ID CVE-2013-5892
Summary Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
References
Vulnerable Configurations
  • Oracle VM VirtualBox 3.2.0
    cpe:2.3:a:oracle:vm_virtualbox:3.2.0
  • Oracle VM VirtualBox 3.2.10
    cpe:2.3:a:oracle:vm_virtualbox:3.2.10
  • Oracle VM VirtualBox 3.2.12
    cpe:2.3:a:oracle:vm_virtualbox:3.2.12
  • Oracle VM VirtualBox 3.2.14
    cpe:2.3:a:oracle:vm_virtualbox:3.2.14
  • Oracle VM VirtualBox 3.2.16
    cpe:2.3:a:oracle:vm_virtualbox:3.2.16
  • Oracle VM VirtualBox 3.2.18
    cpe:2.3:a:oracle:vm_virtualbox:3.2.18
  • Oracle VM VirtualBox 3.2.2
    cpe:2.3:a:oracle:vm_virtualbox:3.2.2
  • Oracle VM VirtualBox 3.2.4
    cpe:2.3:a:oracle:vm_virtualbox:3.2.4
  • Oracle VM VirtualBox 3.2.6
    cpe:2.3:a:oracle:vm_virtualbox:3.2.6
  • Oracle VM VirtualBox 3.2.8
    cpe:2.3:a:oracle:vm_virtualbox:3.2.8
  • Oracle VM VirtualBox 4.2.0
    cpe:2.3:a:oracle:vm_virtualbox:4.2.0
  • Oracle VM VirtualBox 4.2.10
    cpe:2.3:a:oracle:vm_virtualbox:4.2.10
  • Oracle VM VirtualBox 4.2.12
    cpe:2.3:a:oracle:vm_virtualbox:4.2.12
  • Oracle VM VirtualBox 4.2.14
    cpe:2.3:a:oracle:vm_virtualbox:4.2.14
  • Oracle VM VirtualBox 4.2.16
    cpe:2.3:a:oracle:vm_virtualbox:4.2.16
  • Oracle VM VirtualBox 4.2.18
    cpe:2.3:a:oracle:vm_virtualbox:4.2.18
  • Oracle VM VirtualBox 4.2.2
    cpe:2.3:a:oracle:vm_virtualbox:4.2.2
  • Oracle VM VirtualBox 4.2.20
    cpe:2.3:a:oracle:vm_virtualbox:4.2.20
  • Oracle VM VirtualBox 4.2.4
    cpe:2.3:a:oracle:vm_virtualbox:4.2.4
  • Oracle VM VirtualBox 4.2.6
    cpe:2.3:a:oracle:vm_virtualbox:4.2.6
  • Oracle VM VirtualBox 4.2.8
    cpe:2.3:a:oracle:vm_virtualbox:4.2.8
  • Oracle VM VirtualBox 4.3.0
    cpe:2.3:a:oracle:vm_virtualbox:4.3.0
  • Oracle VM VirtualBox 4.3.2
    cpe:2.3:a:oracle:vm_virtualbox:4.3.2
  • Oracle VM VirtualBox 4.3.4
    cpe:2.3:a:oracle:vm_virtualbox:4.3.4
  • Oracle VM VirtualBox 4.0
    cpe:2.3:a:oracle:vm_virtualbox:4.0
  • Oracle VM VirtualBox 4.0.0
    cpe:2.3:a:oracle:vm_virtualbox:4.0.0
  • Oracle VM VirtualBox 4.0.10
    cpe:2.3:a:oracle:vm_virtualbox:4.0.10
  • Oracle VM VirtualBox 4.0.12
    cpe:2.3:a:oracle:vm_virtualbox:4.0.12
  • Oracle VM VirtualBox 4.0.14
    cpe:2.3:a:oracle:vm_virtualbox:4.0.14
  • Oracle VM VirtualBox 4.0.16
    cpe:2.3:a:oracle:vm_virtualbox:4.0.16
  • Oracle VM VirtualBox 4.0.18
    cpe:2.3:a:oracle:vm_virtualbox:4.0.18
  • Oracle VM VirtualBox 4.0.2
    cpe:2.3:a:oracle:vm_virtualbox:4.0.2
  • Oracle VM VirtualBox 4.0.20
    cpe:2.3:a:oracle:vm_virtualbox:4.0.20
  • Oracle VM VirtualBox 4.0.4
    cpe:2.3:a:oracle:vm_virtualbox:4.0.4
  • Oracle VM VirtualBox 4.0.6
    cpe:2.3:a:oracle:vm_virtualbox:4.0.6
  • Oracle VM VirtualBox 4.0.8
    cpe:2.3:a:oracle:vm_virtualbox:4.0.8
  • Oracle VM VirtualBox 4.1.0
    cpe:2.3:a:oracle:vm_virtualbox:4.1.0
  • Oracle VM VirtualBox 4.1.10
    cpe:2.3:a:oracle:vm_virtualbox:4.1.10
  • Oracle VM VirtualBox 4.1.12
    cpe:2.3:a:oracle:vm_virtualbox:4.1.12
  • Oracle VM VirtualBox 4.1.14
