ID CVE-2016-0592
Summary Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.
References
Vulnerable Configurations
  • Oracle VM VirtualBox 4.0.32
    cpe:2.3:a:oracle:vm_virtualbox:4.0.32
  • Oracle VM VirtualBox 4.1.40
    cpe:2.3:a:oracle:vm_virtualbox:4.1.40
  • Oracle VM VirtualBox 5.0.0
    cpe:2.3:a:oracle:vm_virtualbox:5.0.0
  • Oracle VM VirtualBox 5.0.2
    cpe:2.3:a:oracle:vm_virtualbox:5.0.2
  • Oracle VM VirtualBox 5.0.4
    cpe:2.3:a:oracle:vm_virtualbox:5.0.4
  • Oracle VM VirtualBox 5.0.6
    cpe:2.3:a:oracle:vm_virtualbox:5.0.6
  • Oracle VM VirtualBox 5.0.8
    cpe:2.3:a:oracle:vm_virtualbox:5.0.8
  • Oracle VM Virtualbox 5.0.10
    cpe:2.3:a:oracle:vm_virtualbox:5.0.10
  • Oracle VM Virtualbox 5.0.12
    cpe:2.3:a:oracle:vm_virtualbox:5.0.12
  • Oracle VM Virtualbox 5.0.13
    cpe:2.3:a:oracle:vm_virtualbox:5.0.13
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 2.1 (as of 08-06-2016 - 10:26)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Misc.
    NASL id VIRTUALBOX_5_0_14.NASL
    description The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.14. It is, therefore, affected by the following vulnerabilities : - An unspecified vulnerability exists in the Core subcomponent that allows a remote attacker to affect the availability of the system. No other details are available. (CVE-2016-0495) - An unspecified vulnerability exists in the Core subcomponent that allows a local attacker to affect the availability of the system. No other details are available. (CVE-2016-0592) - An unspecified vulnerability exists in the Windows Installer subcomponent that allows a local attacker to gain elevated privileges. No other details are available. (CVE-2016-0602)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 88052
    published 2016-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88052
    title Oracle VM VirtualBox < 4.3.36 / 5.0.14 Multiple Vulnerabilities (January 2016 CPU)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3454.NASL
    description Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution. Upstream support for the 4.1 release series has ended and since no information is available which would allow backports of isolated security fixes, security support for virtualbox in wheezy/oldstable needed to be ended as well. If you use virtualbox with externally procured VMs (e.g. through vagrant) we advise you to update to Debian jessie.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88423
    published 2016-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88423
    title Debian DSA-3454-1 : virtualbox - security update
refmap via4
bid 81224
confirm http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
debian DSA-3454
sectrack 1034731
Last major update 07-12-2016 - 13:31
Published 20-01-2016 - 22:02
Last modified 19-02-2019 - 13:15
Back to Top