Vulnerabilities > CVE-2014-6589 - Local Oracle Security vulnerability in Oracle VM VirtualBox

047910
CVSS 3.2 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
opensuse
oracle
nessus

Summary

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.

Vulnerable Configurations

Part Description Count
OS
Opensuse
2
Application
Oracle
121

Nessus

  • NASL familyWindows
    NASL idORACLE_VIRTUALBOX_JAN_2015_CPU.NASL
    descriptionThe remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore, affected by multiple vulnerabilities in the following subcomponents : - Core - OpenSSL - VMSVGA device
    last seen2020-06-01
    modified2020-06-02
    plugin id80915
    published2015-01-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80915
    titleOracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80915);
      script_version("1.10");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2010-5298",
        "CVE-2014-0076",
        "CVE-2014-0195",
        "CVE-2014-0198",
        "CVE-2014-0221",
        "CVE-2014-0224",
        "CVE-2014-3470",
        "CVE-2014-6588",
        "CVE-2014-6589",
        "CVE-2014-6590",
        "CVE-2014-6595",
        "CVE-2015-0377",
        "CVE-2015-0418",
        "CVE-2015-0427"
      );
      script_bugtraq_id(
        66363,
        66801,
        67193,
        67898,
        67899,
        67900,
        67901,
        72194,
        72196,
        72202,
        72206,
        72213,
        72216,
        72219
      );
      script_xref(name:"CERT", value:"978508");
    
      script_name(english:"Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)");
      script_summary(english:"Performs a version check on VirtualBox.exe.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host has an application installed that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host contains a version of Oracle VM VirtualBox that is
    prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore,
    affected by multiple vulnerabilities in the following subcomponents :
      
      - Core
      - OpenSSL
      - VMSVGA device");
      # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75c6cafb");
      script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt");
      script_set_attribute(attribute:"solution", value:
    "Upgrade Oracle VM VirtualBox to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 /
    4.3.20 or later as referenced in the January 2015 Oracle Critical
    Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0195");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("virtualbox_installed.nasl");
      script_require_keys("installed_sw/Oracle VM VirtualBox");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    app = 'Oracle VM VirtualBox';
    
    install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
    
    ver = install['version'];
    path = install['path'];
    
    # Note int(null) returns '0'
    ver_fields = split(ver, sep:'.', keep:FALSE);
    major = int(ver_fields[0]);
    minor = int(ver_fields[1]);
    rev = int(ver_fields[2]);
    
    fix = '';
    
    # Affected :
    # 3.2.x < 3.2.26
    # 4.0.x < 4.0.28
    # 4.1.x < 4.1.36
    # 4.2.x < 4.2.28
    # 4.3.x < 4.3.20
    if (major == 3 && minor == 2 && rev < 26) fix = '3.2.26';
    else if (major == 4 && minor == 0 && rev < 28) fix = '4.0.28';
    else if (major == 4 && minor == 1 && rev < 36) fix = '4.1.36';
    else if (major == 4 && minor == 2 && rev < 28) fix = '4.2.28';
    else if (major == 4 && minor == 3 && rev < 20) fix = '4.3.20';
    else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);
    
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    if (report_verbosity > 0)
    {
      report =
        '\n  Path              : ' + path +
        '\n  Installed version : ' + ver +
        '\n  Fixed version     : ' + fix +
        '\n';
      security_warning(port:port, extra:report);
    }
    else security_warning(port);
    
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201612-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id95695
    published2016-12-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95695
    titleGLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201612-27.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95695);
      script_version("3.3");
      script_cvs_date("Date: 2019/04/11 17:23:06");
    
      script_cve_id("CVE-2014-0981", "CVE-2014-0983", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6595", "CVE-2015-0377", "CVE-2015-0418", "CVE-2015-0427", "CVE-2015-3456", "CVE-2016-5608", "CVE-2016-5610", "CVE-2016-5611", "CVE-2016-5613");
      script_xref(name:"GLSA", value:"201612-27");
    
      script_name(english:"GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201612-27
    (VirtualBox: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in VirtualBox. Please
          review the CVE identifiers referenced below for details.
      
