Oracle VM VirtualBox < 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 Multiple Unspecified Vulnerabilities

medium Nessus Plugin ID 76536

Synopsis

The remote host has an application that is affected by multiple unspecified vulnerabilities.

Description

The remote host contains a version of Oracle VM VirtualBox that is prior to 3.2.24, 4.0.26, 4.1.34, 4.2.26 or 4.3.14. It is, therefore, affected by the following vulnerabilities :

- An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain elevated privileges. (CVE-2014-2487, CVE-2014-4261)

- An unspecified flaw relating to the Core subcomponent that may allow a local attacker to have an impact on integrity and availability.
(CVE-2014-2486, CVE-2014-2477, CVE-2014-2489)

- An unspecified flaw relating to the Core subcomponent that may allow a local attacker to gain access to sensitive information. (CVE-2014-2488)

- An unspecified flaw relating to the Graphics driver for Windows guests that may allow a local attacker to have an impact on confidentiality, integrity, and availability. (CVE-2014-4228)

Solution

Upgrade Oracle VM VirtualBox to 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 or later.

See Also

http://www.nessus.org/u?11e8e9a6

https://www.virtualbox.org/wiki/Changelog

Plugin Details

Severity: Medium

ID: 76536

File Name: virtualbox_4_3_14.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 7/16/2014

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:oracle:vm_virtualbox, cpe:/a:oracle:virtualization

Required KB Items: VirtualBox/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/15/2014

Vulnerability Publication Date: 7/15/2014

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation)

Reference Information

CVE: CVE-2014-2477, CVE-2014-2486, CVE-2014-2487, CVE-2014-2488, CVE-2014-2489, CVE-2014-4228, CVE-2014-4261

BID: 68584, 68588, 68601, 68610, 68613, 68618, 68621