' component that may allow a local attacker to severely affect confidentiality, integrity, and availability. No further details have been provided. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-696.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_python-virtualbox-110802.nasl - Type : ACT_GATHER_INFO |
2012-11-13 | Name : The remote Windows host has an application that is affected by unspecified lo... File : virtualbox_4_1_8.nasl - Type : ACT_GATHER_INFO |
2012-11-02 | Name : The remote Windows host has an application that is affected by two local over... File : virtualbox_4_0_8.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201204-01.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:18 |
|