    Impact :
    
        Local attackers could cause a Denial of Service condition, execute
          arbitrary code, or escalate their privileges.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201612-27"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All VirtualBox users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-4.3.28'
        All VirtualBox-bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/virtualbox-bin-4.3.28'"
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'VirtualBox 3D Acceleration Virtual Machine Escape');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/11");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-emulation/virtualbox", unaffected:make_list("ge 4.3.28"), vulnerable:make_list("lt 4.3.28"))) flag++;
    if (qpkg_check(package:"app-emulation/virtualbox-bin", unaffected:make_list("ge 4.3.28"), vulnerable:make_list("lt 4.3.28"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VirtualBox");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-116.NASL
    descriptionvirtualbox was updated to version 4.2.28 to fix eight security issues. These security issues were fixed : - OpenSSL fixes for VirtualBox (CVE-2014-0224) - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447). For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2
    last seen2020-06-05
    modified2015-02-09
    plugin id81242
    published2015-02-09
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81242
    titleopenSUSE Security Update : virtualbox (openSUSE-2015-116)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-116.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81242);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-0224", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6595", "CVE-2015-0377", "CVE-2015-0418", "CVE-2015-0427");
    
      script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2015-116)");
      script_summary(english:"Check for the openSUSE-2015-116 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "virtualbox was updated to version 4.2.28 to fix eight security issues.
    
    These security issues were fixed :
    
      - OpenSSL fixes for VirtualBox (CVE-2014-0224)
    
      - Unspecified vulnerability in the Oracle VM VirtualBox
        prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local
        users to affect availability via unknown vectors related
        to Core, a different vulnerability than CVE-2015-0418
        (CVE-2015-0377, bnc#914447).
    
      - Unspecified vulnerability in the Oracle VM VirtualBox
        before 4.3.20 allows local users to affect integrity and
        availability via vectors related to VMSVGA virtual
        graphics device, a different vulnerability than
        CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and
        CVE-2015-0427 (CVE-2014-6595, bnc#914447).
    
      - Unspecified vulnerability in the Oracle VM VirtualBox
        before 4.3.20 allows local users to affect integrity and
        availability via vectors related to VMSVGA virtual
        graphics device, a different vulnerability than
        CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and
        CVE-2015-0427 (CVE-2014-6588, bnc#914447).
    
      - Unspecified vulnerability in the Oracle VM VirtualBox
        before 4.3.20 allows local users to affect integrity and
        availability via vectors related to VMSVGA virtual
        graphics device, a different vulnerability than
        CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and
        CVE-2015-0427 (CVE-2014-6589, bnc#914447).
    
      - Unspecified vulnerability in the Oracle VM VirtualBox
        before 4.3.20 allows local users to affect integrity and
        availability via vectors related to VMSVGA virtual
        graphics device, a different vulnerability than
        CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and
        CVE-2015-0427 (CVE-2014-6590, bnc#914447).
    
      - Unspecified vulnerability in the Oracle VM VirtualBox
        prior to 4.3.20 allows local users to affect integrity
        and availability via vectors related to VMSVGA virtual
        graphics device, a different vulnerability than
        CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and
        CVE-2014-6595 (CVE-2015-0427, bnc#914447).
    
      - Unspecified vulnerability in the Oracle VM VirtualBox
        prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local
        users to affect availability via unknown vectors related
        to Core, a different vulnerability than CVE-2015-0377
        (CVE-2015-0418, bnc#914447).
    
    For the full changelog please read
    https://www.virtualbox.org/wiki/Changelog-4.2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=914447"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.virtualbox.org/wiki/Changelog-4.2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected virtualbox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-debuginfo-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debuginfo-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debugsource-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-devel-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-debuginfo-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-debuginfo-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-debuginfo-4.2.28_k3.11.10_25-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-debuginfo-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-debuginfo-4.2.28-2.25.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"python-virtualbox-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"python-virtualbox-debuginfo-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-debuginfo-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-debugsource-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-devel-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-desktop-icons-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-default-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-default-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-desktop-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-pae-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-pae-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-tools-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-tools-debuginfo-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-x11-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-x11-debuginfo-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-default-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-default-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-desktop-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-desktop-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-pae-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-pae-debuginfo-4.3.20_k3.16.7_7-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-qt-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-qt-debuginfo-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-websrv-4.3.20-7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-websrv-debuginfo-4.3.20-7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc");
    }