Vulnerabilities > CVE-2011-2305 - Unspecified vulnerability in Oracle VM Virtualbox
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN oracle
nessus
Summary
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_4_PYTHON-VIRTUALBOX-110802.NASL description Two privilege escalation vulnerabilities in VirtualBox have been fixed. - CVE-2011-2300: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P) - CVE-2011-2305: CVSS v2 Base Score: 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) last seen 2020-06-01 modified 2020-06-02 plugin id 76004 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76004 title openSUSE Security Update : python-virtualbox (openSUSE-SU-2011:0873-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update python-virtualbox-4950. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(76004); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:42"); script_cve_id("CVE-2011-2300", "CVE-2011-2305"); script_name(english:"openSUSE Security Update : python-virtualbox (openSUSE-SU-2011:0873-1)"); script_summary(english:"Check for the python-virtualbox-4950 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Two privilege escalation vulnerabilities in VirtualBox have been fixed. - CVE-2011-2300: CVSS v2 Base Score: 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P) - CVE-2011-2305: CVSS v2 Base Score: 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=708271" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-08/msg00009.html" ); script_set_attribute( attribute:"solution", value:"Update the affected python-virtualbox packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"python-virtualbox-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"python-virtualbox-debuginfo-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-debuginfo-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-debugsource-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-devel-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-default-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-default-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-desktop-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-pae-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-kmp-pae-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-tools-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-tools-debuginfo-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-x11-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-guest-x11-debuginfo-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-default-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-default-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-desktop-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-desktop-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-pae-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-host-kmp-pae-debuginfo-4.0.12_k2.6.37.6_0.7-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-qt-4.0.12-0.2.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"virtualbox-qt-debuginfo-4.0.12-0.2.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "virtualbox"); }NASL family Windows NASL id VIRTUALBOX_4_0_8.NASL description The remote host contains a version of Oracle VM VirtualBox or Sun xVM VirtualBox 3.0, 3.1, 3.2, or 4.0.x prior to 4.0.10. As such, it is reportedly affected by two vulnerabilities : - A local user can exploit a flaw in Guest Additions for Windows to gain partial elevated privileges. This issue only affects version 4.0.x. (CVE-2011-2300) - A local user can exploit an unspecified flaw to gain full control of the target system. (CVE-2011-2305) last seen 2020-06-01 modified 2020-06-02 plugin id 62798 published 2012-11-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62798 title Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62798); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2011-2300", "CVE-2011-2305"); script_bugtraq_id(48781, 48793); script_name(english:"Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows"); script_summary(english:"Does a version check on VirtualBox.exe"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host has an application that is affected by two local overflow vulnerabilities."); script_set_attribute( attribute:"description", value: "The remote host contains a version of Oracle VM VirtualBox or Sun xVM VirtualBox 3.0, 3.1, 3.2, or 4.0.x prior to 4.0.10. As such, it is reportedly affected by two vulnerabilities : - A local user can exploit a flaw in Guest Additions for Windows to gain partial elevated privileges. This issue only affects version 4.0.x. (CVE-2011-2300) - A local user can exploit an unspecified flaw to gain full control of the target system. (CVE-2011-2305)"); #http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1fd9a198"); #http://mista.nu/blog/2011/07/19/oracle-virtualbox-integer-overflow-vulnerabilities/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c54ecc3f"); script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog"); script_set_attribute(attribute:"solution", value:"Upgrade to Oracle VM VirtualBox 4.0.10 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/19"); script_set_attribute(attribute:"patch_publication_date", value:"2011/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("virtualbox_installed.nasl"); script_require_keys("VirtualBox/Version"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit('VirtualBox/Version'); path = get_kb_item_or_exit('SMB/VirtualBox/'+ver); ver_fields = split(ver, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); # Versions 3.0, 3.1, 3.2, 4.0 - 4.0.8 are affected if ( (major == 4 && minor == 0 && rev <= 8) || (major == 3 && minor <=2) ) { port = kb_smb_transport(); if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : 4.0.10\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_INST_PATH_NOT_VULN, 'Oracle VM VirtualBox', ver, path);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201204-01.NASL description The remote host is affected by the vulnerability described in GLSA-201204-01 (VirtualBox: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to gain escalated privileges via unknown attack vectors. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59617 published 2012-06-21 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59617 title GLSA-201204-01 : VirtualBox: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201204-01. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(59617); script_version("1.13"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2010-4414", "CVE-2011-2300", "CVE-2011-2305", "CVE-2012-0105", "CVE-2012-0111"); script_bugtraq_id(45876, 48781, 48793, 51461, 51465); script_xref(name:"GLSA", value:"201204-01"); script_name(english:"GLSA-201204-01 : VirtualBox: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201204-01 (VirtualBox: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to gain escalated privileges via unknown attack vectors. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201204-01" ); script_set_attribute( attribute:"solution", value: "All VirtualBox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-4.1.8' All VirtualBox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-bin-4.1.8'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/virtualbox-bin", unaffected:make_list("ge 4.1.4"), vulnerable:make_list("lt 4.1.8"))) flag++; if (qpkg_check(package:"app-emulation/virtualbox", unaffected:make_list("ge 4.1.8"), vulnerable:make_list("lt 4.1.8"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VirtualBox"); }
Oval
| accepted | 2014-02-17T04:00:09.037-05:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | ||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:12983 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2011-10-11T15:20:33.178-04:00 | ||||||||||||||||||||||||
| title | Unspecified vulnerability in Oracle VM VirtualBox | ||||||||||||||||||||||||
| version | 14 |
References
- http://secunia.com/advisories/48755
- http://security.gentoo.org/glsa/glsa-201204-01.xml
- http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
- http://www.securitytracker.com/id?1025805
- http://www.us-cert.gov/cas/techalerts/TA11-201A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12983
- http://secunia.com/advisories/48755
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12983
- http://www.us-cert.gov/cas/techalerts/TA11-201A.html
- http://www.securitytracker.com/id?1025805
- http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
- http://security.gentoo.org/glsa/glsa-201204-01.xml