    cpe:2.3:a:oracle:vm_virtualbox:4.1.14
  • Oracle VM VirtualBox 4.1.16
    cpe:2.3:a:oracle:vm_virtualbox:4.1.16
  • Oracle VM VirtualBox 4.1.18
    cpe:2.3:a:oracle:vm_virtualbox:4.1.18
  • Oracle VM VirtualBox 4.1.2
    cpe:2.3:a:oracle:vm_virtualbox:4.1.2
  • Oracle VM VirtualBox 4.1.20
    cpe:2.3:a:oracle:vm_virtualbox:4.1.20
  • Oracle VM VirtualBox 4.1.22
    cpe:2.3:a:oracle:vm_virtualbox:4.1.22
  • Oracle VM VirtualBox 4.1.24
    cpe:2.3:a:oracle:vm_virtualbox:4.1.24
  • Oracle VM VirtualBox 4.1.26
    cpe:2.3:a:oracle:vm_virtualbox:4.1.26
  • Oracle VM VirtualBox 4.1.28
    cpe:2.3:a:oracle:vm_virtualbox:4.1.28
  • Oracle Vm Virtualbox 4.1.4
    cpe:2.3:a:oracle:vm_virtualbox:4.1.4
  • Oracle VM VirtualBox 4.1.6
    cpe:2.3:a:oracle:vm_virtualbox:4.1.6
  • Oracle VM VirtualBox 4.1.8
    cpe:2.3:a:oracle:vm_virtualbox:4.1.8
CVSS
Base: 3.5 (as of 15-01-2014 - 11:55)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_81F1FDC27EC711E3A6C600163E1ED244.NASL
    description Oracle reports : Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72002
    published 2014-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72002
    title FreeBSD : virtualbox-ose -- local vulnerability (81f1fdc2-7ec7-11e3-a6c6-00163e1ed244)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-13 (VirtualBox: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in Virtualbox. Please review the CVE identifiers referenced below for details. Impact : A local attacker in a guest virtual machine may be able to escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72052
    published 2014-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72052
    title GLSA-201401-13 : VirtualBox: Multiple Vulnerabilities
  • NASL family Windows
    NASL id VIRTUALBOX_4_3_6.NASL
    description The remote host contains a version of Oracle VM VirtualBox prior to 3.2.20 / 4.0.22 / 4.1.30 / 4.2.22 / 4.3.6. It is, therefore, potentially affected by an unspecified, local security vulnerability related to a flaw in the 'Core' subcomponent.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 72008
    published 2014-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72008
    title Oracle VM VirtualBox < 3.2.20 / 4.0.22 / 4.1.30 / 4.2.22 / 4.3.6 Local Vulnerability
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2878.NASL
    description Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86 virtualisation solution, resulting in denial of service, privilege escalation and an information leak.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72993
    published 2014-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72993
    title Debian DSA-2878-1 : virtualbox - security update
refmap via4
bid
  • 64758
  • 64909
confirm http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
debian DSA-2878
osvdb 102057
sectrack 1029610
secunia 56490
xf oracle-cpujan2014-cve20135892(90368)
Last major update 26-03-2014 - 00:53
Published 15-01-2014 - 11:08
Last modified 28-08-2017 - 21:33
Back to Top