Vulnerabilities > CVE-2014-6540 - Local Security vulnerability in Oracle VM VirtualBox

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

oracle

nessus

NVD

Published: 2014-10-15

Updated: 2014-11-19

Summary

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver (WDDM) for Windows guests.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle VM Virtualbox 4.2.0 Oracle VM Virtualbox 4.2.2 Oracle VM Virtualbox 4.2.4 Oracle VM Virtualbox 4.2.6 Oracle VM Virtualbox 4.2.8 Oracle VM Virtualbox 4.2.10 Oracle VM Virtualbox 4.2.12 Oracle VM Virtualbox 4.2.14 Oracle VM Virtualbox 4.2.16 Oracle VM Virtualbox 4.2.18 Oracle VM Virtualbox 4.2.20 Oracle VM Virtualbox 4.2.22 Oracle VM Virtualbox 1.6 Oracle VM Virtualbox 1.6.0 Oracle VM Virtualbox 1.6.2 Oracle VM Virtualbox 1.6.4 Oracle VM Virtualbox 1.6.6 Oracle VM Virtualbox 2.0 Oracle VM Virtualbox 2.0.0 Oracle VM Virtualbox 2.0.2 Oracle VM Virtualbox 2.0.4 Oracle VM Virtualbox 2.0.6 Oracle VM Virtualbox 2.0.8 Oracle VM Virtualbox 2.0.10 Oracle VM Virtualbox 2.0.12 Oracle VM Virtualbox 2.1 Oracle VM Virtualbox 2.1.0 Oracle VM Virtualbox 2.1.2 Oracle VM Virtualbox 2.1.4 Oracle VM Virtualbox 2.2 Oracle VM Virtualbox 2.2.0 Oracle VM Virtualbox 2.2.2 Oracle VM Virtualbox 2.2.4 Oracle VM Virtualbox 3.0 Oracle VM Virtualbox 3.0.0 Oracle VM Virtualbox 3.0.2 Oracle VM Virtualbox 3.0.4 Oracle VM Virtualbox 3.0.6 Oracle VM Virtualbox 3.0.8 Oracle VM Virtualbox 3.0.10 Oracle VM Virtualbox 3.0.12 Oracle VM Virtualbox 3.0.14 Oracle VM Virtualbox 3.1 Oracle VM Virtualbox 3.1.0 Oracle VM Virtualbox 3.1.2 Oracle VM Virtualbox 3.1.4 Oracle VM Virtualbox 3.1.6 Oracle VM Virtualbox 3.1.8 Oracle VM Virtualbox 3.2 Oracle VM Virtualbox 3.2.0 Oracle VM Virtualbox 3.2.2 Oracle VM Virtualbox 3.2.4 Oracle VM Virtualbox 3.2.6 Oracle VM Virtualbox 3.2.8 Oracle VM Virtualbox 3.2.10 Oracle VM Virtualbox 3.2.12 Oracle VM Virtualbox 3.2.14 Oracle VM Virtualbox 3.2.16 Oracle VM Virtualbox 3.2.18 Oracle VM Virtualbox 3.2.20 Oracle VM Virtualbox 3.2.22 Oracle VM Virtualbox 3.2.24 Oracle VM Virtualbox 4.0 Oracle VM Virtualbox 4.0.0 Oracle VM Virtualbox 4.0.2 Oracle VM Virtualbox 4.0.4 Oracle VM Virtualbox 4.0.6 Oracle VM Virtualbox 4.0.8 Oracle VM Virtualbox 4.0.10 Oracle VM Virtualbox 4.0.12 Oracle VM Virtualbox 4.0.14 Oracle VM Virtualbox 4.0.16 Oracle VM Virtualbox 4.0.18 Oracle VM Virtualbox 4.0.20 Oracle VM Virtualbox 4.0.22 Oracle VM Virtualbox 4.0.24 Oracle VM Virtualbox 4.0.26 Oracle VM Virtualbox 4.0.31 Oracle VM Virtualbox 4.0.32 Oracle VM Virtualbox 4.0.34 Oracle VM Virtualbox 4.0.36 Oracle VM Virtualbox 4.1.0 Oracle VM Virtualbox 4.1.2 Oracle VM Virtualbox 4.1.4 Oracle VM Virtualbox 4.1.6 Oracle VM Virtualbox 4.1.8 Oracle VM Virtualbox 4.1.10 Oracle VM Virtualbox 4.1.12 Oracle VM Virtualbox 4.1.14 Oracle VM Virtualbox 4.1.16 Oracle VM Virtualbox 4.1.18 Oracle VM Virtualbox 4.1.20 Oracle VM Virtualbox 4.1.22 Oracle VM Virtualbox 4.1.24 Oracle VM Virtualbox 4.1.26 Oracle VM Virtualbox 4.1.28 Oracle VM Virtualbox 4.1.30 Oracle VM Virtualbox 4.1.32 Oracle VM Virtualbox 4.1.34 Oracle VM Virtualbox 4.1.39 Oracle VM Virtualbox 4.1.40 Oracle VM Virtualbox 4.1.42 Oracle VM Virtualbox 4.1.44 Oracle VM Virtualbox 4.2.24 Oracle VM Virtualbox 4.3.0 Oracle VM Virtualbox 4.3.2 Oracle VM Virtualbox 4.3.4 Oracle VM Virtualbox 4.3.6 Oracle VM Virtualbox 4.3.8 Oracle VM Virtualbox 4.3.10 Oracle VM Virtualbox 4.2.26 Oracle VM Virtualbox 4.2.28 Oracle VM Virtualbox 4.2.30 Oracle VM Virtualbox 4.2.31 Oracle VM Virtualbox 4.2.32 Oracle VM Virtualbox 4.2.34 Oracle VM Virtualbox 4.2.36 Oracle VM Virtualbox 4.3.12	118

