Lucene search
Copyright (C) 2018 Greenbone Networks GmbHOPENVAS:1361412562310851686HistoryJan 24, 2018 - 12:00 a.m.
openSUSE: Security Advisory for virtualbox (openSUSE-SU-2018:0187-1)
2018-01-2400:00:00
Copyright (C) 2018 Greenbone Networks GmbH
plugins.openvas.org
20
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
The remote host is missing an update for the
# Copyright (C) 2018 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.851686");
script_version("2023-11-03T16:10:08+0000");
script_tag(name:"last_modification", value:"2023-11-03 16:10:08 +0000 (Fri, 03 Nov 2023)");
script_tag(name:"creation_date", value:"2018-01-24 07:43:17 +0100 (Wed, 24 Jan 2018)");
script_cve_id("CVE-2017-5715", "CVE-2018-2676", "CVE-2018-2685", "CVE-2018-2686",
"CVE-2018-2687", "CVE-2018-2688", "CVE-2018-2689", "CVE-2018-2690",
"CVE-2018-2693", "CVE-2018-2694", "CVE-2018-2698");
script_tag(name:"cvss_base", value:"4.4");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");
script_tag(name:"qod_type", value:"package");
script_name("openSUSE: Security Advisory for virtualbox (openSUSE-SU-2018:0187-1)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'virtualbox'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for virtualbox to version 5.1.32 fixes the following issues:
The following vulnerabilities were fixed (boo#1076372):
- CVE-2017-5715: Systems with microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized
disclosure of information to an attacker with local user access via a
side-channel analysis, also known as 'Spectre', bsc#1068032.
- CVE-2018-2676: Local authenticated attacker may gain elevated privileges
- CVE-2018-2685: Local authenticated attacker may gain elevated privileges
- CVE-2018-2686: Local authenticated attacker may gain elevated privileges
- CVE-2018-2687: Local authenticated attacker may gain elevated privileges
- CVE-2018-2688: Local authenticated attacker may gain elevated privileges
- CVE-2018-2689: Local authenticated attacker may gain elevated privileges
- CVE-2018-2690: Local authenticated attacker may gain elevated privileges
- CVE-2018-2693: Local authenticated attacker may gain elevated privileges
via guest additions
- CVE-2018-2694: Local authenticated attacker may gain elevated privileges
- CVE-2018-2698: Local authenticated attacker may gain elevated privileges
The following bug fixes are included:
- fix occasional screen corruption when host screen resolution is changed
- increase proposed disk size when creating new VMs for Windows 7 and newer
- fix broken communication with certain devices on Linux hosts
- Fix problems using 256MB VRAM in raw-mode VMs
- add HDA support for more exotic guests (e.g. Haiku)
- fix playback with ALSA backend (5.1.28 regression)
- fix a problem where OHCI emulation might sporadically drop data transfers");
script_tag(name:"affected", value:"virtualbox on openSUSE Leap 42.3, openSUSE Leap 42.2");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"openSUSE-SU", value:"2018:0187-1");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSELeap42\.2|openSUSELeap42\.3)");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap42.2") {
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-desktop-icons", rpm:"virtualbox-guest-desktop-icons~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-source", rpm:"virtualbox-guest-source~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-host-source", rpm:"virtualbox-host-source~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-virtualbox", rpm:"python-virtualbox~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-virtualbox-debuginfo", rpm:"python-virtualbox-debuginfo~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox", rpm:"virtualbox~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-debuginfo", rpm:"virtualbox-debuginfo~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-debugsource", rpm:"virtualbox-debugsource~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-devel", rpm:"virtualbox-devel~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-kmp-default", rpm:"virtualbox-guest-kmp-default~5.1.32_k4.4.104_18.44~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-kmp-default-debuginfo", rpm:"virtualbox-guest-kmp-default-debuginfo~5.1.32_k4.4.104_18.44~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-tools", rpm:"virtualbox-guest-tools~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-tools-debuginfo", rpm:"virtualbox-guest-tools-debuginfo~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-x11", rpm:"virtualbox-guest-x11~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-x11-debuginfo", rpm:"virtualbox-guest-x11-debuginfo~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-host-kmp-default", rpm:"virtualbox-host-kmp-default~5.1.32_k4.4.104_18.44~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-host-kmp-default-debuginfo", rpm:"virtualbox-host-kmp-default-debuginfo~5.1.32_k4.4.104_18.44~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-qt", rpm:"virtualbox-qt~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-qt-debuginfo", rpm:"virtualbox-qt-debuginfo~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-vnc", rpm:"virtualbox-vnc~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-websrv", rpm:"virtualbox-websrv~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-websrv-debuginfo", rpm:"virtualbox-websrv-debuginfo~5.1.32~19.49.1", rls:"openSUSELeap42.2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "openSUSELeap42.3") {
