Vulnerabilities > CVE-2015-0377 - Local Security vulnerability in Oracle VM VirtualBox

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE

Summary

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.

Vulnerable Configurations

Part Description Count
Application
Oracle
59
OS
Debian
1
OS
Opensuse
2

Nessus

  • NASL familyWindows
    NASL idORACLE_VIRTUALBOX_JAN_2015_CPU.NASL
    descriptionThe remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore, affected by multiple vulnerabilities in the following subcomponents : - Core - OpenSSL - VMSVGA device
    last seen2020-06-01
    modified2020-06-02
    plugin id80915
    published2015-01-22
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80915
    titleOracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80915);
      script_version("1.10");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2010-5298",
        "CVE-2014-0076",
        "CVE-2014-0195",
        "CVE-2014-0198",
        "CVE-2014-0221",
        "CVE-2014-0224",
        "CVE-2014-3470",
        "CVE-2014-6588",
        "CVE-2014-6589",
        "CVE-2014-6590",
        "CVE-2014-6595",
        "CVE-2015-0377",
        "CVE-2015-0418",
        "CVE-2015-0427"
      );
      script_bugtraq_id(
        66363,
        66801,
        67193,
        67898,
        67899,
        67900,
        67901,
        72194,
        72196,
        72202,
        72206,
        72213,
        72216,
        72219
      );
      script_xref(name:"CERT", value:"978508");
    
      script_name(english:"Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)");
      script_summary(english:"Performs a version check on VirtualBox.exe.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host has an application installed that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host contains a version of Oracle VM VirtualBox that is
    prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore,
    affected by multiple vulnerabilities in the following subcomponents :
      
      - Core
      - OpenSSL
      - VMSVGA device");
      # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75c6cafb");
      script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
      script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt");
      script_set_attribute(attribute:"solution", value:
    "Upgrade Oracle VM VirtualBox to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 /
    4.3.20 or later as referenced in the January 2015 Oracle Critical
    Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0195");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("virtualbox_installed.nasl");
      script_require_keys("installed_sw/Oracle VM VirtualBox");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    app = 'Oracle VM VirtualBox';
    
    install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
    
    ver = install['version'];
    path = install['path'];
    
    # Note int(null) returns '0'
    ver_fields = split(ver, sep:'.', keep:FALSE);
    major = int(ver_fields[0]);
    minor = int(ver_fields[1]);
    rev = int(ver_fields[2]);
    
    fix = '';
    
    # Affected :
    # 3.2.x < 3.2.26
    # 4.0.x < 4.0.28
    # 4.1.x < 4.1.36
    # 4.2.x < 4.2.28
    # 4.3.x < 4.3.20
    if (major == 3 && minor == 2 && rev < 26) fix = '3.2.26';
    else if (major == 4 && minor == 0 && rev < 28) fix = '4.0.28';
    else if (major == 4 && minor == 1 && rev < 36) fix = '4.1.36';
    else if (major == 4 && minor == 2 && rev < 28) fix = '4.2.28';
    else if (major == 4 && minor == 3 && rev < 20) fix = '4.3.20';
    else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);
    
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    if (report_verbosity > 0)
    {
      report =
        '\n  Path              : ' + path +
        '\n  Installed version : ' + ver +
        '\n  Fixed version     : ' + fix +
        '\n';
      security_warning(port:port, extra:report);
    }
    else security_warning(port);
    
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201612-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id95695
    published2016-12-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95695
    titleGLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201612-27.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95695);
      script_version("3.3");
      script_cvs_date("Date: 2019/04/11 17:23:06");
    
      script_cve_id("CVE-2014-0981", "CVE-2014-0983", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6595", "CVE-2015-0377", "CVE-2015-0418", "CVE-2015-0427", "CVE-2015-3456", "CVE-2016-5608", "CVE-2016-5610", "CVE-2016-5611", "CVE-2016-5613");
      script_xref(name:"GLSA", value:"201612-27");
    
      script_name(english:"GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201612-27
    (VirtualBox: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in VirtualBox. Please
          review the CVE identifiers referenced below for details.
      
    Impact :
    
        Local attackers could cause a Denial of Service condition, execute
          arbitrary code, or escalate their privileges.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201612-27"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All VirtualBox users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-4.3.28'
        All VirtualBox-bin users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-emulation/virtualbox-bin-4.3.28'"
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'VirtualBox 3D Acceleration Virtual Machine Escape');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/11");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-emulation/virtualbox", unaffected:make_list("ge 4.3.28"), vulnerable:make_list("lt 4.3.28"))) flag++;
    if (qpkg_check(package:"app-emulation/virtualbox-bin", unaffected:make_list("ge 4.3.28"), vulnerable:make_list("lt 4.3.28"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VirtualBox");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3143.NASL
    descriptionTwo vulnerabilities have been discovered in VirtualBox, a x86 virtualisation solution, which might result in denial of service.
    last seen2020-03-17
    modified2015-01-29
    plugin id81056
    published2015-01-29
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81056
    titleDebian DSA-3143-1 : virtualbox - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-116.NASL
    descriptionvirtualbox was updated to version 4.2.28 to fix eight security issues. These security issues were fixed : - OpenSSL fixes for VirtualBox (CVE-2014-0224) - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447). For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2
    last seen2020-06-05
    modified2015-02-09
    plugin id81242
    published2015-02-09
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81242
    titleopenSUSE Security Update : virtualbox (openSUSE-2015-116)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-268.NASL
    descriptionThree vulnerabilities have been fixed in the Debian squeeze-lts version of VirtualBox (package name: virtualbox-ose), a x86 virtualisation solution. CVE-2015-0377 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0418). CVE-2015-0418 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0377). CVE-2015-3456 The Floppy Disk Controller (FDC) in QEMU, also used in VirtualBox and other virtualization products, allowed local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-07-07
    plugin id84551
    published2015-07-07
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84551
    titleDebian DLA-268-1 : virtualbox-ose security update (Venom)