ID CVE-2014-0983
Summary Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.
References
Vulnerable Configurations
  • Oracle VM VirtualBox 4.2.0
    cpe:2.3:a:oracle:vm_virtualbox:4.2.0
  • Oracle VM VirtualBox 4.2.2
    cpe:2.3:a:oracle:vm_virtualbox:4.2.2
  • Oracle VM VirtualBox 4.2.4
    cpe:2.3:a:oracle:vm_virtualbox:4.2.4
  • Oracle VM VirtualBox 4.2.6
    cpe:2.3:a:oracle:vm_virtualbox:4.2.6
  • Oracle VM VirtualBox 4.2.8
    cpe:2.3:a:oracle:vm_virtualbox:4.2.8
  • Oracle VM VirtualBox 4.2.10
    cpe:2.3:a:oracle:vm_virtualbox:4.2.10
  • Oracle VM VirtualBox 4.2.12
    cpe:2.3:a:oracle:vm_virtualbox:4.2.12
  • Oracle VM VirtualBox 4.2.14
    cpe:2.3:a:oracle:vm_virtualbox:4.2.14
  • Oracle VM VirtualBox 4.2.16
    cpe:2.3:a:oracle:vm_virtualbox:4.2.16
  • Oracle VM VirtualBox 4.2.18
    cpe:2.3:a:oracle:vm_virtualbox:4.2.18
  • Oracle VM VirtualBox 4.2.20
    cpe:2.3:a:oracle:vm_virtualbox:4.2.20
  • Oracle VM VirtualBox 4.3.0
    cpe:2.3:a:oracle:vm_virtualbox:4.3.0
  • Oracle VM VirtualBox 4.3.2
    cpe:2.3:a:oracle:vm_virtualbox:4.3.2
  • Oracle VM VirtualBox 4.3.4
    cpe:2.3:a:oracle:vm_virtualbox:4.3.4
  • Oracle VM VirtualBox 4.3.6
    cpe:2.3:a:oracle:vm_virtualbox:4.3.6
CVSS
Base: 6.9 (as of 31-03-2014 - 14:04)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities. CVE-2014-0981,CVE-2014-0982,CVE-2014-0983. Dos exploits for multiple platform
    file exploits/multiple/dos/32208.txt
    id EDB-ID:32208
    last seen 2016-02-03
    modified 2014-03-12
    platform multiple
    port
    published 2014-03-12
    reporter Core Security
    source https://www.exploit-db.com/download/32208/
    title Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities
    type dos
  • description VirtualBox 3D Acceleration Virtual Machine Escape. CVE-2014-0983,CVE-2015-4523. Remote exploit for win64 platform
    id EDB-ID:34334
    last seen 2016-02-03
    modified 2014-08-14
    published 2014-08-14
    reporter metasploit
    source https://www.exploit-db.com/download/34334/
    title VirtualBox 3D Acceleration Virtual Machine Escape
metasploit via4
description This module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.
id MSF:EXPLOIT/WINDOWS/LOCAL/VIRTUAL_BOX_OPENGL_ESCAPE
last seen 2019-03-07
modified 2017-09-14
published 2014-08-09
reliability Average
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/virtual_box_opengl_escape.rb
title VirtualBox 3D Acceleration Virtual Machine Escape
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2904.NASL
    description Francisco Falcon discovered that missing input sanitizing in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73534
    published 2014-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73534
    title Debian DSA-2904-1 : virtualbox - security update
  • NASL family Windows
    NASL id VIRTUALBOX_4_3_8.NASL
    description The remote host contains a version of Oracle VM VirtualBox that is 3.2.x prior to 3.2.22, 4.0.24, 4.1.32, 4.2.24 or 4.3.8. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists in the function 'crNetRecvReadback' in the file 'GuestHost/OpenGL/util/net.c' related to handling CR_MESSAGE_READBACK and CR_MESSAGE_WRITEBACK messages that could allow memory corruption leading to application crashes and possibly arbitrary code execution. (CVE-2014-0981) - An input validation error exists related to the Chromium server and the handling of CR_VERTEXATTRIB4NUBARB_OPCODE messages that could allow memory corruption leading to application crashes and possibly arbitrary code execution. (CVE-2014-0983)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 72985
    published 2014-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72985
    title Oracle VM VirtualBox < 3.2.22 / 4.0.24 / 4.1.32 / 4.2.24 / 4.3.8 Multiple Memory Corruption
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201612-27.NASL
    description The remote host is affected by the vulnerability described in GLSA-201612-27 (VirtualBox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact : Local attackers could cause a Denial of Service condition, execute arbitrary code, or escalate their privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 95695
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95695
    title GLSA-201612-27 : VirtualBox: Multiple vulnerabilities (Venom)
packetstorm via4
refmap via4
bugtraq 20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities
confirm
debian DSA-2904
fulldisc 20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities
gentoo GLSA-201612-27
misc http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
secunia 57384
Last major update 24-04-2014 - 01:04
Published 31-03-2014 - 10:58
Last modified 09-10-2018 - 15:42
Back to Top