This script is Copyright (C) 2017 Tenable Network Security, Inc.
An application installed on the remote host is affected by an
information disclosure vulnerability.
The version of Oracle VM VirtualBox installed on the remote host is
5.0.x prior to 5.0.34 or 5.1.x prior to 5.1.16. It is, therefore,
affected by an information disclosure vulnerability within the shared
folder implementation, specifically in the vbsfPathCheckRootEscape()
function, that permits cooperating guests that have write access to
the same shared folder to gain access to the file system of the Linux
host. An authenticated attacker within a guest VM can exploit this to
read arbitrary files on the host. However, exploitation requires that
the shared folder is not more than nine levels away from the file
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.
See also :
Upgrade to Oracle VM VirtualBox version 5.0.34 / 5.1.16 or later
Risk factor :
Medium / CVSS Base Score : 5.2
CVSS Temporal Score : 4.3
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now