Executive Summary
Summary | |
---|---|
Title | VirtualBox: Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201401-13 | First vendor Publication | 2014-01-20 |
Vendor | Gentoo | Last vendor Modification | 2014-01-20 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 3.5 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 1.5 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in VirtualBox, allowing local attackers to escalate their privileges or cause a Denial of Service condition. Background Description Impact Workaround Resolution All virtualbox-bin users should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-201401-13.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201401-13.xml |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16681 | |||
Oval ID: | oval:org.mitre.oval:def:16681 | ||
Title: | Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 | ||
Description: | Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect interrupt handling." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3221 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19942 | |||
Oval ID: | oval:org.mitre.oval:def:19942 | ||
Title: | DSA-2594-1 virtualbox-ose - programming error | ||
Description: | <q>halfdog</q> discovered that incorrect interrupt handling in VirtualBox, a x86 virtualization solution, can lead to denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2594-1 CVE-2012-3221 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | virtualbox-ose |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21438 | |||
Oval ID: | oval:org.mitre.oval:def:21438 | ||
Title: | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0405 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21883 | |||
Oval ID: | oval:org.mitre.oval:def:21883 | ||
Title: | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0407 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22391 | |||
Oval ID: | oval:org.mitre.oval:def:22391 | ||
Title: | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0406 | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0404 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22409 | |||
Oval ID: | oval:org.mitre.oval:def:22409 | ||
Title: | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5892 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22434 | |||
Oval ID: | oval:org.mitre.oval:def:22434 | ||
Title: | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0404 | ||
Description: | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0406 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VirtualBox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24111 | |||
Oval ID: | oval:org.mitre.oval:def:24111 | ||
Title: | DSA-2878-1 virtualbox - security update | ||
Description: | Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86virtualisation solution, resulting in denial of service, privilege escalation and an information leak. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2878-1 CVE-2013-5892 CVE-2014-0404 CVE-2014-0406 CVE-2014-0407 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | virtualbox-ose virtualbox |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2594-1 (virtualbox-ose - programming error) File : nvt/deb_2594_1.nasl |
2012-10-19 | Name : Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Mac OS X) File : nvt/gb_oracle_virtualbox_unspecified_dos_vuln_macosx.nasl |
2012-10-19 | Name : Oracle VM VirtualBox Unspecified Denial of Service Vulnerability (Windows) File : nvt/gb_oracle_virtualbox_unspecified_dos_vuln_win.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-01-16 | IAVM : 2014-A-0012 - Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity : Category I - VMSKEY : V0043396 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-03-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2878.nasl - Type : ACT_GATHER_INFO |
2014-01-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-13.nasl - Type : ACT_GATHER_INFO |
2014-01-17 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_81f1fdc27ec711e3a6c600163e1ed244.nasl - Type : ACT_GATHER_INFO |
2014-01-17 | Name : The remote host has an application that is affected by multiple security vuln... File : virtualbox_4_3_4.nasl - Type : ACT_GATHER_INFO |
2014-01-17 | Name : The remote host has an application that is affected by an unspecified, local ... File : virtualbox_4_3_6.nasl - Type : ACT_GATHER_INFO |
2012-12-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2594.nasl - Type : ACT_GATHER_INFO |
2012-09-14 | Name : The remote Windows host has an application that is affected by local denial o... File : virtualbox_4_1_22.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:02 |
|
2014-01-20 13:18:22 |
|