Executive Summary
Summary | |
---|---|
Title | VirtualBox: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201001-04 | First vendor Publication | 2010-01-13 |
Vendor | Gentoo | Last vendor Modification | 2010-01-13 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation. Background Description * A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool. * An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). Impact Workaround Resolution All users of the Open Source version of VirtualBox should upgrade to the latest version: All users of the binary VirtualBox Guest Additions should upgrade to the latest version: All users of the Open Source VirtualBox Guest Additions should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-201001-04.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201001-04.xml |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-10-17 | Sun VirtualBox <= 3.0.6 privilege escalation |
OpenVAS Exploits
Date | Description |
---|---|
2010-03-12 | Name : Mandriva Update for virtualbox MDVSA-2010:059 (virtualbox) File : nvt/gb_mandriva_MDVSA_2010_059.nasl |
2010-02-15 | Name : Mandriva Update for msec MDVA-2010:059 (msec) File : nvt/gb_mandriva_MDVA_2010_059.nasl |
2010-01-20 | Name : Gentoo Security Advisory GLSA 201001-04 (virtualbox-bin virtualbox-ose virtua... File : nvt/glsa_201001_04.nasl |
2009-11-26 | Name : Sun VirtualBox or xVM VirtualBox Denial Of Service Vulnerability (Linux) File : nvt/secpod_sun_virtualbox_dos_vuln_lin.nasl |
2009-11-26 | Name : Sun VirtualBox or xVM VirtualBox Denial Of Service Vulnerability (Win) File : nvt/secpod_sun_virtualbox_dos_vuln_win.nasl |
2009-11-20 | Name : Sun VirtualBox 'VBoxNetAdpCtl' Privilege Escalation Vulnerability File : nvt/secpod_sun_virtualbox_priv_esc_vuln_lin.nasl |
2009-10-13 | Name : FreeBSD Ports: virtualbox File : nvt/freebsd_virtualbox.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60098 | Sun VirtualBox Guest Additions Kernel Memory Exhaustion Local DoS |
58652 | Sun VirtualBox VBoxNetAdpCtl Configuration Tool Unspecified Local Privilege E... VirtualBox contains a flaw related to the VBoxNetAdpCtl configuration tool that may allow an attacker to escalate privileges. No further details have been provided. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-03-11 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-059.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201001-04.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_virtualbox-ose-100126.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_virtualbox-ose-100126.nasl - Type : ACT_GATHER_INFO |
2010-02-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_virtualbox-ose-100121.nasl - Type : ACT_GATHER_INFO |
2009-11-17 | Name : The remote Windows host is running a set of virtualization utilities that is ... File : virtualbox_guest_additions_local_dos.nasl - Type : ACT_GATHER_INFO |
2009-10-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ebeed063b32811deb6a50030843d3802.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:47 |
|