Lucene search
This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.VIRTUALBOX_4_3_26.NASLHistoryOct 23, 2015 - 12:00 a.m.
Oracle VM VirtualBox < 4.0.30 / 4.1.38 / 4.2.30 / 4.3.26 / 5.0.0 Core DoS (October 2015 CPU)
2015-10-2300:00:00
This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.7%
The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.0.30, 4.1.38, 4.2.30, 4.3.26, or 5.0.0. It is, therefore, affected by an unspecified flaw in the Core subcomponent.
A local attacker can exploit this to cause a denial of service.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(86567);
script_version("1.7");
script_cvs_date("Date: 2018/11/07 16:27:15");
script_cve_id("CVE-2015-4856");
script_name(english:"Oracle VM VirtualBox < 4.0.30 / 4.1.38 / 4.2.30 / 4.3.26 / 5.0.0 Core DoS (October 2015 CPU)");
script_summary(english:"Performs a version check on VirtualBox.exe.");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by an
unspecified denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"The Oracle VM VirtualBox application installed on the remote host is a
version prior to 4.0.30, 4.1.38, 4.2.30, 4.3.26, or 5.0.0. It is,
therefore, affected by an unspecified flaw in the Core subcomponent.
A local attacker can exploit this to cause a denial of service.");
# http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75a4a4fb");
script_set_attribute(attribute:"see_also", value:"https://www.virtualbox.org/wiki/Changelog");
script_set_attribute(attribute:"solution", value:
"Upgrade to Oracle VM VirtualBox version 4.0.30 / 4.1.38 / 4.2.30 /
4.3.26 / 5.0.0 or later as referenced in the October 2015 Oracle
Critical Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4856");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/20");
script_set_attribute(attribute:"patch_publication_date", value:"2015/07/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"agent", value:"all");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:vm_virtualbox");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("virtualbox_installed.nasl", "macosx_virtualbox_installed.nbin");
script_require_ports("installed_sw/Oracle VM VirtualBox", "installed_sw/VirtualBox");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
app = NULL;
apps = make_list('Oracle VM VirtualBox', 'VirtualBox');
foreach app (apps)
{
if (get_install_count(app_name:app)) break;
else app = NULL;
}
if (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');
install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
ver = install['version'];
path = install['path'];
# Note int(null) returns '0'
ver_fields = split(ver, sep:'.', keep:FALSE);
major = int(ver_fields[0]);
minor = int(ver_fields[1]);
rev = int(ver_fields[2]);
fix = '';
# Affected :
# 4.0.x < 4.0.30
# 4.1.x < 4.1.38
# 4.2.x < 4.2.30
# 4.3.x < 4.3.26
if (major == 4 && minor == 0 && rev < 30) fix = '4.0.30';
else if (major == 4 && minor == 1 && rev < 38) fix = '4.1.38';
else if (major == 4 && minor == 2 && rev < 30) fix = '4.2.30';
else if (major == 4 && minor == 3 && rev < 26) fix = '4.3.26';
else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);
port = 0;
if (app == 'Oracle VM VirtualBox')
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
}
if (report_verbosity > 0)
{
report =
'\n Path : ' + path +
'\n Installed version : ' + ver +
'\n Fixed version : ' + fix +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | vm_virtualbox | cpe:/a:oracle:vm_virtualbox |
Related
cve
cve
CVE-2015-4856
2015-10-21 23:59:21
debiancve
debiancve
CVE-2015-4856
2015-10-21 23:59:21
nvd
nvd
CVE-2015-4856
2015-10-21 23:59:21
openvas
openvas
Oracle Virtualbox Unspecified Vulnerability (Nov 2015) - Linux
2015-11-02 00:00:00
Oracle Virtualbox Unspecified Vulnerability (Nov 2015) - Mac OS X
2015-11-02 00:00:00
Oracle Virtualbox Unspecified Vulnerability (Nov 2015) - Windows
2015-11-02 00:00:00
ubuntucve
ubuntucve
CVE-2015-4856
2015-10-21 00:00:00
prion
prion
Design/Logic Flaw
2015-10-21 23:59:00
cvelist
cvelist
CVE-2015-4856
2015-10-21 23:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-11-02 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2015
2015-10-20 00:00:00
4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
25.7%
Related for VIRTUALBOX_4_3_26.NASL