Vulnerabilities > CVE-2018-3005 - Unspecified vulnerability in Oracle VM Virtualbox

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-586.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(123254);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/30");

  script_cve_id("CVE-2018-3005", "CVE-2018-3055", "CVE-2018-3085", "CVE-2018-3086", "CVE-2018-3087", "CVE-2018-3088", "CVE-2018-3089", "CVE-2018-3090", "CVE-2018-3091");

  script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2019-586)");
  script_summary(english:"Check for the openSUSE-2019-586 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for virtualbox to version 5.2.16 fixes the following
issues :

The following security vulnerabilities were fixed (boo#1101667) :

  - CVE-2018-3005: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks of
    this vulnerability can result in unauthorized ability to
    cause a partial denial of service (partial DOS) of
    Oracle VM VirtualBox.

  - CVE-2018-3055: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox and unauthorized read access to a subset of
    Oracle VM VirtualBox accessible data.

  - CVE-2018-3085: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in unauthorized creation, deletion or
    modification access to critical data or all Oracle VM
    VirtualBox accessible data as well as unauthorized read
    access to a subset of Oracle VM VirtualBox accessible
    data and unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox.

  - CVE-2018-3086: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3087: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3088: Fixed an easily exploitable vulnerability
    allows unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3089: Fixed an easily exploitable vulnerability
    allows unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3090: Fixed an easily exploitable vulnerability
    allows unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3091: Fixed an easily exploitable vulnerability
    allows unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in unauthorized access to critical data or
    complete access to all Oracle VM VirtualBox accessible
    data.

The following bugs were fixed :

  - OVF: case insensitive comparison of manifest attribute
    values, to improve compatibility"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101667"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected virtualbox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-vnc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"python3-virtualbox-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"python3-virtualbox-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-debugsource-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-devel-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-desktop-icons-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-kmp-default-5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-kmp-default-debuginfo-5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-source-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-tools-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-tools-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-x11-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-x11-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-kmp-default-5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-kmp-default-debuginfo-5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-source-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-qt-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-qt-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-vnc-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-websrv-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-websrv-debuginfo-5.2.16-lp150.4.9.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(111208);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/05");

  script_cve_id(
    "CVE-2018-3005",
    "CVE-2018-3055",
    "CVE-2018-3085",
    "CVE-2018-3086",
    "CVE-2018-3087",
    "CVE-2018-3088",
    "CVE-2018-3089",
    "CVE-2018-3090",
    "CVE-2018-3091"
  );
  script_bugtraq_id(
    103144,
    103518,
    104207,
    104764
  );

  script_name(english:"Oracle VM VirtualBox < 5.2.16 Multiple Vulnerabilities (July 2018 CPU)");
  script_summary(english:"Performs a version check on VirtualBox.exe");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle VM VirtualBox running on the remote host is
5.2.x prior to 5.2.16. It is, therefore, affected by multiple
vulnerabilities as noted in the April 2018 Critical Patch Update
advisory : 

  - An unspecified vulnerability in the Oracle VM VirtualBox
    component of Oracle Virtualization in the Core
    subcomponent could allow an unauthenticated, remote
    attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM
    VirtualBox. (CVE-2018-3005, CVE-2018-3085, CVE-2018-3086
    CVE-2018-3087, CVE-2018-3088, CVE-2018-3089,
    CVE-2018-3090, CVE-2018-3091, CVE-2018-3055)

Please consult the CVRF details for the applicable CVEs for
additional information.

Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  # https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixOVIR
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4c9a415");
  script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle VM VirtualBox version 5.2.16 or later as
referenced in the July 2018 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3085");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"agent", value:"all");


  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("virtualbox_installed.nasl", "macosx_virtualbox_installed.nbin");
  script_require_ports("installed_sw/Oracle VM VirtualBox", "installed_sw/VirtualBox");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

app  = NULL;
apps = make_list('Oracle VM VirtualBox', 'VirtualBox');

foreach app (apps)
{
  if (get_install_count(app_name:app)) break;
  else app = NULL;
}

if (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');

install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);

ver  = install['version'];
path = install['path'];

# Affected :
# 5.2.x < 5.2.16
if (ver =~ '^5\\.2' && ver_compare(ver:ver, fix:'5.2.16', strict:FALSE) < 0) fix = '5.2.16';
else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);

port = 0;
if (app == 'Oracle VM VirtualBox')
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;
}

report =
  '\n  Path              : ' + path +
  '\n  Installed version : ' + ver +
  '\n  Fixed version     : ' + fix +
  '\n';
security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
exit(0);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-938.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(112143);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-5715", "CVE-2018-0739", "CVE-2018-2676", "CVE-2018-2685", "CVE-2018-2686", "CVE-2018-2687", "CVE-2018-2688", "CVE-2018-2689", "CVE-2018-2690", "CVE-2018-2693", "CVE-2018-2694", "CVE-2018-2698", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860", "CVE-2018-3005", "CVE-2018-3055", "CVE-2018-3085", "CVE-2018-3086", "CVE-2018-3087", "CVE-2018-3088", "CVE-2018-3089", "CVE-2018-3090", "CVE-2018-3091");

  script_name(english:"openSUSE Security Update : kbuild / virtualbox (openSUSE-2018-938) (Spectre)");
  script_summary(english:"Check for the openSUSE-2018-938 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for kbuild, virtualbox fixes the following issues :

kbuild changes :

