ID CVE-2016-0678
Summary Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
References
Vulnerable Configurations
  • Oracle VM Virtualbox 5.0.18
    cpe:2.3:a:oracle:vm_virtualbox:5.0.18
CVSS
Base: 4.1 (as of 21-04-2016 - 16:26)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Misc.
    NASL id VIRTUALBOX_5_0_18.NASL
    description The Oracle VM VirtualBox application installed on the remote host is a version prior to 4.3.36 or 5.0.18. It is, therefore, affected by an unspecified flaw in the Core subcomponent that allows a local attacker to gain elevated privileges. Additionally, multiple vulnerabilities exist in the bundled version of OpenSSL : - A flaw exists in the ssl3_get_key_exchange() function in file s3_clnt.c when handling a ServerKeyExchange message for an anonymous DH ciphersuite with the value of 'p' set to 0. A attacker can exploit this, by causing a segmentation fault, to crash an application linked against the library, resulting in a denial of service. (CVE-2015-1794) - A carry propagating flaw exists in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193) - A NULL pointer dereference flaw exists in file rsa_ameth.c due to improper handling of ASN.1 signatures that are missing the PSS parameter. A remote attacker can exploit this to cause the signature verification routine to crash, resulting in a denial of service condition. (CVE-2015-3194) - A flaw exists in the ASN1_TFLG_COMBINE implementation in file tasn_dec.c related to handling malformed X509_ATTRIBUTE structures. A remote attacker can exploit this to cause a memory leak by triggering a decoding failure in a PKCS#7 or CMS application, resulting in a denial of service. (CVE-2015-3195) - A race condition exists in s3_clnt.c that is triggered when PSK identity hints are incorrectly updated in the parent SSL_CTX structure when they are received by a multi-threaded client. A remote attacker can exploit this, via a crafted ServerKeyExchange message, to cause a double-free memory error, resulting in a denial of service. (CVE-2015-3196) - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to negotiate SSLv2 ciphers and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled on the server. Note that this vulnerability only exists if the SSL_OP_NO_SSLv2 option has not been disabled. (CVE-2015-3197)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 90680
    published 2016-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90680
    title Oracle VM VirtualBox < 4.3.36 / 5.0.18 Multiple Vulnerabilities (April 2016 CPU)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-672.NASL
    description Virtualbox was updated to 5.0.20 to fix the following issues : Version bump to 5.0.20 (released 2016-04-28 by Oracle) This is a maintenance release. The following items were fixed and/or added : - NAT Network: File VBoxNetNAT no longer requires suid - Storage: fixed a regression causing write requests from the BIOS to cause a Guru Meditation with the LsiLogic SCSI controller (5.0.18 regression; bug #15317) - Storage: several emulation fixes in the BusLogic SCSI controller emulation - NAT Network: support TCP in DNS proxy (same problem as in bug #14736 for NAT) - NAT: rework handling of port-forwarding rules (bug #13570) - NAT: rewrite host resolver to handle more query types and make it asynchronous so that a stalled lookup doesn't block all NAT traffic - Snapshots: don't crash when restoring a snapshot which has more network adapters than the current state (ie when the snapshot uses ICH9 and the current state uses PIIX3) - Guest Control: various bugfixes for the copyfrom and copyto commands / API (bug #14336) - VBoxManage: list processor features on list hostinfo (bug #15334) - Linux hosts: fix for Linux 4.5 if CONFIG_NET_CLS_ACT is enabled (bug #15327) - Windows Additions: fixed performance issues with PowerPoint 2010 and the WDDM graphics drivers if Aero is disabled Bugfixes : - Apply proper fix for boo#964765 that causes guest VMs using NAT Network attachments to fail to get network access. The basic problem is that file /usr/lib/virtualbox/VBoxNetNAT needs to have suid privilege, and the spec file was failing to set the appropriate permissions. - Implement VirtualBox version 5.0.18 in openSUSE 13.2. Previous to this point, oS 13.2 had been using 4.3.X, which was the VB series when 13.2 was released. This policy has been changed so that a fix for CVE-2016-0678 can be included in 13.2. Bug report b.o.o #97366 discusses this vulnerability. This submission also fixes the bug in VB 5.0.18 that prevents proper operation for guest VMs configured to use LsiLogic adapter for disks. See ticket: https://www.virtualbox.org/ticket/15317 for a description of the problem, and changeset: https://www.virtualbox.org/changeset/60565/vbox for the fix, which is implemented in file 'changeset_60565.diff'. Version bump to 5.0.18 (released 2016-04-18 by Oracle) This is a maintenance release. The following items were fixed and/or added : - GUI: position off-screen windows to be fully visible again on relaunch in consistence with default-behavior (bug #15226) - GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El Capitan - GUI: fixed a test which allowed to encrypt a hard disk with an empty password - GUI: fixed a crash under certain conditions during VM shutdown - GUI: fixed the size of the VM list scrollbar in the VM selector when entering a group - PC speaker