Detections
Analytics

Oracle VM VirtualBox < 4.3.36 / 5.0.14 Multiple Vulnerabilities (January 2016 CPU)

medium Nessus Plugin ID 88052

Language:

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.14. It is, therefore, affected by the following vulnerabilities :

 - An unspecified vulnerability exists in the Core subcomponent that allows a remote attacker to affect the availability of the system. No other details are available. (CVE-2016-0495)

 - An unspecified vulnerability exists in the Core subcomponent that allows a local attacker to affect the availability of the system. No other details are available. (CVE-2016-0592)

 - An unspecified vulnerability exists in the Windows Installer subcomponent that allows a local attacker to gain elevated privileges. No other details are available. (CVE-2016-0602)

Solution

Upgrade to Oracle VM VirtualBox version 4.3.36 / 5.0.14 or later as referenced in the January 2016 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?ab4ebec1

https://www.virtualbox.org/wiki/Changelog

Plugin Details

Severity: Medium

ID: 88052

File Name: virtualbox_5_0_14.nasl

Version: 1.8

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 1/21/2016

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-0602

Vulnerability Information

CPE: cpe:/a:oracle:vm_virtualbox

Exploit Ease: No known exploits are available

Patch Publication Date: 1/19/2016

Vulnerability Publication Date: 1/19/2016

Reference Information

CVE: CVE-2016-0495, CVE-2016-0592, CVE-2016-0602