Vulnerabilities > CVE-2015-0418 - Local Security vulnerability in Oracle VM VirtualBox
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.
Vulnerable Configurations
Nessus
NASL family Windows NASL id ORACLE_VIRTUALBOX_JAN_2015_CPU.NASL description The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore, affected by multiple vulnerabilities in the following subcomponents : - Core - OpenSSL - VMSVGA device last seen 2020-06-01 modified 2020-06-02 plugin id 80915 published 2015-01-22 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80915 title Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80915); script_version("1.10"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2010-5298", "CVE-2014-0076", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6595", "CVE-2015-0377", "CVE-2015-0418", "CVE-2015-0427" ); script_bugtraq_id( 66363, 66801, 67193, 67898, 67899, 67900, 67901, 72194, 72196, 72202, 72206, 72213, 72216, 72219 ); script_xref(name:"CERT", value:"978508"); script_name(english:"Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU)"); script_summary(english:"Performs a version check on VirtualBox.exe."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20. It is, therefore, affected by multiple vulnerabilities in the following subcomponents : - Core - OpenSSL - VMSVGA device"); # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75c6cafb"); script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20140605.txt"); script_set_attribute(attribute:"solution", value: "Upgrade Oracle VM VirtualBox to 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 or later as referenced in the January 2015 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0195"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("virtualbox_installed.nasl"); script_require_keys("installed_sw/Oracle VM VirtualBox"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = 'Oracle VM VirtualBox'; install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); ver = install['version']; path = install['path']; # Note int(null) returns '0' ver_fields = split(ver, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); fix = ''; # Affected : # 3.2.x < 3.2.26 # 4.0.x < 4.0.28 # 4.1.x < 4.1.36 # 4.2.x < 4.2.28 # 4.3.x < 4.3.20 if (major == 3 && minor == 2 && rev < 26) fix = '3.2.26'; else if (major == 4 && minor == 0 && rev < 28) fix = '4.0.28'; else if (major == 4 && minor == 1 && rev < 36) fix = '4.1.36'; else if (major == 4 && minor == 2 && rev < 28) fix = '4.2.28'; else if (major == 4 && minor == 3 && rev < 20) fix = '4.3.20'; else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path); port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201612-27.NASL description The remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 95695 published 2016-12-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95695 title GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201612-27. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(95695); script_version("3.3"); script_cvs_date("Date: 2019/04/11 17:23:06"); script_cve_id("CVE-2014-0981", "CVE-2014-0983", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6595", "CVE-2015-0377", "CVE-2015-0418", "CVE-2015-0427", "CVE-2015-3456", "CVE-2016-5608", "CVE-2016-5610", "CVE-2016-5611", "CVE-2016-5613"); script_xref(name:"GLSA", value:"201612-27"); script_name(english:"GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201612-27" ); script_set_attribute( attribute:"solution", value: "All VirtualBox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-4.3.28' All VirtualBox-bin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-bin-4.3.28'" ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'VirtualBox 3D Acceleration Virtual Machine Escape'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/11"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-emulation/virtualbox", unaffected:make_list("ge 4.3.28"), vulnerable:make_list("lt 4.3.28"))) flag++; if (qpkg_check(package:"app-emulation/virtualbox-bin", unaffected:make_list("ge 4.3.28"), vulnerable:make_list("lt 4.3.28"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VirtualBox"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3143.NASL description Two vulnerabilities have been discovered in VirtualBox, a x86 virtualisation solution, which might result in denial of service. last seen 2020-03-17 modified 2015-01-29 plugin id 81056 published 2015-01-29 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81056 title Debian DSA-3143-1 : virtualbox - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-116.NASL description virtualbox was updated to version 4.2.28 to fix eight security issues. These security issues were fixed : - OpenSSL fixes for VirtualBox (CVE-2014-0224) - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447). - Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447). For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2 last seen 2020-06-05 modified 2015-02-09 plugin id 81242 published 2015-02-09 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81242 title openSUSE Security Update : virtualbox (openSUSE-2015-116) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-268.NASL description Three vulnerabilities have been fixed in the Debian squeeze-lts version of VirtualBox (package name: virtualbox-ose), a x86 virtualisation solution. CVE-2015-0377 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0418). CVE-2015-0418 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0377). CVE-2015-3456 The Floppy Disk Controller (FDC) in QEMU, also used in VirtualBox and other virtualization products, allowed local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-07-07 plugin id 84551 published 2015-07-07 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84551 title Debian DLA-268-1 : virtualbox-ose security update (Venom)
References
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
- http://secunia.com/advisories/62694
- http://www.debian.org/security/2015/dsa-3143
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.securityfocus.com/bid/72194
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100182
- https://security.gentoo.org/glsa/201612-27