Nessus

NASL family	Windows
NASL id	VIRTUALBOX_OCT_2014_CPU.NASL
description	The remote host contains a version of Oracle VM VirtualBox that is prior to 4.1.34, 4.2.x prior to 4.2.26, or 4.3.x prior to 4.3.14. It is, therefore, affected by a denial of service vulnerability in the Windows guests graphic driver (WDDM).
last seen	2020-06-01
modified	2020-06-02
plugin id	78549
published	2014-10-17
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78549
title	Oracle VM VirtualBox < 4.1.34 / 4.2.26 / 4.3.14 WDDM DoS (October 2014 CPU)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(78549); script_version("1.3"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2014-6540"); script_bugtraq_id(70493); script_name(english:"Oracle VM VirtualBox < 4.1.34 / 4.2.26 / 4.3.14 WDDM DoS (October 2014 CPU)"); script_summary(english:"Performs a version check on VirtualBox.exe."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The remote host contains a version of Oracle VM VirtualBox that is prior to 4.1.34, 4.2.x prior to 4.2.26, or 4.3.x prior to 4.3.14. It is, therefore, affected by a denial of service vulnerability in the Windows guests graphic driver (WDDM)."); # https://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ada40cc"); script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog"); script_set_attribute(attribute:"solution", value: "Upgrade Oracle VM VirtualBox to 4.1.34 / 4.2.26 / 4.3.14 or later as referenced in the October 2014 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("virtualbox_installed.nasl"); script_require_keys("installed_sw/Oracle VM VirtualBox"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = 'Oracle VM VirtualBox'; install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); ver = install['version']; path = install['path']; # Note int(null) returns '0' ver_fields = split(ver, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); fix = ''; # Affected : # x.x.x < 4.1.34 # 4.2.x < 4.2.26 # 4.3.x < 4.3.14 if ((major < 4) \|\| (major == 4 && minor == 1 && rev < 34)) fix = '4.1.34'; else if (major == 4 && minor == 2 && rev < 26) fix = '4.2.26'; else if (major == 4 && minor == 3 && rev < 14) fix = '4.3.14'; else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path); port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_note(port:port, extra:report); } else security_note(port);

Summary

Vulnerable Configurations

Nessus

References