Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310809075HistoryOct 21, 2016 - 12:00 a.m.
Oracle Virtualbox Multiple Security Bypass And DoS Vulnerabilities - Windows
2016-10-2100:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
11
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.566 Medium
EPSS
Percentile
97.7%
Oracle VM VirtualBox is prone to multiple security bypass and denial of service vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:oracle:vm_virtualbox";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.809075");
script_version("2024-02-15T05:05:40+0000");
script_cve_id("CVE-2016-5501", "CVE-2016-6304", "CVE-2016-5610", "CVE-2016-5538",
"CVE-2016-5613", "CVE-2016-5611", "CVE-2016-5608");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-16 13:18:00 +0000 (Tue, 16 Aug 2022)");
script_tag(name:"creation_date", value:"2016-10-21 14:40:28 +0530 (Fri, 21 Oct 2016)");
script_name("Oracle Virtualbox Multiple Security Bypass And DoS Vulnerabilities - Windows");
script_tag(name:"summary", value:"Oracle VM VirtualBox is prone to multiple security bypass and denial of service vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws exist due to multiple
unspecified errors in core and openssl component.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
attackers to gain elevated privileges, to partially access and modify data
and cause partial denial of service conditions.");
script_tag(name:"affected", value:"VirtualBox versions prior to 5.0.28 and
prior to 5.1.8 on Windows.");
script_tag(name:"solution", value:"Upgrade to Oracle VirtualBox version
5.0.28 or 5.1.8 or later on Windows.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"registry");
script_xref(name:"URL", value:"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93687");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93150");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93711");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93697");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93728");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93744");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93718");
script_copyright("Copyright (C) 2016 Greenbone AG");
script_category(ACT_GATHER_INFO);
script_family("General");
script_dependencies("secpod_sun_virtualbox_detect_win.nasl");
script_mandatory_keys("Oracle/VirtualBox/Win/Ver");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!virtualVer = get_app_version(cpe:CPE)){
exit(0);
}
if(virtualVer =~ "^5\.0\.")
{
if(version_is_less(version:virtualVer, test_version:"5.0.28"))
{
fix = "5.0.28";
VULN = TRUE;
}
}
else if(virtualVer =~ "^5\.1\.")
{
if(version_is_less(version:virtualVer, test_version:"5.1.8"))
{
fix = "5.1.8";
VULN = TRUE;
}
}
if(VULN)
{
report = report_fixed_ver(installed_version:virtualVer, fixed_version:fix);
security_message(data:report);
exit(0);
}
Related
openvas
openvas
Oracle Virtualbox Multiple Security Bypass And DoS Vulnerabilities - Linux
2016-10-21 00:00:00
Mageia: Security Advisory (MGASA-2016-0408)
2022-01-28 00:00:00
nessus
nessus
Oracle VM VirtualBox 5.0.x < 5.0.28 / 5.1.x < 5.1.8 Multiple Vulnerabilities (October 2016 CPU)
2016-10-20 00:00:00
openSUSE Security Update : virtualbox (openSUSE-2016-1366)
2016-11-29 00:00:00
openSUSE Security Update : virtualbox (openSUSE-2016-1226)
2016-10-27 00:00:00
kaspersky
kaspersky
KLA10888 Multiple vulnerabilities in Oracle VM VirtualBox
2016-10-19 00:00:00
cve
cve
prion
prion
Design/Logic Flaw
2016-10-25 14:30:00
Design/Logic Flaw
2016-10-25 14:31:00
Design/Logic Flaw
2016-10-25 14:31:00
ubuntucve
ubuntucve
debiancve
debiancve
mageia
mageia
Updated virtualbox packages fixes security vulnerabilities
2016-12-06 00:49:27
gentoo
gentoo
VirtualBox: Multiple vulnerabilities
2016-12-11 00:00:00
zdt
zdt
OpenSSL OCSP Status Request Extension Unbounded Memory Growth Vulnerability
2016-10-21 00:00:00
f5
f5
K54211024 : OpenSSL vulnerability CVE-2016-6304
2016-11-02 00:00:00
SOL54211024 - OpenSSL vulnerability CVE-2016-6304
2016-11-02 00:00:00
hackerone
hackerone
veracode
veracode
Denial Of Service (DoS)
2017-01-26 01:52:41
Denial Of Service (DoS)
2019-01-15 09:14:47
redhat
redhat
(RHSA-2016:2802) Important: openssl security update
2016-11-17 12:52:35
(RHSA-2017:2494) Important: Red Hat JBoss Web Server 2 security update
2017-08-21 15:21:48
alpinelinux
alpinelinux
CVE-2016-6304
2016-09-26 19:59:00
checkpoint_advisories
checkpoint_advisories
OpenSSL OCSP Extension Unbounded Memory Denial of Service (CVE-2016-6304)
2016-09-22 00:00:00
osv
osv
CVE-2016-6304
2016-09-26 19:59:00
openssl - security update
2016-09-22 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-6304
2016-09-22 00:00:00
thn
thn
Critical DoS Flaw found in OpenSSL — How It Works
2016-09-23 01:10:00
amazon
amazon
Important: openssl
2016-09-22 16:00:00
threatpost
threatpost
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
2016-09-23 15:47:13
Oracle Fixes 253 Vulnerabilities in Last CPU of 2016
2016-10-19 13:39:40
ibm
ibm
suse
suse
Security update for nodejs4 (important)
2016-11-01 16:19:35
Security update for nodejs4 (important)
2016-10-06 20:14:21
Security update for nodejs (important)
2016-10-11 19:20:03
ics
ics
Advantech Spectre RT Industrial Routers
2021-02-23 12:00:00
oraclelinux
oraclelinux
openssl security update
2016-09-27 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2i-alt1
2016-09-22 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2i-alt1
2016-09-22 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.2i-alt1
2016-09-22 00:00:00
centos
centos
openssl security update
2016-09-28 14:48:04
fedora
fedora
[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25
2016-10-09 03:28:42
[SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23
2016-10-11 23:24:05
[SECURITY] Fedora 24 Update: openssl-1.0.2j-1.fc24
2016-09-28 01:57:16
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:26.openssl
2016-09-23 00:00:00
cloudfoundry
cloudfoundry
USN-3087-2 OpenSSL Regression | Cloud Foundry
2016-09-28 00:00:00
archlinux
archlinux
[ASA-201609-24] lib32-openssl: multiple issues
2016-09-26 00:00:00
[ASA-201609-23] openssl: multiple issues
2016-09-26 00:00:00
debian
debian
[SECURITY] [DSA 3673-1] openssl security update
2016-09-22 16:50:31
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.566 Medium
EPSS
Percentile
97.7%
Related for OPENVAS:1361412562310809075