if(!isnull(res = isrpmvuln(pkg:"python-virtualbox", rpm:"python-virtualbox~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-virtualbox-debuginfo", rpm:"python-virtualbox-debuginfo~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox", rpm:"virtualbox~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-debuginfo", rpm:"virtualbox-debuginfo~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-debugsource", rpm:"virtualbox-debugsource~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-devel", rpm:"virtualbox-devel~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-kmp-default", rpm:"virtualbox-guest-kmp-default~5.1.32_k4.4.104_39~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-kmp-default-debuginfo", rpm:"virtualbox-guest-kmp-default-debuginfo~5.1.32_k4.4.104_39~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-tools", rpm:"virtualbox-guest-tools~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-tools-debuginfo", rpm:"virtualbox-guest-tools-debuginfo~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-x11", rpm:"virtualbox-guest-x11~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-x11-debuginfo", rpm:"virtualbox-guest-x11-debuginfo~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-host-kmp-default", rpm:"virtualbox-host-kmp-default~5.1.32_k4.4.104_39~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-host-kmp-default-debuginfo", rpm:"virtualbox-host-kmp-default-debuginfo~5.1.32_k4.4.104_39~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-qt", rpm:"virtualbox-qt~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-qt-debuginfo", rpm:"virtualbox-qt-debuginfo~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-vnc", rpm:"virtualbox-vnc~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-websrv", rpm:"virtualbox-websrv~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-websrv-debuginfo", rpm:"virtualbox-websrv-debuginfo~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-desktop-icons", rpm:"virtualbox-guest-desktop-icons~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-guest-source", rpm:"virtualbox-guest-source~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"virtualbox-host-source", rpm:"virtualbox-host-source~5.1.32~42.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
References
Related
nessus
nessus
openSUSE Security Update : virtualbox (openSUSE-2018-75) (Spectre)
2018-01-24 00:00:00
GLSA-201802-01 : VirtualBox: Multiple vulnerabilities
2018-02-12 00:00:00
Oracle VM VirtualBox 5.1.x < 5.1.32 / 5.2.x < 5.2.6 (January 2018 CPU)
2018-01-17 00:00:00
suse
suse
Security update for virtualbox (important)
2018-01-24 03:07:42
Security update for kbuild, virtualbox (important)
2018-08-27 00:07:57
Security update for qemu (important)
2018-01-05 18:10:57
gentoo
gentoo
VirtualBox: Multiple vulnerabilities
2018-02-11 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0101)
2022-01-28 00:00:00
Oracle VirtualBox Security Updates (jan2018-3236628) - Windows
2018-01-17 00:00:00
Oracle VirtualBox Security Updates (jan2018-3236628) - Mac OS X
2018-01-17 00:00:00
kaspersky
kaspersky
KLA11179 Multiple vulnerabilities in Oracle VM VirtualBox
2018-01-18 00:00:00
mageia
mageia
Updated virtualbox packages fix security vulnerabilities
2018-01-26 00:04:19
Updated microcode packages fix security vulnerability
2018-05-29 22:41:14
debiancve
debiancve
prion
prion
Buffer overflow
2018-01-18 02:29:00
Buffer overflow
2018-01-18 02:29:00
Buffer overflow
2018-01-18 02:29:00
cve
cve
ubuntucve
ubuntucve
zdi
zdi
exploitpack
exploitpack
Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape
2018-01-24 00:00:00
seebug
seebug
packetstorm
packetstorm
Oracle VirtualBox Guest To Host Escape
2018-01-24 00:00:00
zdt
zdt
Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape Vulnerability
2018-01-25 00:00:00
debian
debian
[SECURITY] [DLA 1349-1] linux-tools security update
2018-04-16 22:31:08
[SECURITY] [DLA 1362-1] gcc-4.9-backport new package
2018-04-25 16:19:40
[SECURITY] [DSA 4179-1] linux-tools security update
2018-04-24 13:15:06
threatpost
threatpost
New Spectre-Level Flaw Targets Return Stack Buffer
2018-07-23 18:27:20
Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support
2018-04-04 15:18:47
redhat
redhat
(RHSA-2018:0050) Important: vdsm security update
2018-01-05 15:36:32
(RHSA-2018:0029) Important: libvirt security update
2018-01-04 19:31:42
(RHSA-2018:0109) Important: libvirt security update
2018-01-22 10:05:55
amazon
amazon
Important: linux-firmware
2018-02-20 21:46:00
Important: qemu-kvm
2018-02-07 18:49:00
centos
centos
libvirt security update
2018-01-04 19:54:04
microcode_ctl security update
2018-01-17 14:59:21
microcode_ctl security update
2018-01-04 11:40:52
oraclelinux
oraclelinux
qemu-kvm security update
2018-01-04 00:00:00
microcode_ctl security update
2018-01-17 00:00:00
qemu-kvm security update
2018-01-04 00:00:00
ubuntu
ubuntu
intel-microcode update
2018-03-29 00:00:00
libvirt update
2018-02-07 00:00:00
Intel Microcode update
2018-01-11 00:00:00
virtuozzo
virtuozzo
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-02-07 06:34:12
cloudfoundry
cloudfoundry
USN-3690-2: AMD Microcode regression | Cloud Foundry
2018-07-19 00:00:00
paloalto
paloalto
Meltdown and Spectre update for WildFire-500 Appliance
2018-05-15 21:35:00
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Related for OPENVAS:1361412562310851686