Vulnerabilities > CVE-2014-2477 - Unspecified vulnerability in Oracle VM Virtualbox

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
nessus
exploit available
metasploit
NVD
Published: 2014-07-17
Updated: 2024-11-21

Summary

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.

Vulnerable Configurations

Part Description Count
Application
Oracle
117

Exploit-Db

descriptionVirtualBox Guest Additions VBoxGuest.sys Privilege Escalation. CVE-2014-2477. Local exploit for windows platform
fileexploits/windows/local/34333.rb
idEDB-ID:34333
last seen2016-02-03
modified2014-08-13
platformwindows
port
published2014-08-13
reportermetasploit
sourcehttps://www.exploit-db.com/download/34333/
titleVirtualBox Guest Additions - VBoxGuest.sys Privilege Escalation
typelocal

Metasploit

descriptionA vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest Additions up to 4.3.10r93012.
idMSF:EXPLOIT/WINDOWS/LOCAL/VIRTUAL_BOX_GUEST_ADDITIONS
last seen2020-05-26
modified2017-07-24
published2014-08-12
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/virtual_box_guest_additions.rb
titleVirtualBox Guest Additions VBoxGuest.sys Privilege Escalation

Nessus

NASL familyWindows
NASL idVIRTUALBOX_4_3_14.NASL
descriptionThe remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 or 4.3.14. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain elevated privileges. (CVE-2014-2487, CVE-2014-4261) - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to have an impact on integrity and availability. (CVE-2014-2486, CVE-2014-2477, CVE-2014-2489) - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain access to sensitive information. (CVE-2014-2488) - An unspecified flaw relating to the Graphics driver for Windows guests that may allow a local attacker to have an impact on confidentiality, integrity, and availability. (CVE-2014-4228)
last seen2020-06-01
modified2020-06-02
plugin id76536
published2014-07-16
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/76536
titleOracle VM VirtualBox < 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 Multiple Unspecified Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(76536);
  script_version("1.10");
  script_cvs_date("Date: 2018/11/15 20:50:29");

  script_cve_id(
    "CVE-2014-2477",
    "CVE-2014-2486",
    "CVE-2014-2487",
    "CVE-2014-2488",
    "CVE-2014-2489",
    "CVE-2014-4228",
    "CVE-2014-4261"
  );
  script_bugtraq_id(
    68584,
    68588,
    68601,
    68610,
    68613,
    68618,
    68621
  );

  script_name(english:"Oracle VM VirtualBox < 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 Multiple Unspecified Vulnerabilities");
  script_summary(english:"Performs a version check on VirtualBox.exe.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by multiple
unspecified vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host contains a version of Oracle VM VirtualBox that is
prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 or 4.3.14. It is, therefore,
affected by the following vulnerabilities :

  - An unspecified flaw relating to the Core subcomponent
    that may allow a local attacker to gain elevated
    privileges. (CVE-2014-2487, CVE-2014-4261)

  - An unspecified flaw relating to the Core subcomponent
    that may allow a local attacker to have an impact on
    integrity and availability.
    (CVE-2014-2486, CVE-2014-2477, CVE-2014-2489)

  - An unspecified flaw relating to the Core subcomponent
    that may allow a local attacker to gain access to
    sensitive information. (CVE-2014-2488)

  - An unspecified flaw relating to the Graphics driver
    for Windows guests that may allow a local attacker to
    have an impact on confidentiality, integrity, and
    availability. (CVE-2014-4228)");
  # https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixOVIR
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11e8e9a6");
  script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
  script_set_attribute(attribute:"solution", value:
"Upgrade Oracle VM VirtualBox to 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 /
4.3.14 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:virtualization");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("virtualbox_installed.nasl");
  script_require_keys("VirtualBox/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit('VirtualBox/Version');
path = get_kb_item_or_exit('SMB/VirtualBox/'+ver);

# Note int(null) returns '0'
ver_fields = split(ver, sep:'.', keep:FALSE);
major = int(ver_fields[0]);
minor = int(ver_fields[1]);
rev = int(ver_fields[2]);

# Affected :
# 3.2.x < 3.2.24
# 4.0.x < 4.0.26
# 4.1.x < 4.1.34
# 4.2.x < 4.2.26
# 4.3.x < 4.3.14
if (major == 3 && minor == 2 && rev < 24) fix = '3.2.24';
else if (major == 4 && minor == 0 && rev < 26) fix = '4.0.26';
else if (major == 4 && minor == 1 && rev < 34) fix = '4.1.34';
else if (major == 4 && minor == 2 && rev < 26) fix = '4.2.26';
else if (major == 4 && minor == 3 && rev < 14) fix = '4.3.14';

if (fix)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + ver +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);

  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, 'Oracle VM VirtualBox', ver, path);

Packetstorm

References