Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.DEBIAN_DLA-313.NASL
HistorySep 30, 2015 - 12:00 a.m.

Debian DLA-313-1 : virtualbox-ose security update

2015-09-3000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

The latest maintenance release of the VirtualBox (OSE) 3.2.x series (i.e., version 3.2.28) has been uploaded to Debian LTS (squeeze).
Thanks to Gianfranco Costamagna for preparing packages for review and upload by the Debian LTS Team.

Unfortunately, Oracle no longer provides information on specific security vulnerabilities in VirtualBox, thus we provide their latest 3.2.28 maintenance release in Debian LTS (squeeze) directly.

CVE-2013-3792

Oracle reported an unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.

The fix for CVE-2013-3792 prevents a virtio-net host DoS vulnerability by adding large frame support to IntNet, VirtioNet and NetFilter plus dropping oversized frames.

CVE-2014-2486

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core.

No further details have been provided, the attack range has been given as local, severity low.

CVE-2014-2488

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core.

No further details can been provided, the attack range has been given as local, severity low.

CVE-2014-2489

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

No further details can been provided, the attack range has been given as local, severity medium.

CVE-2015-2594

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

This update fixes an issue related to guests using bridged networking via WiFi.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-313-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(86195);
  script_version("2.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-3792", "CVE-2014-2486", "CVE-2014-2488", "CVE-2014-2489", "CVE-2015-2594");
  script_bugtraq_id(60794, 68610, 68618, 68621, 75899);

  script_name(english:"Debian DLA-313-1 : virtualbox-ose security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The latest maintenance release of the VirtualBox (OSE) 3.2.x series
(i.e., version 3.2.28) has been uploaded to Debian LTS (squeeze).
Thanks to Gianfranco Costamagna for preparing packages for review and
upload by the Debian LTS Team.

Unfortunately, Oracle no longer provides information on specific
security vulnerabilities in VirtualBox, thus we provide their latest
3.2.28 maintenance release in Debian LTS (squeeze) directly.

CVE-2013-3792

Oracle reported an unspecified vulnerability in the Oracle VM
VirtualBox component in Oracle Virtualization VirtualBox prior to
3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect
availability via unknown vectors related to Core.

The fix for CVE-2013-3792 prevents a virtio-net host DoS
vulnerability by adding large frame support to IntNet,
VirtioNet and NetFilter plus dropping oversized frames.

CVE-2014-2486

Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.12 allows local users to affect integrity and
availability via unknown vectors related to Core.

No further details have been provided, the attack range has
been given as local, severity low.

CVE-2014-2488

Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.12 allows local users to affect confidentiality via
unknown vectors related to Core.

No further details can been provided, the attack range has
been given as local, severity low.

CVE-2014-2489

Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.12 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Core.

No further details can been provided, the attack range has
been given as local, severity medium.

CVE-2015-2594

Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and
4.3.30 allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Core.

This update fixes an issue related to guests using bridged
networking via WiFi.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2015/09/msg00013.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/virtualbox-ose"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose-dkms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose-fuse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose-guest-dkms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose-guest-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose-guest-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose-guest-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:virtualbox-ose-source");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"virtualbox-ose", reference:"3.2.28-dfsg-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"virtualbox-ose-dbg", reference:"3.2.28-dfsg-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"virtualbox-ose-dkms", reference:"3.2.28-dfsg-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"virtualbox-ose-fuse", reference:"3.2.28-dfsg-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"virtualbox-ose-guest-dkms", reference:"3.2.28-dfsg-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"virtualbox-ose-guest-source", reference:"3.2.28-dfsg-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"virtualbox-ose-guest-utils", reference:"3.2.28-dfsg-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"virtualbox-ose-guest-x11", reference:"3.2.28-dfsg-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"virtualbox-ose-qt", reference:"3.2.28-dfsg-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"virtualbox-ose-source", reference:"3.2.28-dfsg-1+squeeze1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxvirtualbox-osep-cpe:/a:debian:debian_linux:virtualbox-ose
debiandebian_linuxvirtualbox-ose-dbgp-cpe:/a:debian:debian_linux:virtualbox-ose-dbg
debiandebian_linuxvirtualbox-ose-dkmsp-cpe:/a:debian:debian_linux:virtualbox-ose-dkms
debiandebian_linuxvirtualbox-ose-fusep-cpe:/a:debian:debian_linux:virtualbox-ose-fuse
debiandebian_linuxvirtualbox-ose-guest-dkmsp-cpe:/a:debian:debian_linux:virtualbox-ose-guest-dkms
debiandebian_linuxvirtualbox-ose-guest-sourcep-cpe:/a:debian:debian_linux:virtualbox-ose-guest-source
debiandebian_linuxvirtualbox-ose-guest-utilsp-cpe:/a:debian:debian_linux:virtualbox-ose-guest-utils
debiandebian_linuxvirtualbox-ose-guest-x11p-cpe:/a:debian:debian_linux:virtualbox-ose-guest-x11
debiandebian_linuxvirtualbox-ose-qtp-cpe:/a:debian:debian_linux:virtualbox-ose-qt
debiandebian_linuxvirtualbox-ose-sourcep-cpe:/a:debian:debian_linux:virtualbox-ose-source
Rows per page:
1-10 of 111

