Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-863.NASL
HistoryMar 27, 2019 - 12:00 a.m.

openSUSE Security Update : VirtualBox (openSUSE-2019-863)

2019-03-2700:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

This update for VirtualBox 5.2.20 fixes security issues and bugs.

A number of vulnerabilities were fixed a affecting multiple components of VirtualBox bsc#1112097: CVE-2018-0732, CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, and CVE-2018-3298.

This update also contains various bug fixes in the 5.2.20 release :

  • VMM: fixed task switches triggered by INTn instruction

  • Storage: fixed connecting to certain iSCSI targets

  • Storage: fixed handling of flush requests when configured to be ignored when the host I/O cache is used

  • Drag and drop fixes

  • Video recording: fixed starting video recording on VM power up

  • Various fixes to Linux Additions

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-863.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(123360);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2018-0732", "CVE-2018-2909", "CVE-2018-3287", "CVE-2018-3288", "CVE-2018-3289", "CVE-2018-3290", "CVE-2018-3291", "CVE-2018-3292", "CVE-2018-3293", "CVE-2018-3294", "CVE-2018-3295", "CVE-2018-3296", "CVE-2018-3297", "CVE-2018-3298");

  script_name(english:"openSUSE Security Update : VirtualBox (openSUSE-2019-863)");
  script_summary(english:"Check for the openSUSE-2019-863 patch");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for VirtualBox 5.2.20 fixes security issues and bugs.

A number of vulnerabilities were fixed a affecting multiple components
of VirtualBox bsc#1112097: CVE-2018-0732, CVE-2018-2909,
CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290,
CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294,
CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, and CVE-2018-3298. 

This update also contains various bug fixes in the 5.2.20 release :

  - VMM: fixed task switches triggered by INTn instruction

  - Storage: fixed connecting to certain iSCSI targets

  - Storage: fixed handling of flush requests when
    configured to be ignored when the host I/O cache is used

  - Drag and drop fixes

  - Video recording: fixed starting video recording on VM
    power up

  - Various fixes to Linux Additions"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112097"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected VirtualBox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-vnc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"python3-virtualbox-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"python3-virtualbox-debuginfo-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-debuginfo-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-debugsource-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-devel-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-desktop-icons-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-kmp-default-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-kmp-default-debuginfo-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-source-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-tools-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-tools-debuginfo-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-x11-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-guest-x11-debuginfo-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-kmp-default-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-kmp-default-debuginfo-5.2.20_k4.12.14_lp150.12.22-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-host-source-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-qt-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-qt-debuginfo-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-vnc-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-websrv-5.2.20-lp150.4.20.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"virtualbox-websrv-debuginfo-5.2.20-lp150.4.20.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3-virtualbox / python3-virtualbox-debuginfo / virtualbox / etc");
}
VendorProductVersionCPE
novellopensusepython3-virtualboxp-cpe:/a:novell:opensuse:python3-virtualbox
novellopensusepython3-virtualbox-debuginfop-cpe:/a:novell:opensuse:python3-virtualbox-debuginfo
novellopensusevirtualboxp-cpe:/a:novell:opensuse:virtualbox
novellopensusevirtualbox-debuginfop-cpe:/a:novell:opensuse:virtualbox-debuginfo
novellopensusevirtualbox-debugsourcep-cpe:/a:novell:opensuse:virtualbox-debugsource
novellopensusevirtualbox-develp-cpe:/a:novell:opensuse:virtualbox-devel
novellopensusevirtualbox-guest-desktop-iconsp-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons
novellopensusevirtualbox-guest-kmp-defaultp-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default
novellopensusevirtualbox-guest-kmp-default-debuginfop-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo
novellopensusevirtualbox-guest-sourcep-cpe:/a:novell:opensuse:virtualbox-guest-source
Rows per page:
1-10 of 231

