Vulnerabilities > CVE-2016-5538 - Unspecified vulnerability in Oracle VM Virtualbox 5.0.27/5.1.7

047910
CVSS 6.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
oracle
nessus

Summary

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-141.NASL
    descriptionThis update for virtualbox fixes the following issues : - The version has been updated from 5.1.8 to 5.1.12. Upstream fixed various functional and security issues. - Multiple security issues have been fixed that could cause DoS and possibly privilege escalation (CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608 ,CVE-2016-5610, CVE-2016-5611,CVE-2016-561313, boo#1005621) - A security warning regarding USB passthru has been added. It will be shown only the first time virtualbox is started. (bnc#1018340) - Reverted a previously introduced user interface scaling change, because it caused problems (https://forums.opensuse.org/showthread.php/521520-Virtu alBox-interface-scaling, bsc#1014694)
    last seen2020-06-05
    modified2017-01-25
    plugin id96750
    published2017-01-25
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96750
    titleopenSUSE Security Update : virtualbox (openSUSE-2017-141)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-141.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96750);
      script_version("3.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5501", "CVE-2016-5538", "CVE-2016-5605", "CVE-2016-5608", "CVE-2016-5610", "CVE-2016-5611", "CVE-2016-561313");
    
      script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2017-141)");
      script_summary(english:"Check for the openSUSE-2017-141 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for virtualbox fixes the following issues :
    
      - The version has been updated from 5.1.8 to 5.1.12.
        Upstream fixed various functional and security issues.
    
      - Multiple security issues have been fixed that could
        cause DoS and possibly privilege escalation
        (CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608
        ,CVE-2016-5610, CVE-2016-5611,CVE-2016-561313,
        boo#1005621)
    
      - A security warning regarding USB passthru has been
        added. It will be shown only the first time virtualbox
        is started. (bnc#1018340)
    
      - Reverted a previously introduced user interface scaling
        change, because it caused problems
        (https://forums.opensuse.org/showthread.php/521520-Virtu
        alBox-interface-scaling, bsc#1014694)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005621"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1014694"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1018340"
      );
      # https://forums.opensuse.org/showthread.php/521520-VirtualBox-interface-scaling,
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6c5e689a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected virtualbox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"python-virtualbox-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"python-virtualbox-debuginfo-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-debuginfo-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-debugsource-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-devel-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-desktop-icons-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-kmp-default-debuginfo-5.1.12_k4.4.36_8-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-tools-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-tools-debuginfo-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-x11-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-x11-debuginfo-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-kmp-default-debuginfo-5.1.12_k4.4.36_8-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-source-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-qt-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-qt-debuginfo-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-websrv-5.1.12-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-websrv-debuginfo-5.1.12-6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc");
    }
    
  • NASL familyMisc.
    NASL idVIRTUALBOX_5_1_8.NASL
    descriptionThe version of the Oracle VM VirtualBox application installed on the remote host is 5.0.x prior to 5.0.28 or 5.1.x prior to 5.1.8. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws exist in the Core subcomponent that allow a local attacker to gain elevated privileges. (CVE-2016-5501, CVE-2016-5538) - An unspecified flaw exists in the VirtualBox Remote Desktop Extension (VRDE) subcomponent that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-5605) - Multiple unspecified flaws exist in the Core subcomponent that allow a local attacker to cause a denial of service condition. (CVE-2016-5608, CVE-2016-5613) - An unspecified flaw exists in the Core subcomponent that allows a local attacker to impact on integrity and availability. (CVE-2016-5610) - An unspecified flaw exists in the Core subcomponent that allows a local attacker to disclose sensitive information. (CVE-2016-5611) - A flaw exists in the OpenSSL subcomponent, specifically within the ssl_parse_clienthello_tlsext() function in t1_lib.c due, to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition. (CVE-2016-6304)
    last seen2020-06-01
    modified2020-06-02
    plugin id94168
    published2016-10-20
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94168
    titleOracle VM VirtualBox 5.0.x < 5.0.28 / 5.1.x < 5.1.8 Multiple Vulnerabilities (October 2016 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94168);
      script_version("1.11");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id(
        "CVE-2016-5501",
        "CVE-2016-5538",
        "CVE-2016-5605",
        "CVE-2016-5608",
        "CVE-2016-5610",
        "CVE-2016-5611",
        "CVE-2016-5613",
        "CVE-2016-6304"
      );
      script_bugtraq_id(
        93150,
        93685,
        93687,
        93697,
        93711,
        93718,
        93728,
        93744
      );
    
