Vulnerabilities > CVE-2009-3940 - Unspecified vulnerability in SUN Virtualbox and XVM Virtualbox

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

sun

nessus

NVD

Published: 2009-11-16

Updated: 2010-03-04

Summary

Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN Virtualbox 2.0.8 SUN Virtualbox 2.0.10 SUN Virtualbox 2.2 SUN Virtualbox 3.0 SUN Virtualbox 3.0.0 SUN Virtualbox 3.0.2 SUN Virtualbox 3.0.4 SUN Virtualbox 3.0.6 SUN Virtualbox * SUN XVM Virtualbox * SUN XVM Virtualbox 1.6 SUN XVM Virtualbox 1.6.0 SUN XVM Virtualbox 1.6.2 SUN XVM Virtualbox 1.6.4 SUN XVM Virtualbox 2.0.0 SUN XVM Virtualbox 2.0.2 SUN XVM Virtualbox 2.0.4 SUN XVM Virtualbox 2.0.6 SUN XVM Virtualbox 2.0.8 SUN XVM Virtualbox 2.0.10 SUN XVM Virtualbox 2.1.0 SUN XVM Virtualbox 2.1.2 SUN XVM Virtualbox 2.2	23

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_VIRTUALBOX-OSE-100126.NASL
description	This update of virtualbox-ose fixes a memory consumption bug in the kernel code that can be used to allocate almost all physical memory. CVE-2009-3940: CVSS v2 Base Score: 2.1 (LOW) (AV:L/AC:L/Au:N/C:N/I:N/A:P)
last seen	2020-06-01
modified	2020-06-02
plugin id	44363
published	2010-02-02
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/44363
title	openSUSE Security Update : virtualbox-ose (virtualbox-ose-1874)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update virtualbox-ose-1874. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44363); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2009-3940"); script_name(english:"openSUSE Security Update : virtualbox-ose (virtualbox-ose-1874)"); script_summary(english:"Check for the virtualbox-ose-1874 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of virtualbox-ose fixes a memory consumption bug in the kernel code that can be used to allocate almost all physical memory. CVE-2009-3940: CVSS v2 Base Score: 2.1 (LOW) (AV:L/AC:L/Au:N/C:N/I:N/A:P)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=556031" ); script_set_attribute( attribute:"solution", value:"Update the affected virtualbox-ose packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-guest-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-driver-virtualbox-ose"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"virtualbox-ose-1.5.6-33.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"virtualbox-ose-guest-tools-1.5.6-33.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"virtualbox-ose-kmp-debug-1.5.6_2.6.25.20_0.5-33.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"virtualbox-ose-kmp-default-1.5.6_2.6.25.20_0.5-33.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"virtualbox-ose-kmp-pae-1.5.6_2.6.25.20_0.5-33.4") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-driver-virtualbox-ose-1.5.6-33.4") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "virtualbox-ose"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_VIRTUALBOX-OSE-100126.NASL
description	This update of virtualbox-ose fixes a memory consumption bug in the kernel code that can be used to allocate almost all physical memory. CVE-2009-3940: CVSS v2 Base Score: 2.1 (LOW) (AV:L/AC:L/Au:N/C:N/I:N/A:P)
last seen	2020-06-01
modified	2020-06-02
plugin id	44369
published	2010-02-02
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/44369
title	openSUSE Security Update : virtualbox-ose (virtualbox-ose-1874)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update virtualbox-ose-1874. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44369); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2009-3940"); script_name(english:"openSUSE Security Update : virtualbox-ose (virtualbox-ose-1874)"); script_summary(english:"Check for the virtualbox-ose-1874 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of virtualbox-ose fixes a memory consumption bug in the kernel code that can be used to allocate almost all physical memory. CVE-2009-3940: CVSS v2 Base Score: 2.1 (LOW) (AV:L/AC:L/Au:N/C:N/I:N/A:P)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=556031" ); script_set_attribute( attribute:"solution", value:"Update the affected virtualbox-ose packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-guest-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-driver-virtualbox-ose"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"virtualbox-ose-2.0.6-2.9.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"virtualbox-ose-guest-tools-2.0.6-2.9.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"virtualbox-ose-kmp-debug-2.0.6_2.6.27.42_0.1-2.9.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"virtualbox-ose-kmp-default-2.0.6_2.6.27.42_0.1-2.9.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"virtualbox-ose-kmp-pae-2.0.6_2.6.27.42_0.1-2.9.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"virtualbox-ose-kmp-trace-2.0.6_2.6.27.42_0.1-2.9.2") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"xorg-x11-driver-virtualbox-ose-2.0.6-2.9.2") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "virtualbox-ose"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201001-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-201001-04 (VirtualBox: Multiple vulnerabilities) Thomas Biege of SUSE discovered multiple vulnerabilities: A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool. An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). Impact : A local, unprivileged attacker with the permission to run VirtualBox could gain root privileges. A guest OS local user could cause a Denial of Service (memory consumption) on the guest OS via unknown vectors. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	44893