Related

osv 2
debian 2
openvas 13
kaspersky 2
nessus 5
prion 6
cvelist 6
ubuntucve 6
cve 6
debiancve 6
mageia 1
securityvulns 3
oracle 3
osv
osv
virtualbox-ose - security update
2015-09-29 00:00:00
virtualbox - security update
2015-09-13 00:00:00
debian
debian
[SECURITY] [DLA 313-1] virtualbox-ose security update
2015-09-29 15:00:00
[SECURITY] [DSA 3359-1] virtualbox security update
2015-09-13 19:47:52
openvas
openvas
Debian: Security Advisory (DLA-313-1)
2023-03-08 00:00:00
Oracle VM VirtualBox Multiple Unspecified Vulnerabilities-02 (Aug 2014) - Mac OS X
2014-08-04 00:00:00
Oracle VM VirtualBox Multiple Unspecified Vulnerabilities-02 (Aug 2014) - Linux
2014-08-04 00:00:00
kaspersky
kaspersky
KLA10284 Multiple vulnerabilities in Oracle VirtualBox
2014-07-17 00:00:00
KLA10630 Multiple vulnerabilities in Oracle VM VirtualBox
2015-07-14 00:00:00
nessus
nessus
Oracle VM VirtualBox < 3.2.24 / 4.0.26 / 4.1.34 / 4.2.26 / 4.3.14 Multiple Unspecified Vulnerabilities
2014-07-16 00:00:00
Oracle VM VirtualBox < 4.0.32 / 4.1.40 / 4.2.32 / 4.3.30 Core Unspecified Vulnerability (July 2015 CPU)
2015-07-16 00:00:00
Debian DSA-3359-1 : virtualbox - security update
2015-09-14 00:00:00
prion
prion
Design/Logic Flaw
2014-07-17 05:10:00
Design/Logic Flaw
2015-07-16 10:59:00
Design/Logic Flaw
2014-07-17 05:10:00
cvelist
cvelist
CVE-2014-2488
2014-07-17 02:36:00
CVE-2015-2594
2015-07-16 10:00:00
CVE-2014-2489
2014-07-17 02:36:00
ubuntucve
ubuntucve
CVE-2015-2594
2015-07-16 00:00:00
CVE-2014-2488
2014-07-17 00:00:00
CVE-2014-2489
2014-07-17 00:00:00
cve
cve
CVE-2015-2594
2015-07-16 10:59:00
CVE-2014-2488
2014-07-17 05:10:00
CVE-2014-2489
2014-07-17 05:10:00
debiancve
debiancve
CVE-2015-2594
2015-07-16 10:59:00
CVE-2014-2489
2014-07-17 05:10:00
CVE-2014-2488
2014-07-17 05:10:00
mageia
mageia
Updated virtualbox package fixes security issue
2013-07-21 13:01:13
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities
2014-07-21 00:00:00
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-12-09 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
JSON
Related for DEBIAN_DLA-313.NASL
osv2debian2openvas13kaspersky2nessus5prion6cvelist6ubuntucve6cve6debiancve6mageia1securityvulns3oracle3