Vulnerabilities > CVE-2011-2300 - Local vulnerability in Oracle VM Virtualbox 4.0

047910
CVSS 3.7 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
high complexity
oracle
nessus

Summary

Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_PYTHON-VIRTUALBOX-110802.NASL
    descriptionTwo privilege escalation vulnerabilities in VirtualBox have been fixed. - CVE-2011-2300: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P) - CVE-2011-2305: CVSS v2 Base Score: 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)
    last seen2020-06-01
    modified2020-06-02
    plugin id76004
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76004
    titleopenSUSE Security Update : python-virtualbox (openSUSE-SU-2011:0873-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update python-virtualbox-4950.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76004);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2011-2300", "CVE-2011-2305");
    
      script_name(english:"openSUSE Security Update : python-virtualbox (openSUSE-SU-2011:0873-1)");
      script_summary(english:"Check for the python-virtualbox-4950 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two privilege escalation vulnerabilities in VirtualBox have been
    fixed.
    
      - CVE-2011-2300: CVSS v2 Base Score: 3.7
        (AV:L/AC:H/Au:N/C:P/I:P/A:P)
    
      - CVE-2011-2305: CVSS v2 Base Score: 6.2
        (AV:L/AC:H/Au:N/C:C/I:C/A:C)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=708271"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-08/msg00009.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python-virtualbox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"python-virtualbox-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"python-virtualbox-debuginfo-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-debuginfo-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-debugsource-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-devel-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-default-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-default-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-desktop-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-pae-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-pae-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-tools-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-tools-debuginfo-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-x11-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-x11-debuginfo-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-default-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-default-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-desktop-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-desktop-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-pae-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-pae-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-qt-4.0.12-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-qt-debuginfo-4.0.12-0.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "virtualbox");
    }
    
  • NASL familyWindows
    NASL idVIRTUALBOX_4_0_8.NASL
    descriptionThe remote host contains a version of Oracle VM VirtualBox or Sun xVM VirtualBox 3.0, 3.1, 3.2, or 4.0.x prior to 4.0.10. As such, it is reportedly affected by two vulnerabilities : - A local user can exploit a flaw in Guest Additions for Windows to gain partial elevated privileges. This issue only affects version 4.0.x. (CVE-2011-2300) - A local user can exploit an unspecified flaw to gain full control of the target system. (CVE-2011-2305)
    last seen2020-06-01
    modified2020-06-02
    plugin id62798
    published2012-11-02
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62798
    titleOracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(62798);
      script_version("1.4");
      script_cvs_date("Date: 2018/11/15 20:50:29");
    
      script_cve_id("CVE-2011-2300", "CVE-2011-2305");
      script_bugtraq_id(48781, 48793);
    
      script_name(english:"Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows");
      script_summary(english:"Does a version check on VirtualBox.exe");
    
      script_set_attribute( attribute:"synopsis", value:
    "The remote Windows host has an application that is affected by two
    local overflow vulnerabilities.");
      script_set_attribute( attribute:"description", value:
    "The remote host contains a version of Oracle VM VirtualBox or Sun xVM
    VirtualBox 3.0, 3.1, 3.2, or 4.0.x prior to 4.0.10.  As such, it is
    reportedly affected by two vulnerabilities :
    
      - A local user can exploit a flaw in Guest Additions for 
        Windows to gain partial elevated privileges.  This issue
        only affects version 4.0.x. (CVE-2011-2300)
    
      - A local user can exploit an unspecified flaw to gain 
        full control of the target system. (CVE-2011-2305)");
      #http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1fd9a198");
      #http://mista.nu/blog/2011/07/19/oracle-virtualbox-integer-overflow-vulnerabilities/ 
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c54ecc3f");
      script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
      script_set_attribute(attribute:"solution", value:"Upgrade to Oracle VM VirtualBox 4.0.10 or later.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
    
      script_dependencies("virtualbox_installed.nasl");
      script_require_keys("VirtualBox/Version");
      exit(0);
    }
    
    
    include("audit.inc");
    include("smb_func.inc");
    include("smb_hotfixes.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit('VirtualBox/Version');
    path = get_kb_item_or_exit('SMB/VirtualBox/'+ver);
    
    ver_fields = split(ver, sep:'.', keep:FALSE);
    major = int(ver_fields[0]);
    minor = int(ver_fields[1]);
    rev = int(ver_fields[2]);
    
    # Versions 3.0, 3.1, 3.2, 4.0 - 4.0.8 are affected
    if (
      (major == 4 && minor == 0 && rev <= 8) || 
      (major == 3 && minor <=2)
    )
    {
      port = kb_smb_transport();
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + ver +
          '\n  Fixed version     : 4.0.10\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, 'Oracle VM VirtualBox', ver, path);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201204-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201204-01 (VirtualBox: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to gain escalated privileges via unknown attack vectors. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59617
    published2012-06-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59617
    titleGLSA-201204-01 : VirtualBox: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201204-01.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59617);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2010-4414", "CVE-2011-2300", "CVE-2011-2305", "CVE-2012-0105", "CVE-2012-0111");
      script_bugtraq_id(45876, 48781, 48793, 51461, 51465);
      script_xref(name:"GLSA", value:"201204-01");
    
      script_name(english:"GLSA-201204-01 : VirtualBox: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201204-01
    (VirtualBox: Multiple vulnerabilities)
    
        Multiple unspecified vulnerabilities have been discovered in VirtualBox.
          Please review the CVE identifiers referenced below for details.
      
    Impact :
    
        A local attacker may be able to gain escalated privileges via unknown
          attack vectors.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201204-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All VirtualBox users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-4.1.8'
        All VirtualBox binary users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/virtualbox-bin-4.1.8'"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-emulation/virtualbox-bin", unaffected:make_list("ge 4.1.4"), vulnerable:make_list("lt 4.1.8"))) flag++;
    if (qpkg_check(package:"app-emulation/virtualbox", unaffected:make_list("ge 4.1.8"), vulnerable:make_list("lt 4.1.8"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VirtualBox");
    }
    

Oval

accepted2014-02-17T04:00:10.099-05:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentVirtualBox is installed
ovaloval:org.mitre.oval:def:11581
descriptionUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.
familywindows
idoval:org.mitre.oval:def:13148
statusaccepted
submitted2011-10-11T15:20:33.178-04:00
titleUnspecified vulnerability in Oracle VM VirtualBox related to Guest Additions for Windows
version16