ID CVE-2015-4896
Summary Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.
References
Vulnerable Configurations
  • Oracle VM VirtualBox 4.0.0
    cpe:2.3:a:oracle:vm_virtualbox:4.0.0
  • Oracle VM VirtualBox 4.0.2
    cpe:2.3:a:oracle:vm_virtualbox:4.0.2
  • Oracle VM VirtualBox 4.0.4
    cpe:2.3:a:oracle:vm_virtualbox:4.0.4
  • Oracle VM VirtualBox 4.0.6
    cpe:2.3:a:oracle:vm_virtualbox:4.0.6
  • Oracle VM VirtualBox 4.0.8
    cpe:2.3:a:oracle:vm_virtualbox:4.0.8
  • Oracle VM VirtualBox 4.0.10
    cpe:2.3:a:oracle:vm_virtualbox:4.0.10
  • Oracle VM VirtualBox 4.0.12
    cpe:2.3:a:oracle:vm_virtualbox:4.0.12
  • Oracle VM VirtualBox 4.0.14
    cpe:2.3:a:oracle:vm_virtualbox:4.0.14
  • Oracle VM VirtualBox 4.0.16
    cpe:2.3:a:oracle:vm_virtualbox:4.0.16
  • Oracle VM VirtualBox 4.0.18
    cpe:2.3:a:oracle:vm_virtualbox:4.0.18
  • Oracle VM VirtualBox 4.0.20
    cpe:2.3:a:oracle:vm_virtualbox:4.0.20
  • Oracle VM VirtualBox 4.0.22
    cpe:2.3:a:oracle:vm_virtualbox:4.0.22
  • Oracle VM VirtualBox 4.0.24
    cpe:2.3:a:oracle:vm_virtualbox:4.0.24
  • Oracle VM VirtualBox 4.0.26
    cpe:2.3:a:oracle:vm_virtualbox:4.0.26
  • Oracle VM VirtualBox 4.0.31
    cpe:2.3:a:oracle:vm_virtualbox:4.0.31
  • Oracle VM VirtualBox 4.1.0
    cpe:2.3:a:oracle:vm_virtualbox:4.1.0
  • Oracle VM VirtualBox 4.1.2
    cpe:2.3:a:oracle:vm_virtualbox:4.1.2
  • Oracle Vm Virtualbox 4.1.4
    cpe:2.3:a:oracle:vm_virtualbox:4.1.4
  • Oracle VM VirtualBox 4.1.6
    cpe:2.3:a:oracle:vm_virtualbox:4.1.6
  • Oracle VM VirtualBox 4.1.8
    cpe:2.3:a:oracle:vm_virtualbox:4.1.8
  • Oracle VM VirtualBox 4.1.10
    cpe:2.3:a:oracle:vm_virtualbox:4.1.10
  • Oracle VM VirtualBox 4.1.12
    cpe:2.3:a:oracle:vm_virtualbox:4.1.12
  • Oracle VM VirtualBox 4.1.14
    cpe:2.3:a:oracle:vm_virtualbox:4.1.14
  • Oracle VM VirtualBox 4.1.16
    cpe:2.3:a:oracle:vm_virtualbox:4.1.16
  • Oracle VM VirtualBox 4.1.18
    cpe:2.3:a:oracle:vm_virtualbox:4.1.18
  • Oracle VM VirtualBox 4.1.20
    cpe:2.3:a:oracle:vm_virtualbox:4.1.20
  • Oracle VM VirtualBox 4.1.22
    cpe:2.3:a:oracle:vm_virtualbox:4.1.22
  • Oracle VM VirtualBox 4.1.24
    cpe:2.3:a:oracle:vm_virtualbox:4.1.24
  • Oracle VM VirtualBox 4.1.26
    cpe:2.3:a:oracle:vm_virtualbox:4.1.26
  • Oracle VM VirtualBox 4.1.28
    cpe:2.3:a:oracle:vm_virtualbox:4.1.28
  • Oracle VM VirtualBox 4.1.30
    cpe:2.3:a:oracle:vm_virtualbox:4.1.30
  • Oracle VM VirtualBox 4.1.32
    cpe:2.3:a:oracle:vm_virtualbox:4.1.32
  • Oracle VM VirtualBox 4.1.34
    cpe:2.3:a:oracle:vm_virtualbox:4.1.34
  • Oracle VM VirtualBox 4.1.39
    cpe:2.3:a:oracle:vm_virtualbox:4.1.39
  • Oracle VM VirtualBox 4.2.0
    cpe:2.3:a:oracle:vm_virtualbox:4.2.0
  • Oracle VM VirtualBox 4.2.2
    cpe:2.3:a:oracle:vm_virtualbox:4.2.2
  • Oracle VM VirtualBox 4.2.4
    cpe:2.3:a:oracle:vm_virtualbox:4.2.4
