Vulnerabilities > CVE-2016-5501 - Local Security vulnerability in Oracle VM VirtualBox
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-141.NASL description This update for virtualbox fixes the following issues : - The version has been updated from 5.1.8 to 5.1.12. Upstream fixed various functional and security issues. - Multiple security issues have been fixed that could cause DoS and possibly privilege escalation (CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608 ,CVE-2016-5610, CVE-2016-5611,CVE-2016-561313, boo#1005621) - A security warning regarding USB passthru has been added. It will be shown only the first time virtualbox is started. (bnc#1018340) - Reverted a previously introduced user interface scaling change, because it caused problems (https://forums.opensuse.org/showthread.php/521520-Virtu alBox-interface-scaling, bsc#1014694) last seen 2020-06-05 modified 2017-01-25 plugin id 96750 published 2017-01-25 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96750 title openSUSE Security Update : virtualbox (openSUSE-2017-141) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-141. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(96750); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-5501", "CVE-2016-5538", "CVE-2016-5605", "CVE-2016-5608", "CVE-2016-5610", "CVE-2016-5611", "CVE-2016-561313"); script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2017-141)"); script_summary(english:"Check for the openSUSE-2017-141 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for virtualbox fixes the following issues : - The version has been updated from 5.1.8 to 5.1.12. Upstream fixed various functional and security issues. - Multiple security issues have been fixed that could cause DoS and possibly privilege escalation (CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608 ,CVE-2016-5610, CVE-2016-5611,CVE-2016-561313, boo#1005621) - A security warning regarding USB passthru has been added. It will be shown only the first time virtualbox is started. (bnc#1018340) - Reverted a previously introduced user interface scaling change, because it caused problems (https://forums.opensuse.org/showthread.php/521520-Virtu alBox-interface-scaling, bsc#1014694)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005621" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1014694" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1018340" ); # https://forums.opensuse.org/showthread.php/521520-VirtualBox-interface-scaling, script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6c5e689a" ); script_set_attribute( attribute:"solution", value:"Update the affected virtualbox packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"python-virtualbox-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"python-virtualbox-debuginfo-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-debuginfo-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-debugsource-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-devel-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-desktop-icons-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-kmp-default-debuginfo-5.1.12_k4.4.36_8-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-tools-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-tools-debuginfo-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-x11-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-x11-debuginfo-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-kmp-default-debuginfo-5.1.12_k4.4.36_8-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-source-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-qt-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-qt-debuginfo-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-websrv-5.1.12-6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-websrv-debuginfo-5.1.12-6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc"); }NASL family Misc. NASL id VIRTUALBOX_5_1_8.NASL description The version of the Oracle VM VirtualBox application installed on the remote host is 5.0.x prior to 5.0.28 or 5.1.x prior to 5.1.8. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the Core subcomponent that allow a local attacker to gain elevated privileges. (CVE-2016-5501, CVE-2016-5538) - An unspecified flaw exists in the VirtualBox Remote Desktop Extension (VRDE) subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5605) - Multiple unspecified flaws exist in the Core subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-5608, CVE-2016-5613) - An unspecified flaw exists in the Core subcomponent that allows a local attacker to impact on integrity and availability. (CVE-2016-5610) - An unspecified flaw exists in the Core subcomponent that allows a local attacker to disclose sensitive information. (CVE-2016-5611) - A flaw exists in the OpenSSL subcomponent, specifically within the ssl_parse_clienthello_tlsext() function in t1_lib.c due, to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition. (CVE-2016-6304) last seen 2020-06-01 modified 2020-06-02 plugin id 94168 published 2016-10-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94168 title Oracle VM VirtualBox 5.0.x < 5.0.28 / 5.1.x < 5.1.8 Multiple Vulnerabilities (October 2016 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(94168); script_version("1.11"); script_cvs_date("Date: 2019/11/14"); script_cve_id( "CVE-2016-5501", "CVE-2016-5538", "CVE-2016-5605", "CVE-2016-5608", "CVE-2016-5610", "CVE-2016-5611", "CVE-2016-5613", "CVE-2016-6304" ); script_bugtraq_id( 93150, 93685, 93687, 93697, 93711, 93718, 93728, 93744 ); script_name(english:"Oracle VM VirtualBox 5.0.x < 5.0.28 / 5.1.x < 5.1.8 Multiple Vulnerabilities (October 2016 CPU)"); script_summary(english:"Performs a version check on VirtualBox.exe."); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of the Oracle VM VirtualBox application installed on the remote host is 5.0.x prior to 5.0.28 or 5.1.x prior to 5.1.8. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the Core subcomponent that allow a local attacker to gain elevated privileges. (CVE-2016-5501, CVE-2016-5538) - An unspecified flaw exists in the VirtualBox Remote Desktop Extension (VRDE) subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5605) - Multiple unspecified flaws exist in the Core subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-5608, CVE-2016-5613) - An unspecified flaw exists in the Core subcomponent that allows a local attacker to impact on integrity and availability. (CVE-2016-5610) - An unspecified flaw exists in the Core subcomponent that allows a local attacker to disclose sensitive information. (CVE-2016-5611) - A flaw exists in the OpenSSL subcomponent, specifically within the ssl_parse_clienthello_tlsext() function in t1_lib.c due, to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition. (CVE-2016-6304)"); # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5"); script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle VM VirtualBox version 5.0.28 / 5.1.8 or later as referenced in the October 2016 Oracle Critical Patch Update advisory."); script_set_attribute(attribute:"agent", value:"all"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5538"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/22"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("virtualbox_installed.nasl", "macosx_virtualbox_installed.nbin"); script_require_ports("installed_sw/Oracle VM VirtualBox", "installed_sw/VirtualBox"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = NULL; apps = make_list('Oracle VM VirtualBox', 'VirtualBox'); foreach app (apps) { if (get_install_count(app_name:app)) break; else app = NULL; } if (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox'); install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); ver = install['version']; path = install['path']; # Affected : # 5.0.x < 5.0.28 / 5.1.x < 5.1.8 if (ver =~ '^5\\.0' && ver_compare(ver:ver, fix:'5.0.26', strict:FALSE) < 0) fix = '5.0.26'; else if (ver =~ '^5\\.1' && ver_compare(ver:ver, fix:'5.1.8', strict:FALSE) < 0) fix = '5.1.8'; else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path); port = 0; if (app == 'Oracle VM VirtualBox') { port = get_kb_item("SMB/transport"); if (!port) port = 445; } report = '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, extra:report, severity:SECURITY_HOLE); exit(0);NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1226.NASL description This update for virtualbox fixes the following issues : - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 (boo#1005621). - Reduce memory needs during build. - Version bump to 5.0.28 (released 2016-10-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: NAT: Don last seen 2020-06-05 modified 2016-10-27 plugin id 94302 published 2016-10-27 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94302 title openSUSE Security Update : virtualbox (openSUSE-2016-1226) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1366.NASL description This update for virtualbox fixes the following issues : - Fixes CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608, CVE-2016-5610,CVE-2016-5611,CVE-2016-5613 (bsc#1005621) - Add patch to limit number of simultaneous make jobs. - Version bump to 5.1.8 (released 2016-10-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI: fixed keyboard shortcut handling regressions (Mac OS X hosts only; bugs #15937 and #15938) GUI: fixed keyboard handling regression for separate UI (Windows hosts only; bugs #15928) NAT: don last seen 2020-06-05 modified 2016-11-29 plugin id 95378 published 2016-11-29 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95378 title openSUSE Security Update : virtualbox (openSUSE-2016-1366)