Vulnerabilities > CVE-2017-3513 - Unspecified vulnerability in Oracle VM Virtualbox

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-534.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(99957);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-3513", "CVE-2017-3538", "CVE-2017-3558", "CVE-2017-3559", "CVE-2017-3561", "CVE-2017-3563", "CVE-2017-3575", "CVE-2017-3576", "CVE-2017-3587");

  script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2017-534)");
  script_summary(english:"Check for the openSUSE-2017-534 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update to virtualbox 5.0.40 fixes the following issues :

These security issues were fixed (bsc#1034854) :

  - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Difficult to exploit vulnerability allows high
    privileged attacker with logon to the infrastructure
    where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability
    can result in unauthorized read access to a subset of
    Oracle VM VirtualBox accessible data.

  - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Shared
    Folder). Difficult to exploit vulnerability allows low
    privileged attacker with logon to the infrastructure
    where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability
    can result in unauthorized creation, deletion or
    modification access to critical data or all Oracle VM
    VirtualBox accessible data as well as unauthorized
    access to critical data or complete access to all Oracle
    VM VirtualBox accessible data.

  - CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows unauthenticated
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox as well as unauthorized update, insert or
    delete access to some of Oracle VM VirtualBox accessible
    data and unauthorized read access to a subset of Oracle
    VM VirtualBox accessible data.

  - CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows low privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox as well as unauthorized update, insert or
    delete access to some of Oracle VM VirtualBox accessible
    data and unauthorized read access to a subset of Oracle
    VM VirtualBox accessible data.

  - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows low privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows low privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows high privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in unauthorized creation, deletion or
    modification access to critical data or all Oracle VM
    VirtualBox accessible data and unauthorized ability to
    cause a hang or frequently repeatable crash (complete
    DOS) of Oracle VM VirtualBox.

  - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows low privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Shared
    Folder). Easily exploitable vulnerability allows low
    privileged attacker with logon to the infrastructure
    where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability
    can result in unauthorized creation, deletion or
    modification access to critical data or all Oracle VM
    VirtualBox accessible data and unauthorized ability to
    cause a hang or frequently repeatable crash (complete
    DOS) of Oracle VM VirtualBox. These non-security issues
    were fixed :

  - Storage: fixed a potential hang under rare circumstances

  - Storage: fixed a potential crash under rare
    circumstances (asynchronous I/O disabled or during
    maintenance file operations like merging snapshots)

  - Storage: fixed a potential crash under rare
    circumstances (no asynchronous I/O or during maintenance
    file operations like merging snapshots)

  - Linux hosts: make the ALSA backend work again as well as
    Loading the GL libraries on certain hosts

  - GUI: don't crash on restoring defaults in the appliance
    import dialog"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034854"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected virtualbox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.1", reference:"python-virtualbox-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"python-virtualbox-debuginfo-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-debuginfo-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-debugsource-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-devel-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-desktop-icons-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-kmp-default-debuginfo-5.0.40_k4.1.39_53-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-tools-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-tools-debuginfo-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-x11-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-x11-debuginfo-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-host-kmp-default-debuginfo-5.0.40_k4.1.39_53-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-host-source-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-qt-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-qt-debuginfo-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-websrv-5.0.40-40.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-websrv-debuginfo-5.0.40-40.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99509);
  script_version("1.12");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id(
    "CVE-2017-3513",
    "CVE-2017-3558",
    "CVE-2017-3559",
    "CVE-2017-3561",
    "CVE-2017-3563",
    "CVE-2017-3575",
    "CVE-2017-3576",
    "CVE-2017-3587"
  );
  script_bugtraq_id(
    97698,
    97730,
    97732,
    97736,
    97739,
    97744,
    97750,
    97755,
    97759
  );

  script_name(english:"Oracle VM VirtualBox 5.0.x < 5.0.38 / 5.1.x < 5.1.20 (April 2017 CPU)");
  script_summary(english:"Performs a version check on VirtualBox.exe");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle VM VirtualBox installed on the remote host is
5.0.x prior to 5.0.38 or 5.1.x prior to 5.1.20. It is, therefore,
affected by multiple vulnerabilities :

  - An unspecified flaw exists in the Core component that
    allows a local attacker to disclose potentially
    sensitive information. (CVE-2017-3513)

  - A flaw exists in the Shared Folder component,
    specifically when cooperating guests access files
    within a shared folder while moving it. A local attacker
    within a guest can exploit this to read arbitrary files
    on the host. (CVE-2017-3538)

  - Multiple unspecified flaws exist in the Core component
    that allow a local attacker to impact confidentiality,
    integrity, and availability. (CVE-2017-3558,
    CVE-2017-3559, CVE-2017-3561, CVE-2017-3563,
    CVE-2017-3576)

  - An unspecified flaw exists in the Core component that
    allows a local attacker to impact integrity and
    availability. (CVE-2017-3575)

  - An unspecified flaw exists in the Shared Folder
    component that allows a local attacker to impact
    integrity and availability. (CVE-2017-3587)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?623d2c22");
  script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
  # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3681811.xml
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb4db3c7");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle VM VirtualBox version 5.0.38 / 5.1.20 or later as
referenced in the April 2017 Oracle Critical Patch Update advisory.

Note that vulnerability CVE-2017-3538 was fixed in versions 5.0.34 and
5.1.16.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3576");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("virtualbox_installed.nasl", "macosx_virtualbox_installed.nbin");
  script_require_ports("installed_sw/Oracle VM VirtualBox", "installed_sw/VirtualBox");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

app  = NULL;
apps = make_list('Oracle VM VirtualBox', 'VirtualBox');

foreach app (apps)
{
  if (get_install_count(app_name:app)) break;
  else app = NULL;
}

if (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');

install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);

ver  = install['version'];
path = install['path'];

# Affected :
# 5.0.x < 5.0.38 / 5.1.x < 5.1.20
if      (ver =~ '^5\\.0' && ver_compare(ver:ver, fix:'5.0.38', strict:FALSE) < 0) fix = '5.0.38';
else if (ver =~ '^5\\.1' && ver_compare(ver:ver, fix:'5.1.20', strict:FALSE) < 0) fix = '5.1.20';
else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);

port = 0;
if (app == 'Oracle VM VirtualBox')
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;
}

report =
  '\n  Path              : ' + path +
  '\n  Installed version : ' + ver +
  '\n  Fixed version     : ' + fix +
  '\n';
security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
exit(0);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-533.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(99956);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-3513", "CVE-2017-3538", "CVE-2017-3558", "CVE-2017-3559", "CVE-2017-3561", "CVE-2017-3563", "CVE-2017-3575", "CVE-2017-3576", "CVE-2017-3587");

  script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2017-533)");
  script_summary(english:"Check for the openSUSE-2017-533 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for virtualbox to version 5.1.22 fixes the following
issues :

These security issues were fixed (bsc#1034854) :

  - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows low privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows low privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows low privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Shared
    Folder). Easily exploitable vulnerability allows low
    privileged attacker with logon to the infrastructure
    where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability
    can result in unauthorized creation, deletion or
    modification access to critical data or all Oracle VM
    VirtualBox accessible data and unauthorized ability to
    cause a hang or frequently repeatable crash (complete
    DOS) of Oracle VM VirtualBox.

  - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows high privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in unauthorized creation, deletion or
    modification access to critical data or all Oracle VM
    VirtualBox accessible data and unauthorized ability to
    cause a hang or frequently repeatable crash (complete
    DOS) of Oracle VM VirtualBox.

  - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Shared
    Folder). Difficult to exploit vulnerability allows low
    privileged attacker with logon to the infrastructure
    where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability
    can result in unauthorized creation, deletion or
    modification access to critical data or all Oracle VM
    VirtualBox accessible data as well as unauthorized
    access to critical data or complete access to all Oracle
    VM VirtualBox accessible data.

  - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Difficult to exploit vulnerability allows high
    privileged attacker with logon to the infrastructure
    where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability
    can result in unauthorized read access to a subset of
    Oracle VM VirtualBox accessible data.

  - CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows unauthenticated
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox as well as unauthorized update, insert or
    delete access to some of Oracle VM VirtualBox accessible
    data and unauthorized read access to a subset of Oracle
    VM VirtualBox accessible data.

  - CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization (subcomponent: Core).
    Easily exploitable vulnerability allows low privileged
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox as well as unauthorized update, insert or
    delete access to some of Oracle VM VirtualBox accessible
    data and unauthorized read access to a subset of Oracle
    VM VirtualBox accessible data. These non-security issues
    were fixed :

  - GUI: don't check if the Extension Pack is up-to-date if
    the user is about to install a new Extension Pack 

  - GUI: fixed a possible crash when switching a
    multi-monitor VM into full-screen or seamless mode

  - GUI: several mini-toolbar fixes in full-screen /
    seamless mode 

  - GUI: don't crash on restoring defaults in the appliance
    import dialog

  - ICH9: fix for Windows guests with a huge amount (more
    than 64G) of guest memory

  - BIOS: fixed El Torito hard disk emulation geometry
    calculation 

  - VMM: fixed VERR_IEM_INSTR_NOT_IMPLEMENTED Guru
    Meditation under certain conditions

  - Storage: fixed a potential hang under rare circumstances

  - Storage: fixed a potential crash under rare
    circumstances (asynchronous I/O disabled or during
    maintenance file operations like merging snapshots)

  - Linux hosts: make the ALSA backend work again as well as
    loading the GL libraries on certain hosts

  - Linux Additions: fixed mount.vboxsf symlink problem"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034854"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected virtualbox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.2", reference:"python-virtualbox-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"python-virtualbox-debuginfo-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-debuginfo-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-debugsource-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-devel-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-desktop-icons-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-kmp-default-5.1.22_k4.4.57_18.3-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-kmp-default-debuginfo-5.1.22_k4.4.57_18.3-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-tools-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-tools-debuginfo-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-x11-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-x11-debuginfo-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-kmp-default-5.1.22_k4.4.57_18.3-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-kmp-default-debuginfo-5.1.22_k4.4.57_18.3-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-source-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-qt-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-qt-debuginfo-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-websrv-5.1.22-19.10.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-websrv-debuginfo-5.1.22-19.10.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc");
}