Vulnerabilities > CVE-2013-0420 - Local vulnerability in Oracle VM VirtualBox

CVSS 2.4 - LOW

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

high complexity

opensuse

oracle

nessus

NVD

Published: 2013-01-17

Updated: 2018-10-30

Summary

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."

Vulnerable Configurations

Part	Description	Count
OS	Opensuse Opensuse Opensuse 12.1 Opensuse Opensuse 12.2	2
Application	Oracle Oracle Virtualization 4.0 Oracle Virtualization 4.1 Oracle Virtualization 4.2 Oracle VM Virtualbox 4.0 Oracle VM Virtualbox 4.1.0 Oracle VM Virtualbox 4.2.0	6

Nessus

NASL family	Windows
NASL id	VIRTUALBOX_CORE_SUBCOMPONENT_LOCAL_ISSUE.NASL
description	The remote host contains a version of Oracle VM VirtualBox earlier than 4.0.18 / 4.1.24 / 4.2.6. As such, it is potentially affected by a local vulnerability that could allow an authenticated attacker to impact integrity and availability.
last seen	2020-06-01
modified	2020-06-02
plugin id	63646
published	2013-01-22
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63646
title	Oracle VM VirtualBox Core Subcomponent < 4.0.18 / 4.1.24 / 4.2.6 Local Issue
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(63646); script_version("1.5"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2013-0420"); script_bugtraq_id(57383); script_name(english:"Oracle VM VirtualBox Core Subcomponent < 4.0.18 / 4.1.24 / 4.2.6 Local Issue"); script_summary(english:"Does a version check on VirtualBox.exe"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host has an application that is affected by a local vulnerability."); script_set_attribute( attribute:"description", value: "The remote host contains a version of Oracle VM VirtualBox earlier than 4.0.18 / 4.1.24 / 4.2.6. As such, it is potentially affected by a local vulnerability that could allow an authenticated attacker to impact integrity and availability."); script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog"); # http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aac4d874"); script_set_attribute(attribute:"solution", value:"Upgrade to Oracle VM VirtualBox 4.0.18 / 4.1.24 / 4.2.6 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/15"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("virtualbox_installed.nasl"); script_require_keys("VirtualBox/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("smb_func.inc"); ver = get_kb_item_or_exit('VirtualBox/Version'); path = get_kb_item_or_exit('SMB/VirtualBox/'+ver); ver_fields = split(ver, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); if ( major == 4 && ( (minor == 0 && rev < 18) \|\| (minor == 1 && rev < 24) \|\| (minor == 2 && rev < 6) ) ) { port = kb_smb_transport(); if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : 4.0.18 / 4.1.24 / 4.2.6\n'; security_note(port:port, extra:report); } else security_note(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, 'Oracle VM VirtualBox', ver, path);

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-73.NASL
description	- added CVE-2013-0420.diff to fix CVE-2013-0420 (bnc#798776)
last seen	2020-06-05
modified	2014-06-13
plugin id	75160
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75160
title	openSUSE Security Update : virtualbox (openSUSE-SU-2013:0231-1)

Oval

accepted

2014-02-17T04:00:10.655-05:00

class

vulnerability

contributors

name Sergey Artykhov
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT

definition_extensions

comment	VirtualBox is installed
oval	oval:org.mitre.oval:def:11581

description

family

windows

oval:org.mitre.oval:def:15763

status

accepted

submitted

2013-04-26T14:33:26.748+04:00

title

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2

version

Summary

Vulnerable Configurations

Nessus

Oval

References