  - Update to version 0.1.9998svn3110

  - Do not assume glibc glob internals

  - Support GLIBC glob interface version 2

  - Fix build failure (boo#1079838)

  - Fix build with GCC7 (boo#1039375)

  - Fix build by disabling vboxvideo_drv.so

virtualbox security fixes (boo#1101667, boo#1076372) :

  - CVE-2018-3005

  - CVE-2018-3055

  - CVE-2018-3085

  - CVE-2018-3086

  - CVE-2018-3087

  - CVE-2018-3088

  - CVE-2018-3089

  - CVE-2018-3090

  - CVE-2018-3091

  - CVE-2018-2694

  - CVE-2018-2698

  - CVE-2018-2685

  - CVE-2018-2686

  - CVE-2018-2687

  - CVE-2018-2688

  - CVE-2018-2689

  - CVE-2018-2690

  - CVE-2018-2676

  - CVE-2018-2693

  - CVE-2017-5715

virtualbox other changes :

  - Version bump to 5.2.16

  - Use %(?linux_make_arch) when building kernel modules
    (boo#1098050)

  - Fixed vboxguestconfig.sh script

  - Update warning regarding the security hole in USB
    passthrough. (boo#1097248)

  - Fixed include for build with Qt 5.11 (boo#1093731)

  - You can find a detailed list of changes
    [here](https://www.virtualbox.org/wiki/Changelog#v16)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1039375"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1076372"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079838"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093731"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097248"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1098050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101667"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.virtualbox.org/wiki/Changelog#v16"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kbuild / virtualbox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kbuild");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kbuild-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kbuild-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-vnc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/28");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"kbuild-0.1.9998svn3110-4.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kbuild-debuginfo-0.1.9998svn3110-4.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kbuild-debugsource-0.1.9998svn3110-4.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"virtualbox-guest-desktop-icons-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"virtualbox-guest-source-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"virtualbox-host-source-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"python-virtualbox-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"python-virtualbox-debuginfo-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-debuginfo-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-debugsource-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-devel-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-guest-kmp-default-5.2.18_k4.4.143_65-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-guest-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-guest-tools-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-guest-tools-debuginfo-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-guest-x11-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-guest-x11-debuginfo-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-host-kmp-default-5.2.18_k4.4.143_65-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-host-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-qt-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-qt-debuginfo-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-vnc-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-websrv-5.2.18-56.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"virtualbox-websrv-debuginfo-5.2.18-56.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kbuild / kbuild-debuginfo / kbuild-debugsource / python-virtualbox / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-853.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(111634);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2018-3005", "CVE-2018-3055", "CVE-2018-3085", "CVE-2018-3086", "CVE-2018-3087", "CVE-2018-3088", "CVE-2018-3089", "CVE-2018-3090", "CVE-2018-3091");

  script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2018-853)");
  script_summary(english:"Check for the openSUSE-2018-853 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for virtualbox to version 5.2.16 fixes the following
issues :

The following security vulnerabilities were fixed (boo#1101667) :

  - CVE-2018-3005: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks of
    this vulnerability can result in unauthorized ability to
    cause a partial denial of service (partial DOS) of
    Oracle VM VirtualBox.

  - CVE-2018-3055: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox and unauthorized read access to a subset of
    Oracle VM VirtualBox accessible data.

  - CVE-2018-3085: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in unauthorized creation, deletion or
    modification access to critical data or all Oracle VM
    VirtualBox accessible data as well as unauthorized read
    access to a subset of Oracle VM VirtualBox accessible
    data and unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox.

  - CVE-2018-3086: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3087: Fixed an easily exploitable vulnerability
    that allowed unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3088: Fixed an easily exploitable vulnerability
    allows unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3089: Fixed an easily exploitable vulnerability
    allows unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3090: Fixed an easily exploitable vulnerability
    allows unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in takeover of Oracle VM VirtualBox.

  - CVE-2018-3091: Fixed an easily exploitable vulnerability
    allows unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to
    compromise Oracle VM VirtualBox. Successful attacks
    require human interaction from a person other than the
    attacker and while the vulnerability is in Oracle VM
    VirtualBox, attacks may significantly impact additional
    products. Successful attacks of this vulnerability can
    result in unauthorized access to critical data or
    complete access to all Oracle VM VirtualBox accessible
    data.

The following bugs were fixed :

  - OVF: case insensitive comparison of manifest attribute
    values, to improve compatibility"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101667"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected virtualbox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-vnc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"python3-virtualbox-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"python3-virtualbox-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-debugsource-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-devel-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-desktop-icons-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-kmp-default-5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-kmp-default-debuginfo-5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-source-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-tools-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-tools-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-x11-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-x11-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-kmp-default-5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-kmp-default-debuginfo-5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-source-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-qt-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-qt-debuginfo-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-vnc-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-websrv-5.2.16-lp150.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-websrv-debuginfo-5.2.16-lp150.4.9.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc");
}