Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-1814.NASL
HistoryAug 12, 2019 - 12:00 a.m.

openSUSE Security Update : virtualbox (openSUSE-2019-1814)

2019-08-1200:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
JSON

This update for virtualbox to version 6.0.10 fixes the following issues :

Security issues fixed :

  • CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1814.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(127734);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/23");

  script_cve_id("CVE-2018-0734", "CVE-2018-11763", "CVE-2018-11784", "CVE-2018-3288", "CVE-2018-3289", "CVE-2018-3290", "CVE-2018-3291", "CVE-2018-3292", "CVE-2018-3293", "CVE-2018-3294", "CVE-2018-3295", "CVE-2018-3296", "CVE-2018-3297", "CVE-2018-3298", "CVE-2019-1543", "CVE-2019-2446", "CVE-2019-2448", "CVE-2019-2450", "CVE-2019-2451", "CVE-2019-2508", "CVE-2019-2509", "CVE-2019-2511", "CVE-2019-2525", "CVE-2019-2527", "CVE-2019-2554", "CVE-2019-2555", "CVE-2019-2556", "CVE-2019-2574", "CVE-2019-2656", "CVE-2019-2657", "CVE-2019-2678", "CVE-2019-2679", "CVE-2019-2680", "CVE-2019-2690", "CVE-2019-2696", "CVE-2019-2703", "CVE-2019-2721", "CVE-2019-2722", "CVE-2019-2723", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2859", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877");

  script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2019-1814)");
  script_summary(english:"Check for the openSUSE-2019-1814 patch");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for virtualbox to version 6.0.10 fixes the following
issues :

Security issues fixed :

  - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864
    CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848
    CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875
    CVE-2019-2876 CVE-2019-2850 (boo#1141801)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097248"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1098050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1115041"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130503"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130588"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132379"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132439"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133289"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133492"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141801"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected virtualbox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3294");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-vnc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"python3-virtualbox-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"python3-virtualbox-debuginfo-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-debuginfo-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-debugsource-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-devel-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-desktop-icons-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-kmp-default-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-kmp-default-debuginfo-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-source-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-tools-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-tools-debuginfo-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-x11-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-guest-x11-debuginfo-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-host-kmp-default-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-host-kmp-default-debuginfo-6.0.10_k4.12.14_lp151.28.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-host-source-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-qt-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-qt-debuginfo-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-vnc-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-websrv-6.0.10-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"virtualbox-websrv-debuginfo-6.0.10-lp151.2.6.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc");
}
VendorProductVersionCPE
novellopensusepython3-virtualboxp-cpe:/a:novell:opensuse:python3-virtualbox
novellopensusepython3-virtualbox-debuginfop-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo
novellopensusevirtualboxp-cpe:/a:novell:opensuse:virtualbox
novellopensusevirtualbox-debuginfop-cpe:/a:novell:opensuse:virtualbox-debuginfo
novellopensusevirtualbox-debugsourcep-cpe:/a:novell:opensuse:virtualbox-debugsource
novellopensusevirtualbox-develp-cpe:/a:novell:opensuse:virtualbox-devel
novellopensusevirtualbox-guest-desktop-iconsp-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons
novellopensusevirtualbox-guest-kmp-defaultp-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default
novellopensusevirtualbox-guest-kmp-default-debuginfop-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo
novellopensusevirtualbox-guest-sourcep-cpe:/a:novell:opensuse:virtualbox-guest-source
Rows per page:
1-10 of 231

