Vulnerabilities > CVE-2013-0420
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Application | 6 |
Nessus
NASL family Windows NASL id VIRTUALBOX_CORE_SUBCOMPONENT_LOCAL_ISSUE.NASL description The remote host contains a version of Oracle VM VirtualBox earlier than 4.0.18 / 4.1.24 / 4.2.6. As such, it is potentially affected by a local vulnerability that could allow an authenticated attacker to impact integrity and availability. last seen 2020-06-01 modified 2020-06-02 plugin id 63646 published 2013-01-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63646 title Oracle VM VirtualBox Core Subcomponent < 4.0.18 / 4.1.24 / 4.2.6 Local Issue code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(63646); script_version("1.5"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2013-0420"); script_bugtraq_id(57383); script_name(english:"Oracle VM VirtualBox Core Subcomponent < 4.0.18 / 4.1.24 / 4.2.6 Local Issue"); script_summary(english:"Does a version check on VirtualBox.exe"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host has an application that is affected by a local vulnerability."); script_set_attribute( attribute:"description", value: "The remote host contains a version of Oracle VM VirtualBox earlier than 4.0.18 / 4.1.24 / 4.2.6. As such, it is potentially affected by a local vulnerability that could allow an authenticated attacker to impact integrity and availability."); script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog"); # http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aac4d874"); script_set_attribute(attribute:"solution", value:"Upgrade to Oracle VM VirtualBox 4.0.18 / 4.1.24 / 4.2.6 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/15"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("virtualbox_installed.nasl"); script_require_keys("VirtualBox/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("smb_func.inc"); ver = get_kb_item_or_exit('VirtualBox/Version'); path = get_kb_item_or_exit('SMB/VirtualBox/'+ver); ver_fields = split(ver, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); if ( major == 4 && ( (minor == 0 && rev < 18) || (minor == 1 && rev < 24) || (minor == 2 && rev < 6) ) ) { port = kb_smb_transport(); if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : 4.0.18 / 4.1.24 / 4.2.6\n'; security_note(port:port, extra:report); } else security_note(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, 'Oracle VM VirtualBox', ver, path);
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-73.NASL description - added CVE-2013-0420.diff to fix CVE-2013-0420 (bnc#798776) last seen 2020-06-05 modified 2014-06-13 plugin id 75160 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75160 title openSUSE Security Update : virtualbox (openSUSE-SU-2013:0231-1)
Oval
accepted | 2014-02-17T04:00:10.655-05:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary." | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:15763 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2013-04-26T14:33:26.748+04:00 | ||||||||||||
title | Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 | ||||||||||||
version | 9 |
References
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00000.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
- http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
- https://bugzilla.novell.com/show_bug.cgi?id=798776
- https://bugzilla.novell.com/show_bug.cgi?id=798776
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15763
- https://www.virtualbox.org/changeset/44055/vbox
- https://www.virtualbox.org/changeset/44055/vbox