Vulnerabilities > CVE-2012-3221 - Unspecified vulnerability in Oracle Virtualization 3.2/4.0/4.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect interrupt handling."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | Oracle VM VirtualBox 4.1 - Local Denial of Service Vulnerability. CVE-2012-3221. Dos exploit for lin_x86-64 platform |
id | EDB-ID:21224 |
last seen | 2016-02-02 |
modified | 2012-09-10 |
published | 2012-09-10 |
reporter | halfdog |
source | https://www.exploit-db.com/download/21224/ |
title | Oracle VM VirtualBox 4.1 - Local Denial of Service Vulnerability |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2594.NASL description 'halfdog last seen 2020-03-17 modified 2012-12-31 plugin id 63357 published 2012-12-31 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63357 title Debian DSA-2594-1 : virtualbox-ose - programming error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2594. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(63357); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-3221"); script_bugtraq_id(56045); script_xref(name:"DSA", value:"2594"); script_name(english:"Debian DSA-2594-1 : virtualbox-ose - programming error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "'halfdog' discovered that incorrect interrupt handling in VirtualBox, a x86 virtualization solution, can lead to denial of service." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/virtualbox-ose" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2594" ); script_set_attribute( attribute:"solution", value: "Upgrade the virtualbox-ose packages. For the stable distribution (squeeze), this problem has been fixed in version 3.2.10-dfsg-1+squeeze1." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"virtualbox-ose", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"virtualbox-ose-dbg", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"virtualbox-ose-dkms", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"virtualbox-ose-fuse", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"virtualbox-ose-guest-dkms", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"virtualbox-ose-guest-source", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"virtualbox-ose-guest-utils", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"virtualbox-ose-guest-x11", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"virtualbox-ose-qt", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (deb_check(release:"6.0", prefix:"virtualbox-ose-source", reference:"3.2.10-dfsg-1+squeeze1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Windows NASL id VIRTUALBOX_4_1_22.NASL description The remote host contains a version of Oracle VirtualBox 4.1 before 4.1.22. As such, it is potentially affected by a local denial of service vulnerability caused by invocation of software interrupt 0x8 from userspace. An attacker with access to the guest VM could leverage this to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 62100 published 2012-09-14 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62100 title Oracle VirtualBox 4.1 < 4.1.22 Task-Gate IDT Call NULL Pointer Dereference Local DoS NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-13.NASL description The remote host is affected by the vulnerability described in GLSA-201401-13 (VirtualBox: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in Virtualbox. Please review the CVE identifiers referenced below for details. Impact : A local attacker in a guest virtual machine may be able to escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72052 published 2014-01-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72052 title GLSA-201401-13 : VirtualBox: Multiple Vulnerabilities
Oval
accepted | 2014-02-17T04:00:11.249-05:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect interrupt handling." | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:16681 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2013-04-26T14:33:26.748+04:00 | ||||||||||||
title | Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 | ||||||||||||
version | 9 |
References
- http://www.debian.org/security/2012/dsa-2594
- http://www.debian.org/security/2012/dsa-2594
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
- http://www.securityfocus.com/bid/56045
- http://www.securityfocus.com/bid/56045
- http://www.securitytracker.com/id?1027666
- http://www.securitytracker.com/id?1027666
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79380
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79380
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16681
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16681