References

Related

suse 5
openvas 23
kaspersky 5
mageia 4
nessus 28
ibm 10
oraclelinux 2
redhat 1
prion 22
ubuntucve 21
cve 21
zdi 16
debiancve 20
osv 2
checkpoint_advisories 1
github 1
centos 1
debian 2
amazon 2
veracode 2
fedora 1
packetstorm 1
ubuntu 1
zdt 1
f5 1
redhatcve 1
nuclei 1
hackerone 1
openssl 1
freebsd 1
suse
suse
Security update for virtualbox (important)
2019-07-30 00:00:00
Security update for virtualbox (important)
2019-01-25 00:00:00
Security update for virtualbox (important)
2019-06-11 00:00:00
openvas
openvas
openSUSE: Security Advisory for virtualbox (openSUSE-SU-2019:1814-1)
2019-07-31 00:00:00
Oracle VirtualBox Security Updates (jul2019-5072835) - Windows
2019-07-17 00:00:00
Oracle VirtualBox Security Updates (apr2019-5072813) 01 - Windows
2019-04-18 00:00:00
kaspersky
kaspersky
KLA11521 Multiple vulnerabilities in Oracle VirtualBox
2019-07-16 00:00:00
KLA11471 Multiple vulnerabilities in Oracle VirtualBox
2019-04-16 00:00:00
KLA11339 Multiple vulnerabilities in Oracle Virtual Box
2018-10-16 00:00:00
mageia
mageia
Updated virtualbox packages fix security vulnerabilities
2019-07-27 19:44:28
Virtualbox 6.0.6 fixes security vulnerabilities
2019-05-04 23:13:37
Updated virtualbox packages fix security vulnerabilities
2018-11-03 14:55:18
nessus
nessus
Oracle VM VirtualBox 5.2.x < 5.2.32 / 6.0.x < 6.0.10 (Jul 2019 CPU)
2019-07-18 00:00:00
Oracle VM VirtualBox 5.2.x < 5.2.28 / 6.0.x < 6.0.6 (Apr 2019 CPU)
2019-04-18 00:00:00
Oracle VM VirtualBox < 5.2.20 Multiple Vulnerabilities (Oct 2018 CPU)
2018-10-18 00:00:00
ibm
ibm
Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat and Apache HTTP Server (CVE-2018-11763; CVE-2018-11784)
2018-11-15 17:45:02
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-11784)
2019-03-27 12:55:02
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony
2021-07-02 02:32:33
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2019-11-14 00:00:00
tomcat security update
2019-03-13 00:00:00
redhat
redhat
(RHSA-2019:3700) Low: openssl security, bug fix, and enhancement update
2019-11-05 20:52:19
prion
prion
Buffer overflow
2019-01-16 19:30:00
Buffer overflow
2019-01-16 19:30:00
Buffer overflow
2019-04-23 19:32:00
ubuntucve
ubuntucve
CVE-2019-2680
2019-04-23 00:00:00
CVE-2019-2556
2019-01-16 00:00:00
CVE-2019-2679
2019-04-23 00:00:00
cve
cve
CVE-2019-2508
2019-01-16 19:30:00
CVE-2019-2556
2019-01-16 19:30:00
CVE-2019-2865
2019-07-23 23:15:00
zdi
zdi
Oracle VirtualBox crUnpackMap2d Integer Overflow Information Disclosure Vulnerability
2019-01-24 00:00:00
Oracle VirtualBox crServerDispatchGenProgramsARB Integer Overflow Privilege Escalation Vulnerability
2018-10-17 00:00:00
Oracle VirtualBox vmsvga3dSetTransform Out-Of-Bounds Write Privilege Escalation Vulnerability
2019-07-22 00:00:00
debiancve
debiancve
CVE-2019-2866
2019-07-23 23:15:00
CVE-2019-2679
2019-04-23 19:32:00
CVE-2018-3298
2018-10-17 01:31:00
osv
osv
Apache Tomcat Open Redirect vulnerability
2018-10-17 16:31:02
CVE-2018-11784
2018-10-04 13:29:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Default Servlet Open Redirect (CVE-2018-11784)
2019-02-19 00:00:00
github
github
Apache Tomcat Open Redirect vulnerability
2018-10-17 16:31:02
centos
centos
tomcat security update
2019-03-19 14:33:17
debian
debian
[SECURITY] [DLA 1544-1] tomcat7 security update
2018-10-14 20:43:08
[SECURITY] [DLA 1545-1] tomcat8 security update
2018-10-15 16:56:28
amazon
amazon
Medium: tomcat
2019-04-04 22:00:00
Medium: tomcat7
2018-11-05 19:35:00
veracode
veracode
Open Redirection
2018-10-04 09:06:12
Open Redirection
2019-01-15 09:25:50
fedora
fedora
[SECURITY] Fedora 29 Update: tomcat-9.0.13-1.fc29
2019-02-13 02:48:13
packetstorm
packetstorm
Apache Tomcat 9.0.0M1 Open Redirect
2021-07-11 00:00:00
ubuntu
ubuntu
Tomcat vulnerability
2018-10-10 00:00:00
zdt
zdt
Apache Tomcat 9.0.0.M1 - Open Redirect Vulnerability
2021-07-13 00:00:00
f5
f5
K64921482 : Apache Tomcat vulnerability CVE-2018-11784
2018-10-25 00:00:00
redhatcve
redhatcve
CVE-2018-11784
2019-11-02 09:34:32
nuclei
nuclei
Apache Tomcat - Open Redirect
2021-03-18 16:22:01
hackerone
hackerone
Internet Bug Bounty: ChaCha20-Poly1305 with long nonces
2019-03-07 09:21:12
openssl
openssl
Vulnerability in OpenSSL CVE-2019-1543
2019-03-06 00:00:00
freebsd
freebsd
OpenSSL -- ChaCha20-Poly1305 nonce vulnerability
2019-03-06 00:00:00
JSON
Related for OPENSUSE-2019-1814.NASL
suse5openvas23kaspersky5mageia4nessus28ibm10oraclelinux2redhat1prion22ubuntucve21cve21zdi16debiancve20osv2checkpoint_advisories1github1centos1debian2amazon2veracode2fedora1packetstorm1ubuntu1zdt1f51redhatcve1nuclei1hackerone1openssl1freebsd1