Vulnerabilities > CVE-2016-3597 - Unspecified vulnerability in Oracle VM Virtualbox
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core.
Vulnerable Configurations
Nessus
NASL family Misc. NASL id VIRTUALBOX_5_0_26.NASL description The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.26. It is, therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to cause a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 92459 published 2016-07-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92459 title Oracle VM VirtualBox < 5.0.26 Core Subcomponent DoS (July 2016 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(92459); script_version("1.8"); script_cvs_date("Date: 2019/11/14"); script_cve_id("CVE-2016-3597"); script_name(english:"Oracle VM VirtualBox < 5.0.26 Core Subcomponent DoS (July 2016 CPU)"); script_summary(english:"Performs a version check on VirtualBox.exe."); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote host is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The Oracle VM VirtualBox application installed on the remote host is a version prior to 5.0.26. It is, therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to cause a denial of service condition."); # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?453b5f8c"); script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle VM VirtualBox version 5.0.26 or later as referenced in the July 2016 Oracle Critical Patch Update advisory."); script_set_attribute(attribute:"agent", value:"all"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3597"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/19"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("virtualbox_installed.nasl", "macosx_virtualbox_installed.nbin"); script_require_ports("installed_sw/Oracle VM VirtualBox", "installed_sw/VirtualBox"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = NULL; apps = make_list('Oracle VM VirtualBox', 'VirtualBox'); foreach app (apps) { if (get_install_count(app_name:app)) break; else app = NULL; } if (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox'); install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); ver = install['version']; path = install['path']; # Affected : # 5.0.x < 5.0.26 if (ver =~ '^5\\.0' && ver_compare(ver:ver, fix:'5.0.26', strict:FALSE) < 0) fix = '5.0.26'; else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path); port = 0; if (app == 'Oracle VM VirtualBox') { port = get_kb_item("SMB/transport"); if (!port) port = 445; } report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, extra:report, severity:SECURITY_NOTE); exit(0);
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1087.NASL description Virtualbox was updated to 5.0.26 to fix the following issues : This update fixes various security issues. - CVE-2016-3612: An unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allowed remote attackers to affect confidentiality via vectors related to Core. (boo#990369). - CVE-2016-3597: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core. (bsc#990370) - Update the host <-> guest KMP conflict dependencies to no longer refer to the old name (boo#983927). This is a maintenance release. The following items were fixed and/or added : - VMM: fixed a bug in the task switching code (ticket #15571) - GUI: allow to overwrite an existing file when saving a log file (bug #8034) - GUI: fixed screenshot if the VM is started in separate mode - Audio: improved recording from USB headsets and other sources which might need conversion of captured data - Audio: fixed regression of not having any audio available on Solaris hosts - VGA: fixed an occasional hang when running Windows guests with 3D enabled - Storage: fixed a possible endless reconnect loop for the iSCSI backend if connecting to the target succeeds but further I/O requests cause a disconnect - Storage: fixed a bug when resizing certain VDI images which resulted in using the whole disk on the host (bug #15582) - EFI: fixed access to devices attached to SATA port 2 and higher (bug #15607) - API: fixed video recording with VBoxHeadless (bug #15443) - API: don last seen 2020-06-05 modified 2016-09-20 plugin id 93596 published 2016-09-20 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93596 title openSUSE Security Update : virtualbox (openSUSE-2016-1087)
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91864
- http://www.securityfocus.com/bid/91864
- http://www.securitytracker.com/id/1036384
- http://www.securitytracker.com/id/1036384