  • Oracle VM VirtualBox 4.2.6
    cpe:2.3:a:oracle:vm_virtualbox:4.2.6
  • Oracle VM VirtualBox 4.2.8
    cpe:2.3:a:oracle:vm_virtualbox:4.2.8
  • Oracle VM VirtualBox 4.2.10
    cpe:2.3:a:oracle:vm_virtualbox:4.2.10
  • Oracle VM VirtualBox 4.2.12
    cpe:2.3:a:oracle:vm_virtualbox:4.2.12
  • Oracle VM VirtualBox 4.2.14
    cpe:2.3:a:oracle:vm_virtualbox:4.2.14
  • Oracle VM VirtualBox 4.2.16
    cpe:2.3:a:oracle:vm_virtualbox:4.2.16
  • Oracle VM VirtualBox 4.2.18
    cpe:2.3:a:oracle:vm_virtualbox:4.2.18
  • Oracle VM VirtualBox 4.2.20
    cpe:2.3:a:oracle:vm_virtualbox:4.2.20
  • Oracle VM VirtualBox 4.2.22
    cpe:2.3:a:oracle:vm_virtualbox:4.2.22
  • Oracle VM VirtualBox 4.2.24
    cpe:2.3:a:oracle:vm_virtualbox:4.2.24
  • Oracle VM VirtualBox 4.2.26
    cpe:2.3:a:oracle:vm_virtualbox:4.2.26
  • Oracle VM VirtualBox 4.2.28
    cpe:2.3:a:oracle:vm_virtualbox:4.2.28
  • Oracle VM VirtualBox 4.2.30
    cpe:2.3:a:oracle:vm_virtualbox:4.2.30
  • Oracle VM VirtualBox 4.2.31
    cpe:2.3:a:oracle:vm_virtualbox:4.2.31
  • Oracle VM VirtualBox 4.2.32
    cpe:2.3:a:oracle:vm_virtualbox:4.2.32
  • Oracle VM VirtualBox 4.3.0
    cpe:2.3:a:oracle:vm_virtualbox:4.3.0
  • Oracle VM VirtualBox 4.3.2
    cpe:2.3:a:oracle:vm_virtualbox:4.3.2
  • Oracle VM VirtualBox 4.3.4
    cpe:2.3:a:oracle:vm_virtualbox:4.3.4
  • Oracle VM VirtualBox 4.3.6
    cpe:2.3:a:oracle:vm_virtualbox:4.3.6
  • Oracle VM VirtualBox 4.3.8
    cpe:2.3:a:oracle:vm_virtualbox:4.3.8
  • Oracle VM VirtualBox 4.3.10
    cpe:2.3:a:oracle:vm_virtualbox:4.3.10
  • Oracle VM VirtualBox 4.3.12
    cpe:2.3:a:oracle:vm_virtualbox:4.3.12
  • Oracle VM VirtualBox 4.3.14
    cpe:2.3:a:oracle:vm_virtualbox:4.3.14
  • Oracle VM VirtualBox 4.3.16
    cpe:2.3:a:oracle:vm_virtualbox:4.3.16
  • Oracle VM VirtualBox 4.3.18
    cpe:2.3:a:oracle:vm_virtualbox:4.3.18
  • Oracle VM VirtualBox 4.3.22
    cpe:2.3:a:oracle:vm_virtualbox:4.3.22
  • Oracle VM VirtualBox 4.3.24
    cpe:2.3:a:oracle:vm_virtualbox:4.3.24
  • Oracle VM VirtualBox 4.3.26
    cpe:2.3:a:oracle:vm_virtualbox:4.3.26
  • Oracle VM VirtualBox 4.3.28
    cpe:2.3:a:oracle:vm_virtualbox:4.3.28
  • Oracle VM VirtualBox 4.3.29
    cpe:2.3:a:oracle:vm_virtualbox:4.3.29
  • Oracle VM VirtualBox 4.3.30
    cpe:2.3:a:oracle:vm_virtualbox:4.3.30
  • Oracle VM VirtualBox 5.0.0
    cpe:2.3:a:oracle:vm_virtualbox:5.0.0
  • Oracle VM VirtualBox 5.0.2
    cpe:2.3:a:oracle:vm_virtualbox:5.0.2
  • Oracle VM VirtualBox 5.0.4
    cpe:2.3:a:oracle:vm_virtualbox:5.0.4
  • Oracle VM VirtualBox 5.0.6
    cpe:2.3:a:oracle:vm_virtualbox:5.0.6
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 5.0 (as of 17-05-2016 - 21:38)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Misc.
    NASL id VIRTUALBOX_5_0_8.NASL