passthrough: fixes (Linux hosts only; bug #627) - Drag and drop: several fixes - SATA: fixed hotplug flag handling when EFI is used - Storage: fixed handling of encrypted disk images with SCSI controllers (bug #14812) - Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI controller is used - USB: properly purge non-ASCII characters from USB strings (bugs #8801, #15222) - NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances (bug #15223) - ACPI: fixed ACPI tables to make the display color management settings available again for older Windows versions (4.3.22 regression) - Guest Control: fixed VBoxManage copyfrom command (bug #14336) - Snapshots: fixed several problems when removing older snapshots (bug #15206) - VBoxManage: fixed --verbose output of the guestcontrol command - Windows hosts: hardening fixes required for recent Windows 10 insider builds (bugs #15245, #15296) - Windows hosts: fixed support of jumbo frames in with bridged networking (5.0.16 regression; bug #15209) - Windows hosts: don't prevent receiving multicast traffic if host-only adapters are installed (bug #8698) - Linux hosts: added support for the new naming scheme of NVME disks when creating raw disks - Solaris hosts / guests: properly sign the kernel modules (bug #12608) - Linux hosts / guests: Linux 4.5 fixes (bug #15251) - Linux hosts / guests: Linux 4.6 fixes (bug #15298) - Linux Additions: added a kernel graphics driver to support graphics when X.Org does not have root rights (bug #14732) - Linux/Solaris Additions: fixed several issues causing Linux/Solatis guests using software rendering when 3D acceleration is available - Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 91483
    published 2016-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91483
    title openSUSE Security Update : virtualbox (openSUSE-2016-672)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-666.NASL
    description virtualbox was updated to 5.0.18 and also fixes the following issues : Version bump to 5.0.18 (released 2016-04-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI: position off-screen windows to be fully visible again on relaunch in consistence with default-behavior (bug #15226) GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El Capitan GUI: fixed a test which allowed to encrypt a hard disk with an empty password GUI: fixed a crash under certain conditions during VM shutdown GUI: fixed the size of the VM list scrollbar in the VM selector when entering a group PC speaker passthrough: fixes (Linux hosts only; bug #627) Drag and drop: several fixes SATA: fixed hotplug flag handling when EFI is used Storage: fixed handling of encrypted disk images with SCSI controllers (bug #14812) Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI controller is used USB: properly purge non-ASCII characters from USB strings (bugs #8801, #15222) NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances (bug #15223) ACPI: fixed ACPI tables to make the display color management settings available again for older Windows versions (4.3.22 regression) Guest Control: fixed VBoxManage copyfrom command (bug #14336) Snapshots: fixed several problems when removing older snapshots (bug #15206) VBoxManage: fixed --verbose output of the guestcontrol command Windows hosts: hardening fixes required for recent Windows 10 insider builds (bugs #15245, #15296) Windows hosts: fixed support of jumbo frames in with bridged networking (5.0.16 regression; bug #15209) Windows hosts: don't prevent receiving multicast traffic if host-only adapters are installed (bug #8698) Linux hosts: added support for the new naming scheme of NVME disks when creating raw disks Solaris hosts / guests: properly sign the kernel modules (bug #12608) Linux hosts / guests: Linux 4.5 fixes (bug #15251) Linux hosts / guests: Linux 4.6 fixes (bug #15298) Linux Additions: added a kernel graphics driver to support graphics when X.Org does not have root rights (bug #14732) Linux/Solaris Additions: fixed several issues causing Linux/Solatis guests using software rendering when 3D acceleration is available Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled Additional bugfixes : - Fix start failure of vboxadd service routine This script fails because /var/lib/VBoxGuestAdditions/config does not exist; however, there is no need for this file. That service routine is modified. (boo#977328). - Add missing initialization of scanout buffer base and size for proper fbdev support. - Add support for delayed_io in fbdev-layer. (boo#977200). - This submission fixes the bug in VB 5.0.18 that prevents proper operation for guest VMs configured to use a LsiLogic adapter for disks. See ticket: https://www.virtualbox.org/ticket/15317 for a description of the problem, and changeset: https://www.virtualbox.org/changeset/60565/vbox for the fix, which is implemented in file 'changeset_60565.diff'. This update contains a fix for CVE-2016-0678. Bug report boo#976636 discusses this vulnerability.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 91411
    published 2016-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91411
    title openSUSE Security Update : virtualbox (openSUSE-2016-666)
refmap via4
confirm http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
sectrack 1035607
suse
  • openSUSE-SU-2016:1451
  • openSUSE-SU-2016:1462
Last major update 02-12-2016 - 22:17
Published 21-04-2016 - 06:59
Back to Top