Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2015.268
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-268-1)
Summary:	The remote host is missing an update for the Debian 'virtualbox-ose' package(s) announced via the DLA-268-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'virtualbox-ose' package(s) announced via the DLA-268-1 advisory. Vulnerability Insight: Three vulnerabilities have been fixed in the Debian squeeze-lts version of VirtualBox (package name: virtualbox-ose), a x86 virtualisation solution. CVE-2015-0377 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0418). CVE-2015-0418 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0377). CVE-2015-3456 The Floppy Disk Controller (FDC) in QEMU, also used in VirtualBox and other virtualization products, allowed local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Affected Software/OS: 'virtualbox-ose' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.7 CVSS Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0377 BugTraq ID: 72219 http://www.securityfocus.com/bid/72219 Debian Security Information: DSA-3143 (Google Search) http://www.debian.org/security/2015/dsa-3143 https://security.gentoo.org/glsa/201612-27 http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf http://secunia.com/advisories/62694 SuSE Security Announcement: openSUSE-SU-2015:0229 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html XForce ISS Database: oracle-cpujan2015-cve20150377(100176) https://exchange.xforce.ibmcloud.com/vulnerabilities/100176 Common Vulnerability Exposure (CVE) ID: CVE-2015-0418 BugTraq ID: 72194 http://www.securityfocus.com/bid/72194 XForce ISS Database: oracle-cpujan2015-cve20150418(100182) https://exchange.xforce.ibmcloud.com/vulnerabilities/100182 Common Vulnerability Exposure (CVE) ID: CVE-2015-3456 BugTraq ID: 74640 http://www.securityfocus.com/bid/74640 Debian Security Information: DSA-3259 (Google Search) http://www.debian.org/security/2015/dsa-3259 Debian Security Information: DSA-3262 (Google Search) http://www.debian.org/security/2015/dsa-3262 Debian Security Information: DSA-3274 (Google Search) http://www.debian.org/security/2015/dsa-3274 https://www.exploit-db.com/exploits/37053/ http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html https://security.gentoo.org/glsa/201602-01 https://security.gentoo.org/glsa/201604-03 HPdes Security Advisory: HPSBMU03336 http://marc.info/?l=bugtraq&m=143229451215900&w=2 HPdes Security Advisory: HPSBMU03349 http://marc.info/?l=bugtraq&m=143387998230996&w=2 HPdes Security Advisory: SSRT102076 http://venom.crowdstrike.com/ https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10 RedHat Security Advisories: RHSA-2015:0998 http://rhn.redhat.com/errata/RHSA-2015-0998.html RedHat Security Advisories: RHSA-2015:0999 http://rhn.redhat.com/errata/RHSA-2015-0999.html RedHat Security Advisories: RHSA-2015:1000 http://rhn.redhat.com/errata/RHSA-2015-1000.html RedHat Security Advisories: RHSA-2015:1001 http://rhn.redhat.com/errata/RHSA-2015-1001.html RedHat Security Advisories: RHSA-2015:1002 http://rhn.redhat.com/errata/RHSA-2015-1002.html RedHat Security Advisories: RHSA-2015:1003 http://rhn.redhat.com/errata/RHSA-2015-1003.html RedHat Security Advisories: RHSA-2015:1004 http://rhn.redhat.com/errata/RHSA-2015-1004.html RedHat Security Advisories: RHSA-2015:1011 http://rhn.redhat.com/errata/RHSA-2015-1011.html http://www.securitytracker.com/id/1032306 http://www.securitytracker.com/id/1032311 http://www.securitytracker.com/id/1032917 SuSE Security Announcement: SUSE-SU-2015:0889 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html SuSE Security Announcement: SUSE-SU-2015:0896 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html SuSE Security Announcement: SUSE-SU-2015:0923 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html SuSE Security Announcement: SUSE-SU-2015:0927 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html SuSE Security Announcement: SUSE-SU-2015:0929 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html SuSE Security Announcement: openSUSE-SU-2015:0893 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html SuSE Security Announcement: openSUSE-SU-2015:0894 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html SuSE Security Announcement: openSUSE-SU-2015:0983 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html SuSE Security Announcement: openSUSE-SU-2015:1400 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html http://www.ubuntu.com/usn/USN-2608-1
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.