Detections
Analytics

Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU)

medium Nessus Plugin ID 90680

Language:

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.18. It is, therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to gain elevated privileges. Additionally, multiple vulnerabilities exist in the bundled version of OpenSSL :

 - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service.
 (CVE-2015-1794)

 - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193)

 - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194)

 - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195)

 - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196)

 - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled.
 (CVE-2015-3197)

Solution

Upgrade to Oracle VM VirtualBox version 4.3.36 / 5.0.18 or later as referenced in the April 2016 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?ffb7b96f

https://www.virtualbox.org/wiki/Changelog

Plugin Details

Severity: Medium

ID: 90680

File Name: virtualbox_5_0_18.nasl

Version: 1.10

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 4/22/2016

Updated: 11/19/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2015-3193

Vulnerability Information

CPE: cpe:/a:oracle:vm_virtualbox

Exploit Ease: No known exploits are available

Patch Publication Date: 4/19/2016

Vulnerability Publication Date: 4/19/2016

Reference Information

CVE: CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3197, CVE-2016-0678

BID: 78622, 78623, 78626, 82237

CERT: 257823