Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-201401-13.NASLHistoryJan 21, 2014 - 12:00 a.m.
GLSA-201401-13 : VirtualBox: Multiple Vulnerabilities
2014-01-2100:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
3.5 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.8%
The remote host is affected by the vulnerability described in GLSA-201401-13 (VirtualBox: Multiple Vulnerabilities)
Multiple vulnerabilities have been discovered in Virtualbox. Please review the CVE identifiers referenced below for details.
Impact :
A local attacker in a guest virtual machine may be able to escalate privileges or cause a Denial of Service condition.
Workaround :
There is no known workaround at this time.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201401-13.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(72052);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2012-3221", "CVE-2013-5892", "CVE-2014-0404", "CVE-2014-0405", "CVE-2014-0406", "CVE-2014-0407");
script_bugtraq_id(56045, 64900, 64905, 64909, 64911, 64913);
script_xref(name:"GLSA", value:"201401-13");
script_name(english:"GLSA-201401-13 : VirtualBox: Multiple Vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201401-13
(VirtualBox: Multiple Vulnerabilities)
Multiple vulnerabilities have been discovered in Virtualbox. Please
review the CVE identifiers referenced below for details.
Impact :
A local attacker in a guest virtual machine may be able to escalate
privileges or cause a Denial of Service condition.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201401-13"
);
script_set_attribute(
attribute:"solution",
value:
"All virtualbox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-emulation/virtualbox-4.2.22'
All virtualbox-bin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-emulation/virtualbox-bin-4.2.22'"
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:virtualbox-bin");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/17");
script_set_attribute(attribute:"patch_publication_date", value:"2014/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/21");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"app-emulation/virtualbox-bin", unaffected:make_list("ge 4.2.22"), vulnerable:make_list("lt 4.2.22"))) flag++;
if (qpkg_check(package:"app-emulation/virtualbox", unaffected:make_list("ge 4.2.22"), vulnerable:make_list("lt 4.2.22"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
else security_note(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VirtualBox");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gentoo | linux | virtualbox | p-cpe:/a:gentoo:linux:virtualbox |
| gentoo | linux | virtualbox-bin | p-cpe:/a:gentoo:linux:virtualbox-bin |
| gentoo | linux | cpe:/o:gentoo:linux |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3221
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5892
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0406
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0407
security.gentoo.org/glsa/201401-13
Related
openvas
openvas
Gentoo Security Advisory GLSA 201401-13
2015-09-29 00:00:00
Debian: Security Advisory (DSA-2878-1)
2014-03-12 00:00:00
gentoo
gentoo
VirtualBox: Multiple Vulnerabilities
2014-01-20 00:00:00
nessus
nessus
Debian DSA-2878-1 : virtualbox - security update
2014-03-14 00:00:00
securityvulns
securityvulns
Information on recently-fixed Oracle VM VirtualBox vulnerabilities
2014-02-10 00:00:00
[SECURITY] [DSA 2594-1] virtualbox-ose security update
2013-01-02 00:00:00
Oracle VirtualBox DoS
2013-01-02 00:00:00
debian
debian
[SECURITY] [DSA 2878-1] virtualbox security update
2014-03-13 15:31:43
[SECURITY] [DSA 2594-1] virtualbox-ose security update
2012-12-30 13:16:14
mageia
mageia
Updated virtualbox packages fixes security vulnerabilities
2014-04-20 22:48:47
cvelist
cvelist
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
ubuntucve
ubuntucve
cve
cve
debiancve
debiancve
nvd
nvd
freebsd
freebsd
virtualbox-ose -- local vulnerability
2014-01-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
Oracle Critical Patch Update - October 2012
2012-10-16 00:00:00
3.5 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.8%
Related for GENTOO_GLSA-201401-13.NASL