Vulnerabilities > CVE-2014-2477 - Local Privilege Escalation vulnerability in Oracle VM VirtualBox

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

oracle

nessus

exploit available

metasploit

NVD

Published: 2014-07-17

Updated: 2018-10-09

Summary

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2486.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle VM Virtualbox 4.0 Oracle VM Virtualbox 4.0.0 Oracle VM Virtualbox 4.0.2 Oracle VM Virtualbox 4.0.4 Oracle VM Virtualbox 4.0.6 Oracle VM Virtualbox 4.0.8 Oracle VM Virtualbox 4.0.10 Oracle VM Virtualbox 4.0.12 Oracle VM Virtualbox 4.0.14 Oracle VM Virtualbox 4.0.16 Oracle VM Virtualbox 4.0.18 Oracle VM Virtualbox 4.0.20 Oracle VM Virtualbox 4.0.22 Oracle VM Virtualbox 1.6 Oracle VM Virtualbox 1.6.0 Oracle VM Virtualbox 1.6.2 Oracle VM Virtualbox 1.6.4 Oracle VM Virtualbox 1.6.6 Oracle VM Virtualbox 2.0 Oracle VM Virtualbox 2.0.0 Oracle VM Virtualbox 2.0.2 Oracle VM Virtualbox 2.0.4 Oracle VM Virtualbox 2.0.6 Oracle VM Virtualbox 2.0.8 Oracle VM Virtualbox 2.0.10 Oracle VM Virtualbox 2.0.12 Oracle VM Virtualbox 2.1 Oracle VM Virtualbox 2.1.0 Oracle VM Virtualbox 2.1.2 Oracle VM Virtualbox 2.1.4 Oracle VM Virtualbox 2.2 Oracle VM Virtualbox 2.2.0 Oracle VM Virtualbox 2.2.2 Oracle VM Virtualbox 2.2.4 Oracle VM Virtualbox 3.0 Oracle VM Virtualbox 3.0.0 Oracle VM Virtualbox 3.0.2 Oracle VM Virtualbox 3.0.4 Oracle VM Virtualbox 3.0.6 Oracle VM Virtualbox 3.0.8 Oracle VM Virtualbox 3.0.10 Oracle VM Virtualbox 3.0.12 Oracle VM Virtualbox 3.0.14 Oracle VM Virtualbox 3.1 Oracle VM Virtualbox 3.1.0 Oracle VM Virtualbox 3.1.2 Oracle VM Virtualbox 3.1.4 Oracle VM Virtualbox 3.1.6 Oracle VM Virtualbox 3.1.8 Oracle VM Virtualbox 3.2 Oracle VM Virtualbox 3.2.0 Oracle VM Virtualbox 3.2.2 Oracle VM Virtualbox 3.2.4 Oracle VM Virtualbox 3.2.6 Oracle VM Virtualbox 3.2.8 Oracle VM Virtualbox 3.2.10 Oracle VM Virtualbox 3.2.12 Oracle VM Virtualbox 3.2.14 Oracle VM Virtualbox 3.2.16 Oracle VM Virtualbox 3.2.18 Oracle VM Virtualbox 3.2.20 Oracle VM Virtualbox 3.2.22 Oracle VM Virtualbox 3.2.24 Oracle VM Virtualbox 4.0.24 Oracle VM Virtualbox 4.3.0 Oracle VM Virtualbox 4.3.2 Oracle VM Virtualbox 4.3.4 Oracle VM Virtualbox 4.3.6 Oracle VM Virtualbox 4.3.8 Oracle VM Virtualbox 4.0.26 Oracle VM Virtualbox 4.0.31 Oracle VM Virtualbox 4.0.32 Oracle VM Virtualbox 4.0.34 Oracle VM Virtualbox 4.0.36 Oracle VM Virtualbox 4.1.0 Oracle VM Virtualbox 4.1.2 Oracle VM Virtualbox 4.1.4 Oracle VM Virtualbox 4.1.6 Oracle VM Virtualbox 4.1.8 Oracle VM Virtualbox 4.1.10 Oracle VM Virtualbox 4.1.12 Oracle VM Virtualbox 4.1.14 Oracle VM Virtualbox 4.1.16 Oracle VM Virtualbox 4.1.18 Oracle VM Virtualbox 4.1.20 Oracle VM Virtualbox 4.1.22 Oracle VM Virtualbox 4.1.24 Oracle VM Virtualbox 4.1.26 Oracle VM Virtualbox 4.1.28 Oracle VM Virtualbox 4.1.30 Oracle VM Virtualbox 4.1.32 Oracle VM Virtualbox 4.1.34 Oracle VM Virtualbox 4.1.39 Oracle VM Virtualbox 4.1.40 Oracle VM Virtualbox 4.1.42 Oracle VM Virtualbox 4.1.44 Oracle VM Virtualbox 4.2.0 Oracle VM Virtualbox 4.2.2 Oracle VM Virtualbox 4.2.4 Oracle VM Virtualbox 4.2.6 Oracle VM Virtualbox 4.2.8 Oracle VM Virtualbox 4.2.10 Oracle VM Virtualbox 4.2.12 Oracle VM Virtualbox 4.2.14 Oracle VM Virtualbox 4.2.16 Oracle VM Virtualbox 4.2.18 Oracle VM Virtualbox 4.2.20 Oracle VM Virtualbox 4.2.22 Oracle VM Virtualbox 4.2.24 Oracle VM Virtualbox 4.2.26 Oracle VM Virtualbox 4.2.28 Oracle VM Virtualbox 4.2.30 Oracle VM Virtualbox 4.2.31 Oracle VM Virtualbox 4.2.32 Oracle VM Virtualbox 4.2.34 Oracle VM Virtualbox 4.2.36 Oracle VM Virtualbox 4.3.10	117