published	2010-02-25
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/44893
title	GLSA-201001-04 : VirtualBox: Multiple vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201001-04. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(44893); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-3692", "CVE-2009-3940"); script_xref(name:"GLSA", value:"201001-04"); script_name(english:"GLSA-201001-04 : VirtualBox: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201001-04 (VirtualBox: Multiple vulnerabilities) Thomas Biege of SUSE discovered multiple vulnerabilities: A shell metacharacter injection in popen() (CVE-2009-3692) and a possible buffer overflow in strncpy() in the VBoxNetAdpCtl configuration tool. An unspecified vulnerability in VirtualBox Guest Additions (CVE-2009-3940). Impact : A local, unprivileged attacker with the permission to run VirtualBox could gain root privileges. A guest OS local user could cause a Denial of Service (memory consumption) on the guest OS via unknown vectors. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201001-04" ); script_set_attribute( attribute:"solution", value: "All users of the binary version of VirtualBox should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-bin-3.0.12' All users of the Open Source version of VirtualBox should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-ose-3.0.12' All users of the binary VirtualBox Guest Additions should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-guest-additions-3.0.12' All users of the Open Source VirtualBox Guest Additions should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-ose-additions-3.0.12'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-guest-additions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-ose"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-ose-additions"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/virtualbox-guest-additions", unaffected:make_list("ge 3.0.12"), vulnerable:make_list("lt 3.0.12"))) flag++; if (qpkg_check(package:"app-emulation/virtualbox-ose-additions", unaffected:make_list("ge 3.0.12"), vulnerable:make_list("lt 3.0.12"))) flag++; if (qpkg_check(package:"app-emulation/virtualbox-bin", unaffected:make_list("ge 3.0.12"), vulnerable:make_list("lt 3.0.12"))) flag++; if (qpkg_check(package:"app-emulation/virtualbox-ose", unaffected:make_list("ge 3.0.12"), vulnerable:make_list("lt 3.0.12"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VirtualBox"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_VIRTUALBOX-OSE-100121.NASL
description	This update of virtualbox-ose fixes a memory consumption bug in the kernel code that can be used to allocate almost all physical memory. CVE-2009-3940: CVSS v2 Base Score: 2.1 (LOW) (AV:L/AC:L/Au:N/C:N/I:N/A:P)
last seen	2020-06-01
modified	2020-06-02
plugin id	44373
published	2010-02-02
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/44373
title	openSUSE Security Update : virtualbox-ose (virtualbox-ose-1874)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update virtualbox-ose-1874. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44373); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2009-3940"); script_name(english:"openSUSE Security Update : virtualbox-ose (virtualbox-ose-1874)"); script_summary(english:"Check for the virtualbox-ose-1874 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of virtualbox-ose fixes a memory consumption bug in the kernel code that can be used to allocate almost all physical memory. CVE-2009-3940: CVSS v2 Base Score: 2.1 (LOW) (AV:L/AC:L/Au:N/C:N/I:N/A:P)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=556031" ); script_set_attribute( attribute:"solution", value:"Update the affected virtualbox-ose packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-guest-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-driver-virtualbox-ose"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"virtualbox-ose-3.0.6-9.11.2") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"virtualbox-ose-guest-tools-3.0.6-9.11.2") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"virtualbox-ose-kmp-debug-3.0.6_2.6.31.8_0.1-9.11.2") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"virtualbox-ose-kmp-default-3.0.6_2.6.31.8_0.1-9.11.2") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"virtualbox-ose-kmp-desktop-3.0.6_2.6.31.8_0.1-9.11.2") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"virtualbox-ose-kmp-pae-3.0.6_2.6.31.8_0.1-9.11.2") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"xorg-x11-driver-virtualbox-ose-3.0.6-9.11.2") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "virtualbox-ose"); }

NASL family	Windows
NASL id	VIRTUALBOX_GUEST_ADDITIONS_LOCAL_DOS.NASL
description	The remote Windows host is running a version of Sun VirtualBox Guest Additions earlier than 2.0.12 or 3.0.10. Such versions are potentially affected by a local denial of service vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	42831
published	2009-11-17
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42831
title	Sun xVM VirtualBox Guest Additions < 2.0.12 / 3.0.10 Local DoS

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2010-059.NASL
description	A vulnerability has been found and corrected in virtualbox : Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors (CVE-2009-3940). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	45030
published	2010-03-11
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/45030
title	Mandriva Linux Security Advisory : virtualbox (MDVSA-2010:059)

Summary

Vulnerable Configurations

Nessus

References