Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2017 Greenbone Networks GmbHOPENVAS:1361412562310851545
HistoryMay 03, 2017 - 12:00 a.m.

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2017:1142-1)

2017-05-0300:00:00
Copyright (C) 2017 Greenbone Networks GmbH
plugins.openvas.org
14

0.002 Low

EPSS

Percentile

56.6%

JSON

The remote host is missing an update for the

# Copyright (C) 2017 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) of their respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.851545");
  script_version("2020-01-31T08:23:39+0000");
  script_tag(name:"last_modification", value:"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)");
  script_tag(name:"creation_date", value:"2017-05-03 06:46:21 +0200 (Wed, 03 May 2017)");
  script_cve_id("CVE-2017-3513", "CVE-2017-3538", "CVE-2017-3558", "CVE-2017-3559",
                "CVE-2017-3561", "CVE-2017-3563", "CVE-2017-3575", "CVE-2017-3576",
                "CVE-2017-3587");
  script_tag(name:"cvss_base", value:"6.3");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:N");
  script_tag(name:"qod_type", value:"package");
  script_name("openSUSE: Security Advisory for virtualbox (openSUSE-SU-2017:1142-1)");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'virtualbox'
  package(s) announced via the referenced advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for virtualbox to version 5.1.22 fixes the following issues:

  These security issues were fixed (bsc#1034854):

  - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  takeover of Oracle VM VirtualBox.

  - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  takeover of Oracle VM VirtualBox.

  - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox.  Successful attacks of this vulnerability can result in
  takeover of Oracle VM VirtualBox.

  - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable
  vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  unauthorized creation, deletion or modification access to critical data
  or all Oracle VM VirtualBox accessible data and unauthorized ability to
  cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
  VirtualBox.

  - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows high privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  unauthorized creation, deletion or modification access to critical data
  or all Oracle VM VirtualBox accessible data and unauthorized ability to
  cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
  VirtualBox.

  - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Shared Folder). Difficult to
  exploit vulnerabi ...

  Description truncated, please see the referenced URL(s) for more information.");

  script_tag(name:"affected", value:"virtualbox on openSUSE Leap 42.2");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_xref(name:"openSUSE-SU", value:"2017:1142-1");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap42\.2");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap42.2") {
  if(!isnull(res = isrpmvuln(pkg:"python-virtualbox", rpm:"python-virtualbox~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"python-virtualbox-debuginfo", rpm:"python-virtualbox-debuginfo~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox", rpm:"virtualbox~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-debuginfo", rpm:"virtualbox-debuginfo~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-debugsource", rpm:"virtualbox-debugsource~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-devel", rpm:"virtualbox-devel~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-kmp-default", rpm:"virtualbox-guest-kmp-default~5.1.22_k4.4.57_18.3~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-kmp-default-debuginfo", rpm:"virtualbox-guest-kmp-default-debuginfo~5.1.22_k4.4.57_18.3~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-tools", rpm:"virtualbox-guest-tools~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-tools-debuginfo", rpm:"virtualbox-guest-tools-debuginfo~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-x11", rpm:"virtualbox-guest-x11~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-x11-debuginfo", rpm:"virtualbox-guest-x11-debuginfo~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-host-kmp-default", rpm:"virtualbox-host-kmp-default~5.1.22_k4.4.57_18.3~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-host-kmp-default-debuginfo", rpm:"virtualbox-host-kmp-default-debuginfo~5.1.22_k4.4.57_18.3~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-qt", rpm:"virtualbox-qt~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-qt-debuginfo", rpm:"virtualbox-qt-debuginfo~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-websrv", rpm:"virtualbox-websrv~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-websrv-debuginfo", rpm:"virtualbox-websrv-debuginfo~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-desktop-icons", rpm:"virtualbox-guest-desktop-icons~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"virtualbox-host-source", rpm:"virtualbox-host-source~5.1.22~19.10.1", rls:"openSUSELeap42.2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

References

Related

openvas 7
suse 2
nessus 4
mageia 2
kaspersky 2
debiancve 9
prion 9
seebug 4
cve 9
ubuntucve 9
zdt 6
packetstorm 1
googleprojectzero 1
oracle 1
openvas
openvas
openSUSE: Security Advisory for virtualbox (openSUSE-SU-2017:1141-1)
2017-05-03 00:00:00
Oracle Virtualbox Multiple Unspecified Vulnerabilities - 01 Apr17 (Windows)
2017-04-25 00:00:00
Oracle Virtualbox Multiple Unspecified Vulnerabilities - 01 Apr17 (Mac OS X)
2017-04-25 00:00:00
suse
suse
Security update for virtualbox (important)
2017-05-02 15:09:19
Security update for virtualbox (important)
2017-05-02 15:09:05
nessus
nessus
Oracle VM VirtualBox 5.0.x < 5.0.38 / 5.1.x < 5.1.20 (April 2017 CPU)
2017-04-20 00:00:00
openSUSE Security Update : virtualbox (openSUSE-2017-533)
2017-05-03 00:00:00
openSUSE Security Update : virtualbox (openSUSE-2017-534)
2017-05-03 00:00:00
mageia
mageia
Updated virtualbox packages fixes security vulnerabilities
2017-05-09 09:35:29
Updated virtualbox packages fixes security vulnerabilities
2017-03-23 10:19:23
kaspersky
kaspersky
KLA11027 Multiple vulnerabilities in Oracle VM VirtualBox
2017-04-24 00:00:00
KLA11028 A read/write local files vulnerability in Oracle VM Virtual Box
2017-04-24 00:00:00
debiancve
debiancve
CVE-2017-3538
2017-04-24 19:59:00
CVE-2017-3575
2017-04-24 19:59:00
CVE-2017-3576
2017-04-24 19:59:00
prion
prion
Buffer overflow
2017-04-24 19:59:00
Design/Logic Flaw
2017-04-24 19:59:00
Buffer overflow
2017-04-24 19:59:00
seebug
seebug
VirtualBox: cooperating VMs can escape from shared folder (CVE-2017-3538)
2017-04-17 00:00:00
VirtualBox: unprivileged host user -> host kernel privesc via environment and ioctl (CVE-2017-3561)
2017-04-19 00:00:00
VirtualBox: guest-to-host out-of-bounds write via virtio-net (CVE-2017-3575)
2017-04-19 00:00:00
cve
cve
CVE-2017-3538
2017-04-24 19:59:00
CVE-2017-3575
2017-04-24 19:59:00
CVE-2017-3513
2017-04-24 19:59:00
ubuntucve
ubuntucve
CVE-2017-3538
2017-04-24 00:00:00
CVE-2017-3575
2017-04-24 00:00:00
CVE-2017-3576
2017-04-24 00:00:00
zdt
zdt
VirtualBox Guest-To-Host Out-Of-Bounds Write Exploit
2017-04-19 00:00:00
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation Exploit
2017-04-19 00:00:00
VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy Exploit
2017-04-21 00:00:00
packetstorm
packetstorm
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation
2017-04-19 00:00:00
googleprojectzero
googleprojectzero
Bypassing VirtualBox Process Hardening on Windows
2017-08-23 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00

0.002 Low

EPSS

Percentile

56.6%

JSON
Related for OPENVAS:1361412562310851545
openvas7suse2nessus4mageia2kaspersky2debiancve9prion9seebug4cve9ubuntucve9zdt6packetstorm1googleprojectzero1oracle1