Vulnerabilities > CVE-2014-6589
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.
Vulnerable Configurations
Nessus
NASL family Windows NASL id ORACLE_VIRTUALBOX_JAN_2015_CPU.NASL description The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore, affected by multiple vulnerabilities in the following subcomponents : - Core - OpenSSL - VMSVGA device last seen 2020-06-01 modified 2020-06-02 plugin id 80915 published 2015-01-22 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80915 title Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80915); script_version("1.10"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2010-5298", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6595", "CVE-2015-0377", "CVE-2015-0418", "CVE-2015-0427" ); script_bugtraq_id( 66363, 66801, 67193, 67898, 67899, 67900, 67901, 72194, 72196, 72202, 72206, 72213, 72216, 72219 ); script_xref(name:"CERT", value:"978508"); script_name(english:"Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)"); script_summary(english:"Performs a version check on VirtualBox.exe."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore, affected by multiple vulnerabilities in the following subcomponents : - Core - OpenSSL - VMSVGA device"); # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75c6cafb"); script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt"); script_set_attribute(attribute:"solution", value: "Upgrade Oracle VM VirtualBox to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 or later as referenced in the January 2015 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0195"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("virtualbox_installed.nasl"); script_require_keys("installed_sw/Oracle VM VirtualBox"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = 'Oracle VM VirtualBox'; install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); ver = install['version']; path = install['path']; # Note int(null) returns '0' ver_fields = split(ver, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); fix = ''; # Affected : # 3.2.x < 3.2.26 # 4.0.x < 4.0.28 # 4.1.x < 4.1.36 # 4.2.x < 4.2.28 # 4.3.x < 4.3.20 if (major == 3 && minor == 2 && rev < 26) fix = '3.2.26'; else if (major == 4 && minor == 0 && rev < 28) fix = '4.0.28'; else if (major == 4 && minor == 1 && rev < 36) fix = '4.1.36'; else if (major == 4 && minor == 2 && rev < 28) fix = '4.2.28'; else if (major == 4 && minor == 3 && rev < 20) fix = '4.3.20'; else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path); port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201612-27.NASL description The remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 95695 published 2016-12-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95695 title GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201612-27. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(95695); script_version("3.3"); script_cvs_date("Date: 2019/04/11 17:23:06"); script_cve_id("CVE-2014-0981", "CVE-2014-0983", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6595", "CVE-2015-0377", "CVE-2015-0418", "CVE-2015-0427", "CVE-2015-3456", "CVE-2016-5608", "CVE-2016-5610", "CVE-2016-5611", "CVE-2016-5613"); script_xref(name:"GLSA", value:"201612-27"); script_name(english:"GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201612-27" ); script_set_attribute( attribute:"solution", value: "All VirtualBox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-4.3.28' All VirtualBox-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-bin-4.3.28'" ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'VirtualBox 3D Acceleration Virtual Machine Escape'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/11"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/virtualbox", unaffected:make_list("ge 4.3.28"), vulnerable:make_list("lt 4.3.28"))) flag++; if (qpkg_check(package:"app-emulation/virtualbox-bin", unaffected:make_list("ge 4.3.28"), vulnerable:make_list("lt 4.3.28"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VirtualBox"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-116.NASL description virtualbox was updated to version 4.2.28 to fix eight security issues. These security issues were fixed : - OpenSSL fixes for VirtualBox (CVE-2014-0224) - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447). For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2 last seen 2020-06-05 modified 2015-02-09 plugin id 81242 published 2015-02-09 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81242 title openSUSE Security Update : virtualbox (openSUSE-2015-116) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-116. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(81242); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-0224", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6595", "CVE-2015-0377", "CVE-2015-0418", "CVE-2015-0427"); script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2015-116)"); script_summary(english:"Check for the openSUSE-2015-116 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "virtualbox was updated to version 4.2.28 to fix eight security issues. These security issues were fixed : - OpenSSL fixes for VirtualBox (CVE-2014-0224) - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447). For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=914447" ); script_set_attribute( attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog-4.2" ); script_set_attribute( attribute:"solution", value:"Update the affected virtualbox packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-debuginfo-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debuginfo-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debugsource-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-devel-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-debuginfo-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-debuginfo-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-debuginfo-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-debuginfo-4.2.28-2.25.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"python-virtualbox-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"python-virtualbox-debuginfo-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-debuginfo-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-debugsource-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-devel-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-desktop-icons-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-default-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-default-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-desktop-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-pae-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-pae-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-tools-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-tools-debuginfo-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-x11-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-x11-debuginfo-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-default-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-default-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-desktop-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-desktop-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-pae-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-pae-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-qt-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-qt-debuginfo-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-websrv-4.3.20-7.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-websrv-debuginfo-4.3.20-7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc"); }
References
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- https://security.gentoo.org/glsa/201612-27
- https://security.gentoo.org/glsa/201612-27