Vulnerabilities > CVE-2017-3563 - Improper Certificate Validation vulnerability in Oracle VM Virtualbox

047910
CVSS 8.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
oracle
CWE-295
nessus
exploit available

Summary

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .

Exploit-Db

descriptionVirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation. CVE-2017-3563. Local exploit for Windows platform
fileexploits/windows_x86-64/local/41908.txt
idEDB-ID:41908
last seen2017-04-20
modified2017-04-20
platformwindows_x86-64
port
published2017-04-20
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/41908/
titleVirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation
typelocal

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-534.NASL
    descriptionThis update to virtualbox 5.0.40 fixes the following issues : These security issues were fixed (bsc#1034854) : - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. - CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. These non-security issues were fixed : - Storage: fixed a potential hang under rare circumstances - Storage: fixed a potential crash under rare circumstances (asynchronous I/O disabled or during maintenance file operations like merging snapshots) - Storage: fixed a potential crash under rare circumstances (no asynchronous I/O or during maintenance file operations like merging snapshots) - Linux hosts: make the ALSA backend work again as well as Loading the GL libraries on certain hosts - GUI: don
    last seen2020-06-05
    modified2017-05-03
    plugin id99957
    published2017-05-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99957
    titleopenSUSE Security Update : virtualbox (openSUSE-2017-534)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-534.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99957);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-3513", "CVE-2017-3538", "CVE-2017-3558", "CVE-2017-3559", "CVE-2017-3561", "CVE-2017-3563", "CVE-2017-3575", "CVE-2017-3576", "CVE-2017-3587");
    
      script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2017-534)");
      script_summary(english:"Check for the openSUSE-2017-534 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update to virtualbox 5.0.40 fixes the following issues :
    
    These security issues were fixed (bsc#1034854) :
    
      - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Difficult to exploit vulnerability allows high
        privileged attacker with logon to the infrastructure
        where Oracle VM VirtualBox executes to compromise Oracle
        VM VirtualBox. Successful attacks of this vulnerability
        can result in unauthorized read access to a subset of
        Oracle VM VirtualBox accessible data.
    
      - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Shared
        Folder). Difficult to exploit vulnerability allows low
        privileged attacker with logon to the infrastructure
        where Oracle VM VirtualBox executes to compromise Oracle
        VM VirtualBox. Successful attacks of this vulnerability
        can result in unauthorized creation, deletion or
        modification access to critical data or all Oracle VM
        VirtualBox accessible data as well as unauthorized
        access to critical data or complete access to all Oracle
        VM VirtualBox accessible data.
    
      - CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows unauthenticated
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of Oracle VM
        VirtualBox as well as unauthorized update, insert or
        delete access to some of Oracle VM VirtualBox accessible
        data and unauthorized read access to a subset of Oracle
        VM VirtualBox accessible data.
    
      - CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows low privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of Oracle VM
        VirtualBox as well as unauthorized update, insert or
        delete access to some of Oracle VM VirtualBox accessible
        data and unauthorized read access to a subset of Oracle
        VM VirtualBox accessible data.
    
      - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows low privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in takeover of Oracle VM VirtualBox.
    
      - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows low privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in takeover of Oracle VM VirtualBox.
    
      - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows high privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in unauthorized creation, deletion or
        modification access to critical data or all Oracle VM
        VirtualBox accessible data and unauthorized ability to
        cause a hang or frequently repeatable crash (complete
        DOS) of Oracle VM VirtualBox.
    
      - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows low privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in takeover of Oracle VM VirtualBox.
    
      - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Shared
        Folder). Easily exploitable vulnerability allows low
        privileged attacker with logon to the infrastructure
        where Oracle VM VirtualBox executes to compromise Oracle
        VM VirtualBox. Successful attacks of this vulnerability
        can result in unauthorized creation, deletion or
        modification access to critical data or all Oracle VM
        VirtualBox accessible data and unauthorized ability to
        cause a hang or frequently repeatable crash (complete
        DOS) of Oracle VM VirtualBox. These non-security issues
        were fixed :
    
      - Storage: fixed a potential hang under rare circumstances
    
      - Storage: fixed a potential crash under rare
        circumstances (asynchronous I/O disabled or during
        maintenance file operations like merging snapshots)
    
      - Storage: fixed a potential crash under rare
        circumstances (no asynchronous I/O or during maintenance
        file operations like merging snapshots)
    
      - Linux hosts: make the ALSA backend work again as well as
        Loading the GL libraries on certain hosts
    
      - GUI: don't crash on restoring defaults in the appliance
        import dialog"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034854"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected virtualbox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"python-virtualbox-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"python-virtualbox-debuginfo-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-debuginfo-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-debugsource-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-devel-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-desktop-icons-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-kmp-default-debuginfo-5.0.40_k4.1.39_53-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-tools-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-tools-debuginfo-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-x11-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-guest-x11-debuginfo-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-host-kmp-default-debuginfo-5.0.40_k4.1.39_53-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-host-source-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-qt-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-qt-debuginfo-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-websrv-5.0.40-40.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"virtualbox-websrv-debuginfo-5.0.40-40.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc");
    }
    