      script_name(english:"Oracle VM VirtualBox 5.0.x < 5.0.28 / 5.1.x < 5.1.8 Multiple Vulnerabilities (October 2016 CPU)");
      script_summary(english:"Performs a version check on VirtualBox.exe.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of the Oracle VM VirtualBox application installed on the
    remote host is 5.0.x prior to 5.0.28 or 5.1.x prior to 5.1.8. It is,
    therefore, affected by multiple vulnerabilities :
    
      - Multiple unspecified flaws exist in the Core
        subcomponent that allow a local attacker to gain
        elevated privileges. (CVE-2016-5501, CVE-2016-5538)
    
      - An unspecified flaw exists in the VirtualBox Remote
        Desktop Extension (VRDE) subcomponent that allows an
        unauthenticated, remote attacker to impact
        confidentiality and integrity. (CVE-2016-5605)
    
      - Multiple unspecified flaws exist in the Core
        subcomponent that allow a local attacker to cause a
        denial of service condition. (CVE-2016-5608,
        CVE-2016-5613)
    
      - An unspecified flaw exists in the Core subcomponent that
        allows a local attacker to impact on integrity and
        availability. (CVE-2016-5610)
    
      - An unspecified flaw exists in the Core subcomponent that
        allows a local attacker to disclose sensitive
        information. (CVE-2016-5611)
    
      - A flaw exists in the OpenSSL subcomponent, specifically
        within the ssl_parse_clienthello_tlsext() function in
        t1_lib.c due, to improper handling of overly large OCSP
        Status Request extensions from clients. An
        unauthenticated, remote attacker can exploit this, via
        large OCSP Status Request extensions, to exhaust memory
        resources, resulting in a denial of service condition.
        (CVE-2016-6304)");
      # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bac902d5");
      script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle VM VirtualBox version 5.0.28 / 5.1.8 or later as
    referenced in the October 2016 Oracle Critical Patch Update advisory.");
      script_set_attribute(attribute:"agent", value:"all");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5538");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/20");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("virtualbox_installed.nasl", "macosx_virtualbox_installed.nbin");
      script_require_ports("installed_sw/Oracle VM VirtualBox", "installed_sw/VirtualBox");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    app  = NULL;
    apps = make_list('Oracle VM VirtualBox', 'VirtualBox');
    
    foreach app (apps)
    {
      if (get_install_count(app_name:app)) break;
      else app = NULL;
    }
    
    if (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');
    
    install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
    
    ver  = install['version'];
    path = install['path'];
    
    # Affected :
    # 5.0.x < 5.0.28 / 5.1.x < 5.1.8
    if  (ver =~ '^5\\.0' && ver_compare(ver:ver, fix:'5.0.26', strict:FALSE) < 0) fix = '5.0.26';
    else if  (ver =~ '^5\\.1' && ver_compare(ver:ver, fix:'5.1.8', strict:FALSE) < 0) fix = '5.1.8';
    else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);
    
    port = 0;
    if (app == 'Oracle VM VirtualBox')
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    }
    
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + ver +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
    exit(0);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1226.NASL
    descriptionThis update for virtualbox fixes the following issues : - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 (boo#1005621). - Reduce memory needs during build. - Version bump to 5.0.28 (released 2016-10-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: NAT: Don
    last seen2020-06-05
    modified2016-10-27
    plugin id94302
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94302
    titleopenSUSE Security Update : virtualbox (openSUSE-2016-1226)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1366.NASL
    descriptionThis update for virtualbox fixes the following issues : - Fixes CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608, CVE-2016-5610,CVE-2016-5611,CVE-2016-5613 (bsc#1005621) - Add patch to limit number of simultaneous make jobs. - Version bump to 5.1.8 (released 2016-10-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI: fixed keyboard shortcut handling regressions (Mac OS X hosts only; bugs #15937 and #15938) GUI: fixed keyboard handling regression for separate UI (Windows hosts only; bugs #15928) NAT: don
    last seen2020-06-05
    modified2016-11-29
    plugin id95378
    published2016-11-29
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95378
    titleopenSUSE Security Update : virtualbox (openSUSE-2016-1366)