Sun xVM VirtualBox < 3.0.4 Multiple Local Denial of Service Vulnerabilities

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by
local denial of service vulnerabilities.

Description :

The remote host contains a version of Sun xVM VirtualBox, an open
source virtualization platform, before 3.0.4. Such versions
have multiple local denial of service vulnerabilities. A guest
virtual machine (VM) can reboot the host machine by executing the
'sysenter' instruction. The vendor states there are several other
denial of service vulnerabilities in addition to this.

An attacker with access to the guest VM could leverage these to
cause a denial of service.

See also :

http://download.oracle.com/sunalerts/1020812.1.html
http://forums.virtualbox.org/viewtopic.php?f=1&t=20948

Solution :

Upgrade to Sun xVM VirtualBox 3.0.4 or later.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 3.8
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40549 ()

Bugtraq ID: 35915
35960

CVE ID: CVE-2009-2714
CVE-2009-2715

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now