  • NASL familyMisc.
    NASL idVIRTUALBOX_5_1_20.NASL
    descriptionThe version of Oracle VM VirtualBox installed on the remote host is 5.0.x prior to 5.0.38 or 5.1.x prior to 5.1.20. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Core component that allows a local attacker to disclose potentially sensitive information. (CVE-2017-3513) - A flaw exists in the Shared Folder component, specifically when cooperating guests access files within a shared folder while moving it. A local attacker within a guest can exploit this to read arbitrary files on the host. (CVE-2017-3538) - Multiple unspecified flaws exist in the Core component that allow a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-3558, CVE-2017-3559, CVE-2017-3561, CVE-2017-3563, CVE-2017-3576) - An unspecified flaw exists in the Core component that allows a local attacker to impact integrity and availability. (CVE-2017-3575) - An unspecified flaw exists in the Shared Folder component that allows a local attacker to impact integrity and availability. (CVE-2017-3587) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id99509
    published2017-04-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99509
    titleOracle VM VirtualBox 5.0.x < 5.0.38 / 5.1.x < 5.1.20 (April 2017 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99509);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2017-3513",
        "CVE-2017-3558",
        "CVE-2017-3559",
        "CVE-2017-3561",
        "CVE-2017-3563",
        "CVE-2017-3575",
        "CVE-2017-3576",
        "CVE-2017-3587"
      );
      script_bugtraq_id(
        97698,
        97730,
        97732,
        97736,
        97739,
        97744,
        97750,
        97755,
        97759
      );
    
      script_name(english:"Oracle VM VirtualBox 5.0.x < 5.0.38 / 5.1.x < 5.1.20 (April 2017 CPU)");
      script_summary(english:"Performs a version check on VirtualBox.exe");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle VM VirtualBox installed on the remote host is
    5.0.x prior to 5.0.38 or 5.1.x prior to 5.1.20. It is, therefore,
    affected by multiple vulnerabilities :
    
      - An unspecified flaw exists in the Core component that
        allows a local attacker to disclose potentially
        sensitive information. (CVE-2017-3513)
    
      - A flaw exists in the Shared Folder component,
        specifically when cooperating guests access files
        within a shared folder while moving it. A local attacker
        within a guest can exploit this to read arbitrary files
        on the host. (CVE-2017-3538)
    
      - Multiple unspecified flaws exist in the Core component
        that allow a local attacker to impact confidentiality,
        integrity, and availability. (CVE-2017-3558,
        CVE-2017-3559, CVE-2017-3561, CVE-2017-3563,
        CVE-2017-3576)
    
      - An unspecified flaw exists in the Core component that
        allows a local attacker to impact integrity and
        availability. (CVE-2017-3575)
    
      - An unspecified flaw exists in the Shared Folder
        component that allows a local attacker to impact
        integrity and availability. (CVE-2017-3587)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?623d2c22");
      script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
      # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3681811.xml
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb4db3c7");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Oracle VM VirtualBox version 5.0.38 / 5.1.20 or later as
    referenced in the April 2017 Oracle Critical Patch Update advisory.
    
    Note that vulnerability CVE-2017-3538 was fixed in versions 5.0.34 and
    5.1.16.");
      script_set_attribute(attribute:"agent", value:"all");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3576");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/20");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("virtualbox_installed.nasl", "macosx_virtualbox_installed.nbin");
      script_require_ports("installed_sw/Oracle VM VirtualBox", "installed_sw/VirtualBox");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    app  = NULL;
    apps = make_list('Oracle VM VirtualBox', 'VirtualBox');
    
    foreach app (apps)
    {
      if (get_install_count(app_name:app)) break;
      else app = NULL;
    }
    
    if (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');
    
    install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
    
    ver  = install['version'];
    path = install['path'];
    
    # Affected :
    # 5.0.x < 5.0.38 / 5.1.x < 5.1.20
    if      (ver =~ '^5\\.0' && ver_compare(ver:ver, fix:'5.0.38', strict:FALSE) < 0) fix = '5.0.38';
    else if (ver =~ '^5\\.1' && ver_compare(ver:ver, fix:'5.1.20', strict:FALSE) < 0) fix = '5.1.20';
    else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);
    
    port = 0;
    if (app == 'Oracle VM VirtualBox')
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    }
    
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + ver +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
    exit(0);
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-533.NASL
    descriptionThis update for virtualbox to version 5.1.22 fixes the following issues : These security issues were fixed (bsc#1034854) : - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. These non-security issues were fixed : - GUI: don
    last seen2020-06-05
    modified2017-05-03
    plugin id99956
    published2017-05-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99956
    titleopenSUSE Security Update : virtualbox (openSUSE-2017-533)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-533.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99956);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-3513", "CVE-2017-3538", "CVE-2017-3558", "CVE-2017-3559", "CVE-2017-3561", "CVE-2017-3563", "CVE-2017-3575", "CVE-2017-3576", "CVE-2017-3587");
    
      script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2017-533)");
      script_summary(english:"Check for the openSUSE-2017-533 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for virtualbox to version 5.1.22 fixes the following
    issues :
    
    These security issues were fixed (bsc#1034854) :
    
      - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows low privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in takeover of Oracle VM VirtualBox.
    
      - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows low privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in takeover of Oracle VM VirtualBox.
    
      - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows low privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in takeover of Oracle VM VirtualBox.
    
      - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Shared
        Folder). Easily exploitable vulnerability allows low
        privileged attacker with logon to the infrastructure
        where Oracle VM VirtualBox executes to compromise Oracle
        VM VirtualBox. Successful attacks of this vulnerability
        can result in unauthorized creation, deletion or
        modification access to critical data or all Oracle VM
        VirtualBox accessible data and unauthorized ability to
        cause a hang or frequently repeatable crash (complete
        DOS) of Oracle VM VirtualBox.
    
      - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows high privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in unauthorized creation, deletion or
        modification access to critical data or all Oracle VM
        VirtualBox accessible data and unauthorized ability to
        cause a hang or frequently repeatable crash (complete
        DOS) of Oracle VM VirtualBox.
    
      - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Shared
        Folder). Difficult to exploit vulnerability allows low
        privileged attacker with logon to the infrastructure
        where Oracle VM VirtualBox executes to compromise Oracle
        VM VirtualBox. Successful attacks of this vulnerability
        can result in unauthorized creation, deletion or
        modification access to critical data or all Oracle VM
        VirtualBox accessible data as well as unauthorized
        access to critical data or complete access to all Oracle
        VM VirtualBox accessible data.
    
      - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Difficult to exploit vulnerability allows high
        privileged attacker with logon to the infrastructure
        where Oracle VM VirtualBox executes to compromise Oracle
        VM VirtualBox. Successful attacks of this vulnerability
        can result in unauthorized read access to a subset of
        Oracle VM VirtualBox accessible data.
    
      - CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows unauthenticated
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of Oracle VM
        VirtualBox as well as unauthorized update, insert or
        delete access to some of Oracle VM VirtualBox accessible
        data and unauthorized read access to a subset of Oracle
        VM VirtualBox accessible data.
    
      - CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox
        component of Oracle Virtualization (subcomponent: Core).
        Easily exploitable vulnerability allows low privileged
        attacker with logon to the infrastructure where Oracle
        VM VirtualBox executes to compromise Oracle VM
        VirtualBox. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a hang or
        frequently repeatable crash (complete DOS) of Oracle VM
        VirtualBox as well as unauthorized update, insert or
        delete access to some of Oracle VM VirtualBox accessible
        data and unauthorized read access to a subset of Oracle
        VM VirtualBox accessible data. These non-security issues
        were fixed :
    
      - GUI: don't check if the Extension Pack is up-to-date if
        the user is about to install a new Extension Pack 
    
      - GUI: fixed a possible crash when switching a
        multi-monitor VM into full-screen or seamless mode
    
      - GUI: several mini-toolbar fixes in full-screen /
        seamless mode 
    
      - GUI: don't crash on restoring defaults in the appliance
        import dialog
    
      - ICH9: fix for Windows guests with a huge amount (more
        than 64G) of guest memory
    
      - BIOS: fixed El Torito hard disk emulation geometry
        calculation 
    
      - VMM: fixed VERR_IEM_INSTR_NOT_IMPLEMENTED Guru
        Meditation under certain conditions
    
      - Storage: fixed a potential hang under rare circumstances
    
      - Storage: fixed a potential crash under rare
        circumstances (asynchronous I/O disabled or during
        maintenance file operations like merging snapshots)
    
      - Linux hosts: make the ALSA backend work again as well as
        loading the GL libraries on certain hosts
    
      - Linux Additions: fixed mount.vboxsf symlink problem"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034854"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected virtualbox packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"python-virtualbox-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"python-virtualbox-debuginfo-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-debuginfo-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-debugsource-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-devel-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-desktop-icons-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-kmp-default-5.1.22_k4.4.57_18.3-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-kmp-default-debuginfo-5.1.22_k4.4.57_18.3-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-tools-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-tools-debuginfo-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-x11-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-guest-x11-debuginfo-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-kmp-default-5.1.22_k4.4.57_18.3-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-kmp-default-debuginfo-5.1.22_k4.4.57_18.3-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-host-source-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-qt-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-qt-debuginfo-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-websrv-5.1.22-19.10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"virtualbox-websrv-debuginfo-5.1.22-19.10.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc");
    }