Oracle VM VirtualBox < 4.1.32 / 4.2.24 / 4.3.10 WDDM Graphics Driver Flaw

2014-04-16T00:00:00
ID ORACLE_VIRTUALBOX_WDDM_DRIVER.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
Modified 2018-11-15T00:00:00

Description

The remote host contains a version of Oracle VM VirtualBox that is prior to 4.1.32, 4.2.24, or 4.3.10. It is, therefore, potentially affected by a flaw in the WDDM graphics driver.

A flaw exists in the graphics driver for Windows guests, WDDM. It could allow local users to affect the confidentiality, integrity, and availability of the application.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(73577);
  script_version("1.6");
  script_cvs_date("Date: 2018/11/15 20:50:28");

  script_cve_id("CVE-2014-2441");
  script_bugtraq_id(66868);

  script_name(english:"Oracle VM VirtualBox < 4.1.32 / 4.2.24 / 4.3.10 WDDM Graphics Driver Flaw");
  script_summary(english:"Performs a version check on VirtualBox.exe");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by a flaw in the
WDDM graphics driver.");
  script_set_attribute(attribute:"description", value:
"The remote host contains a version of Oracle VM VirtualBox that is
prior to 4.1.32, 4.2.24, or 4.3.10. It is, therefore, potentially
affected by a flaw in the WDDM graphics driver.

A flaw exists in the graphics driver for Windows guests, WDDM. It
could allow local users to affect the confidentiality, integrity, and
availability of the application.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  # https://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixOVIR
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9fe8be8");
  script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
  script_set_attribute(attribute:"solution", value:"Upgrade Oracle VM VirtualBox to 4.1.32 / 4.2.24 / 4.3.10 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("virtualbox_installed.nasl");
  script_require_keys("VirtualBox/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit('VirtualBox/Version');
path = get_kb_item_or_exit('SMB/VirtualBox/'+ver);

# Note int(null) returns '0'
ver_fields = split(ver, sep:'.', keep:FALSE);
major = int(ver_fields[0]);
minor = int(ver_fields[1]);
rev = int(ver_fields[2]);

# Affected :
# 4.1.x < 4.1.32
# 4.2.x < 4.2.24
# 4.3.x < 4.3.10
if (major == 4 && minor == 1 && rev < 32) fix = '4.1.32';
else if (major == 4 && minor == 2 && rev < 24) fix = '4.2.24';
else if (major == 4 && minor == 3 && rev < 10) fix = '4.3.10';

if (fix)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + ver +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);

  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, 'Oracle VM VirtualBox', ver, path);