    description The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, or 5.0.8. It is, therefore, affected by multiple unspecified flaws in the Core subcomponent. A local attacker can exploit these to cause a denial of service.
    last seen 2019-02-21
    modified 2018-11-08
    plugin id 86568
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86568
    title Oracle VM VirtualBox < 4.0.34 / 4.1.42 / 4.2.34 / 4.3.32 / 5.0.8 Multiple Core DoS (October 2015 CPU)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-839.NASL
    description The virtualbox package was updated to version 4.2.36 to fix the following security and non security issues : - Version bump tp 4.2.36 (released 2015-11-11 by Oracle) - several fixes - Oracle is not more specific - Version bump to 4.2.34 (released 2015-10-20 by Oracle) (bsc#951432) - CVE-2015-4813: Only Windows guests are impacted. Windows guests without VirtualBox Guest Additions installed are not affected. - CVE-2015-4896: Only VMs with Remote Display feature (RDP) enabled are impacted by CVE-2015-4896. - several fixes - Linux hosts: Linux 4.2 fix - Linux hosts: Linux 4.3 compile fixes - Windows hosts: hardening fixes - Linux Additions: Linux 4.2 fixes (bug #14227)
    last seen 2019-02-21
    modified 2016-01-23
    plugin id 87116
    published 2015-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87116
    title openSUSE Security Update : virtualbox (openSUSE-2015-839)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3384.NASL
    description Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86678
    published 2015-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86678
    title Debian DSA-3384-1 : virtualbox - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-688.NASL
    description VirtualBox was updated to 4.3.32 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-4813: Windows guests with guest additions installed could cause a hang or crash of VirtualBox. - CVE-2015-4896: Remote unauthenticated users could cause crash (DoS) via the network when the Remote Display feature (RDP) is enabled.
    last seen 2019-02-21
    modified 2016-01-23
    plugin id 86694
    published 2015-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86694
    title openSUSE Security Update : VirtualBox (openSUSE-2015-688)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7D40EDD1901E11E6A59014DAE9D210B8.NASL
    description Oracle reports reports : Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 93986
    published 2016-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93986
    title FreeBSD : VirtualBox -- undisclosed vulnerabilities (7d40edd1-901e-11e6-a590-14dae9d210b8)
refmap via4
bid 77198
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
debian DSA-3384
sectrack 1033880
suse
  • openSUSE-SU-2015:1855
  • openSUSE-SU-2015:2154
Last major update 23-12-2016 - 21:59
Published 21-10-2015 - 19:59
Last modified 12-02-2019 - 13:42
Back to Top