Vulnerabilities > CVE-2014-0981 - Resource Management Errors vulnerability in Oracle VM Virtualbox
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities. CVE-2014-0981,CVE-2014-0982,CVE-2014-0983. Dos exploits for multiple platform |
| file | exploits/multiple/dos/32208.txt |
| id | EDB-ID:32208 |
| last seen | 2016-02-03 |
| modified | 2014-03-12 |
| platform | multiple |
| port | |
| published | 2014-03-12 |
| reporter | Core Security |
| source | https://www.exploit-db.com/download/32208/ |
| title | Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities |
| type | dos |
Nessus
NASL family Windows NASL id VIRTUALBOX_4_3_8.NASL description The remote host contains a version of Oracle VM VirtualBox that is 3.2.x prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24 or 4.3.8. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists in the function last seen 2020-06-01 modified 2020-06-02 plugin id 72985 published 2014-04-16 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72985 title Oracle VM VirtualBox < 3.2.22 / 4.0.24 / 4.1.32 / 4.2.24 / 4.3.8 Multiple Memory Corruption NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2904.NASL description Francisco Falcon discovered that missing input sanitizing in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system. last seen 2020-03-17 modified 2014-04-16 plugin id 73534 published 2014-04-16 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73534 title Debian DSA-2904-1 : virtualbox - security update NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201612-27.NASL description The remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 95695 published 2016-12-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95695 title GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/125660/CORE-2014-0002.txt |
| id | PACKETSTORM:125660 |
| last seen | 2016-12-05 |
| published | 2014-03-11 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/125660/Oracle-VirtualBox-3D-Acceleration-Memory-Corruption.html |
| title | Oracle VirtualBox 3D Acceleration Memory Corruption |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:85507 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-85507 |
| title | Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities |
References
- http://seclists.org/fulldisclosure/2014/Mar/95
- http://secunia.com/advisories/57384
- http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
- http://www.debian.org/security/2014/dsa-2904
- http://www.exploit-db.com/exploits/32208
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- http://www.securityfocus.com/archive/1/531418/100/0/threaded
- https://security.gentoo.org/glsa/201612-27
- https://www.virtualbox.org/changeset/50437/vbox