Oracle VM VirtualBox 3.x / 4.0.x < 4.0.10 Local Integer Overflows

medium Nessus Plugin ID 62798

Synopsis

The remote Windows host has an application that is affected by two local overflow vulnerabilities.

Description

The remote host contains a version of Oracle VM VirtualBox or Sun xVM VirtualBox 3.0, 3.1, 3.2, or 4.0.x prior to 4.0.10. As such, it is reportedly affected by two vulnerabilities :

- A local user can exploit a flaw in Guest Additions for Windows to gain partial elevated privileges. This issue only affects version 4.0.x. (CVE-2011-2300)

- A local user can exploit an unspecified flaw to gain full control of the target system. (CVE-2011-2305)

Solution

Upgrade to Oracle VM VirtualBox 4.0.10 or later.

See Also

http://www.nessus.org/u?1fd9a198

http://www.nessus.org/u?c54ecc3f

https://www.virtualbox.org/wiki/Changelog

Plugin Details

Severity: Medium

ID: 62798

File Name: virtualbox_4_0_8.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 11/2/2012

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:oracle:vm_virtualbox

Required KB Items: VirtualBox/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/19/2011

Vulnerability Publication Date: 7/19/2011

Reference Information

CVE: CVE-2011-2300, CVE-2011-2305

BID: 48781, 48793