Related

openvas 19
nessus 33
kaspersky 1
mageia 1
prion 14
debiancve 14
cvelist 14
zdi 18
ubuntucve 14
cve 14
ibm 23
suse 7
veracode 2
redhatcve 1
tenable 4
symantec 1
amazon 1
f5 1
hackerone 1
aix 1
broadcom 2
osv 1
freebsd 1
checkpoint_advisories 1
alpinelinux 1
gentoo 1
ics 1
openssl 1
fedora 1
oraclelinux 3
altlinux 1
debian 1
openvas
openvas
Oracle VirtualBox Security Updates (oct2018-4428296) 02 - Linux
2018-10-17 00:00:00
Oracle VirtualBox Security Updates (oct2018-4428296) - Windows
2018-10-17 00:00:00
Oracle VirtualBox Security Updates (oct2018-4428296) 03 - Mac OS X
2018-10-17 00:00:00
nessus
nessus
Oracle VM VirtualBox < 5.2.20 Multiple Vulnerabilities (Oct 2018 CPU)
2018-10-18 00:00:00
openSUSE Security Update : VirtualBox (openSUSE-2018-1330)
2018-10-31 00:00:00
SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:1887-1)
2018-07-06 00:00:00
kaspersky
kaspersky
KLA11339 Multiple vulnerabilities in Oracle Virtual Box
2018-10-16 00:00:00
mageia
mageia
Updated virtualbox packages fix security vulnerabilities
2018-11-03 14:55:18
prion
prion
Buffer overflow
2018-10-17 01:31:00
Buffer overflow
2018-10-17 01:31:00
Buffer overflow
2018-10-17 01:31:00
debiancve
debiancve
CVE-2018-3287
2018-10-17 01:31:00
CVE-2018-3298
2018-10-17 01:31:00
CVE-2018-3295
2018-10-17 01:31:00
cvelist
cvelist
CVE-2018-3287
2018-10-17 01:00:00
CVE-2018-3288
2018-10-17 01:00:00
CVE-2018-3298
2018-10-17 01:00:00
zdi
zdi
Oracle VirtualBox crUnpackMap2d Integer Overflow Information Disclosure Vulnerability
2019-01-24 00:00:00
Oracle VirtualBox crServerDispatchGenProgramsARB Integer Overflow Privilege Escalation Vulnerability
2018-10-17 00:00:00
Oracle VirtualBox crServerDispatchGenProgramsNV Integer Overflow Privilege Escalation Vulnerability
2018-10-17 00:00:00
ubuntucve
ubuntucve
CVE-2018-3287
2018-10-17 00:00:00
CVE-2018-3288
2018-10-17 00:00:00
CVE-2018-3292
2018-10-17 00:00:00
cve
cve
CVE-2018-3295
2018-10-17 01:31:00
CVE-2018-3298
2018-10-17 01:31:00
CVE-2018-3293
2018-10-17 01:31:00
ibm
ibm
Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Advanced Management Module (AMM)
2018-10-03 16:20:01
Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere Message Broker
2019-12-23 03:04:50
Security Bulletin: WebSphere DataPower Appliances is affected by a Denial of Service vulnerability (CVE-2018-0732)
2018-09-07 14:46:09
suse
suse
Security update for openssl-1_1 (moderate)
2018-07-28 15:09:18
Security update for openssl-1_1 (moderate)
2018-10-05 12:08:41
Security update for openssl-1_0_0 (moderate)
2018-07-28 16:03:35
veracode
veracode
Denial Of Service (DoS)
2018-06-13 03:48:25
Denial Of Service (DoS)
2019-01-15 09:24:14
redhatcve
redhatcve
CVE-2018-0732
2018-06-14 05:18:51
tenable
tenable
[R1] Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities
2018-10-23 21:15:12
[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities
2018-12-20 19:43:50
[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities
2018-12-20 19:43:50
symantec
symantec
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12 00:00:00
amazon
amazon
Medium: openssl
2018-10-30 20:50:00
f5
f5
K21665601 : OpenSSL vulnerability CVE-2018-0732
2018-07-20 00:00:00
hackerone
hackerone
Internet Bug Bounty: Client DoS due to large DH parameter (CVE-2018-0732)
2018-06-12 11:15:31
aix
aix
Vulnerability in OpenSSL affects AIX (CVE-2018-0732)
2018-09-19 08:44:29
broadcom
broadcom
CVE-2018-0732. Client DoS due to large DH parameter.
2022-09-13 00:00:00
CVE-2018-0732. Client DoS due to large DH parameter.
2022-09-13 00:00:00
osv
osv
CVE-2018-0732
2018-06-12 13:29:00
freebsd
freebsd
OpenSSL -- Client DoS due to large DH parameter
2018-06-12 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Denial of Service (CVE-2018-0732)
2019-02-17 00:00:00
alpinelinux
alpinelinux
CVE-2018-0732
2018-06-12 13:29:00
gentoo
gentoo
OpenSSL: Denial of service
2018-11-09 00:00:00
ics
ics
Siemens TIM 1531 IRC
2021-06-08 12:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2018-0732
2018-06-12 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: openssl-1.1.0i-1.fc28
2018-09-22 20:52:36
oraclelinux
oraclelinux
openssl security update
2018-10-15 00:00:00
openssl security update
2018-10-12 00:00:00
openssl security update
2018-10-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 8.11.4-alt1
2018-08-29 00:00:00
debian
debian
[SECURITY] [DLA 1449-1] openssl security update
2018-07-28 03:56:45
JSON
Related for OPENSUSE-2019-863.NASL
openvas19nessus33kaspersky1mageia1prion14debiancve14cvelist14zdi18ubuntucve14cve14ibm23suse7veracode2redhatcve1tenable4symantec1amazon1f51hackerone1aix1broadcom2osv1freebsd1checkpoint_advisories1alpinelinux1gentoo1ics1openssl1fedora1oraclelinux3altlinux1debian1