| VID |
28240 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version xVM VirtualBox which is older than 3.0.4 has been installed on the host
The remote Windows host has an application that is affected by local denial of service vulnerabilities.
The remote host contains a version of Sun xVM VirtualBox, an open source virtualization platform, before 3.0.4. Such versions have multiple local denial of service vulnerabilities. A guest virtual machine (VM) can reboot the host machine by executing the 'sysenter' instruction. The vendor states there are several other denial of service vulnerabilities in addition to this.
An attacker with access to the guest VM could leverage these to cause a denial of service.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265268-1
http://forums.virtualbox.org/viewtopic.php?f=1&t=20948
* Platforms Affected:
Sun xVM VirtualBox prior to 3.0.4 |
| Recommendation |
Upgrade to the latest version of xVM VirtualBox (3.0.4 or later), available from the Mozilla Firefox Download Web page at http://www.virtualbox.org/wiki/Downloads |
| Related URL |
CVE-2009-2714,CVE-2009-2715 (CVE) |
| Related URL |
35915,35960 (SecurityFocus) |
| Related URL |
(ISS) |
|