Exploit-Db

description	VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation. CVE-2014-2477. Local exploit for windows platform
file	exploits/windows/local/34333.rb
id	EDB-ID:34333
last seen	2016-02-03
modified	2014-08-13
platform	windows
port
published	2014-08-13
reporter	metasploit
source	https://www.exploit-db.com/download/34333/
title	VirtualBox Guest Additions - VBoxGuest.sys Privilege Escalation
type	local

Metasploit

description	A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest Additions up to 4.3.10r93012.
id	MSF:EXPLOIT/WINDOWS/LOCAL/VIRTUAL_BOX_GUEST_ADDITIONS
last seen	2020-05-26
modified	2017-07-24
published	2014-08-12
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2477 https://www.korelogic.com/Resources/Advisories/KL-001-2014-001.txt
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/virtual_box_guest_additions.rb
title	VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation

Nessus

NASL family	Windows
NASL id	VIRTUALBOX_4_3_14.NASL
description	The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 or 4.3.14. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain elevated privileges. (CVE-2014-2487, CVE-2014-4261) - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to have an impact on integrity and availability. (CVE-2014-2486, CVE-2014-2477, CVE-2014-2489) - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain access to sensitive information. (CVE-2014-2488) - An unspecified flaw relating to the Graphics driver for Windows guests that may allow a local attacker to have an impact on confidentiality, integrity, and availability. (CVE-2014-4228)
last seen	2020-06-01
modified	2020-06-02
plugin id	76536
published	2014-07-16
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76536
title	Oracle VM VirtualBox < 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 Multiple Unspecified Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76536); script_version("1.10"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id( "CVE-2014-2477", "CVE-2014-2486", "CVE-2014-2487", "CVE-2014-2488", "CVE-2014-2489", "CVE-2014-4228", "CVE-2014-4261" ); script_bugtraq_id( 68584, 68588, 68601, 68610, 68613, 68618, 68621 ); script_name(english:"Oracle VM VirtualBox < 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 Multiple Unspecified Vulnerabilities"); script_summary(english:"Performs a version check on VirtualBox.exe."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by multiple unspecified vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 or 4.3.14. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain elevated privileges. (CVE-2014-2487, CVE-2014-4261) - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to have an impact on integrity and availability. (CVE-2014-2486, CVE-2014-2477, CVE-2014-2489) - An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain access to sensitive information. (CVE-2014-2488) - An unspecified flaw relating to the Graphics driver for Windows guests that may allow a local attacker to have an impact on confidentiality, integrity, and availability. (CVE-2014-4228)"); # https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixOVIR script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11e8e9a6"); script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog"); script_set_attribute(attribute:"solution", value: "Upgrade Oracle VM VirtualBox to 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:virtualization"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("virtualbox_installed.nasl"); script_require_keys("VirtualBox/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit('VirtualBox/Version'); path = get_kb_item_or_exit('SMB/VirtualBox/'+ver); # Note int(null) returns '0' ver_fields = split(ver, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); # Affected : # 3.2.x < 3.2.24 # 4.0.x < 4.0.26 # 4.1.x < 4.1.34 # 4.2.x < 4.2.26 # 4.3.x < 4.3.14 if (major == 3 && minor == 2 && rev < 24) fix = '3.2.24'; else if (major == 4 && minor == 0 && rev < 26) fix = '4.0.26'; else if (major == 4 && minor == 1 && rev < 34) fix = '4.1.34'; else if (major == 4 && minor == 2 && rev < 26) fix = '4.2.26'; else if (major == 4 && minor == 3 && rev < 14) fix = '4.3.14'; if (fix) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, 'Oracle VM VirtualBox', ver, path);

Packetstorm

data source	https://packetstormsecurity.com/files/download/127474/KL-001-2014-001.txt
id	PACKETSTORM:127474
last seen	2016-12-05
published	2014-07-15
reporter	Matthew Bergin
source	https://packetstormsecurity.com/files/127474/Oracle-VirtualBox-Guest-Additions-Arbitrary-Write-Privilege-Escalation.html
title	Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation

data source	https://packetstormsecurity.com/files/download/127849/virtual_box_guest_additions.rb.txt
id	PACKETSTORM:127849
last seen	2016-12-05
published	2014-08-12
reporter	Matt Bergin
source	https://packetstormsecurity.com/files/127849/VirtualBox-Guest-Additions-VBoxGuest.sys-Privilege-Escalation.html
title	VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation