Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by multiple
vulnerabilities.

Description :

The Oracle VM VirtualBox application installed on the remote host is a
version prior to 4.3.36 or 5.0.18. It is, therefore, affected by an
unspecified flaw in the Core subcomponent that allows a local attacker
to gain elevated privileges. Additionally, multiple vulnerabilities
exist in the bundled version of OpenSSL :

- A flaw exists in the ssl3_get_key_exchange() function
in file s3_clnt.c when handling a ServerKeyExchange
message for an anonymous DH ciphersuite with the value
of 'p' set to 0. A attacker can exploit this, by causing
a segmentation fault, to crash an application linked
against the library, resulting in a denial of service.
(CVE-2015-1794)

- A carry propagating flaw exists in the x86_64 Montgomery
squaring implementation that may cause the BN_mod_exp()
function to produce incorrect results. An attacker can
exploit this to obtain sensitive information regarding
private keys. (CVE-2015-3193)

- A NULL pointer dereference flaw exists in file
rsa_ameth.c due to improper handling of ASN.1 signatures
that are missing the PSS parameter. A remote attacker
can exploit this to cause the signature verification
routine to crash, resulting in a denial of service
condition. (CVE-2015-3194)

- A flaw exists in the ASN1_TFLG_COMBINE implementation in
file tasn_dec.c related to handling malformed
X509_ATTRIBUTE structures. A remote attacker can exploit
this to cause a memory leak by triggering a decoding
failure in a PKCS#7 or CMS application, resulting in a
denial of service. (CVE-2015-3195)

- A race condition exists in s3_clnt.c that is triggered
when PSK identity hints are incorrectly updated in the
parent SSL_CTX structure when they are received by a
multi-threaded client. A remote attacker can exploit
this, via a crafted ServerKeyExchange message, to cause
a double-free memory error, resulting in a denial of
service. (CVE-2015-3196)

- A cipher algorithm downgrade vulnerability exists due to
a flaw that is triggered when handling cipher
negotiation. A remote attacker can exploit this to
negotiate SSLv2 ciphers and complete SSLv2 handshakes
even if all SSLv2 ciphers have been disabled on the
server. Note that this vulnerability only exists if the
SSL_OP_NO_SSLv2 option has not been disabled.
(CVE-2015-3197)

See also :

http://www.nessus.org/u?855180af
https://www.virtualbox.org/wiki/Changelog

Solution :

Upgrade to Oracle VM VirtualBox version 4.3.36 / 5.0.18 or later as
referenced in the April 2016 Oracle Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now