pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2021-2470/definitions.json

271 lines
14 KiB
JSON
Raw Normal View History

ALT Vulnerability
2024-06-28 13:17:52 +00:00
{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20212470",
"Version": "oval:org.altlinux.errata:def:20212470",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-2470: package `virtualbox` update to version 6.1.24-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-2470",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-2470",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-01674",
"RefURL": "https://bdu.fstec.ru/vul/2022-01674",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01829",
"RefURL": "https://bdu.fstec.ru/vul/2022-01829",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02250",
"RefURL": "https://bdu.fstec.ru/vul/2022-02250",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02251",
"RefURL": "https://bdu.fstec.ru/vul/2022-02251",
"Source": "BDU"
},
ALT Vulnerability
2024-07-22 03:04:10 +00:00
{
"RefID": "CVE-2008-3431",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2008-3431",
"Source": "CVE"
},
ALT Vulnerability
2024-06-28 13:17:52 +00:00
{
"RefID": "CVE-2021-2409",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2409",
"Source": "CVE"
},
{
"RefID": "CVE-2021-2442",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2442",
"Source": "CVE"
},
{
"RefID": "CVE-2021-2443",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2443",
"Source": "CVE"
},
{
"RefID": "CVE-2021-2454",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-2454",
"Source": "CVE"
}
],
ALT Vulnerability
2024-07-22 03:04:10 +00:00
"Description": "This update upgrades virtualbox to version 6.1.24-alt1. \nSecurity Fix(es):\n\n * BDU:2022-01674: Уязвимость компонента Core программного средства виртуализации VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01829: Уязвимость компонента Core программного средства виртуализации VM VirtualBox, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-02250: Уязвимость компонента Core программного средства виртуализации VM VirtualBox, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-02251: Уязвимость компонента Core программного средства виртуализации VM VirtualBox, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2008-3431: The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\\\.\\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.\n\n * CVE-2021-2409: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).\n\n * CVE-2021-2442: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).\n\n * CVE-2021-2443: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible
ALT Vulnerability
2024-06-28 13:17:52 +00:00
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-08-09"
},
"Updated": {
ALT Vulnerability
2024-07-22 03:04:10 +00:00
"Date": "2024-07-21"
ALT Vulnerability
2024-06-28 13:17:52 +00:00
},
"BDUs": [
{
"ID": "BDU:2022-01674",
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://bdu.fstec.ru/vul/2022-01674",
"Impact": "Low",
"Public": "20210720"
},
{
"ID": "BDU:2022-01829",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2022-01829",
"Impact": "High",
"Public": "20210720"
},
{
"ID": "BDU:2022-02250",
"CVSS": "AV:L/AC:L/Au:S/C:P/I:P/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2022-02250",
"Impact": "High",
"Public": "20210422"
},
{
"ID": "BDU:2022-02251",
"CVSS": "AV:L/AC:L/Au:S/C:P/I:P/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2022-02251",
"Impact": "High",
"Public": "20210720"
}
],
"CVEs": [
ALT Vulnerability
2024-07-22 03:04:10 +00:00
{
"ID": "CVE-2008-3431",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2008-3431",
"Impact": "High",
"Public": "20080805"
},
ALT Vulnerability
2024-06-28 13:17:52 +00:00
{
"ID": "CVE-2021-2409",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2409",
"Impact": "High",
"Public": "20210721"
},
{
"ID": "CVE-2021-2442",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2442",
"Impact": "Low",
"Public": "20210721"
},
{
"ID": "CVE-2021-2443",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2443",
"Impact": "High",
"Public": "20210721"
},
{
"ID": "CVE-2021-2454",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-2454",
"Impact": "High",
"Public": "20210721"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20212470001",
"Comment": "kernel-source-vboxdrv is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470002",
"Comment": "kernel-source-vboxguest is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470003",
"Comment": "kernel-source-vboxnetadp is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470004",
"Comment": "kernel-source-vboxnetflt is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470005",
"Comment": "kernel-source-vboxsf is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470006",
"Comment": "kernel-source-vboxvideo is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470007",
"Comment": "python3-module-vboxapi is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470008",
"Comment": "virtualbox is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470009",
"Comment": "virtualbox-common is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470010",
"Comment": "virtualbox-doc is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470011",
"Comment": "virtualbox-guest-additions is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470012",
"Comment": "virtualbox-guest-common is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470013",
"Comment": "virtualbox-guest-common-vboxguest is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470014",
"Comment": "virtualbox-guest-common-vboxsf is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470015",
"Comment": "virtualbox-guest-common-vboxvideo is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470016",
"Comment": "virtualbox-guest-utils is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470017",
"Comment": "virtualbox-sdk is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470018",
"Comment": "virtualbox-sdk-xpcom is earlier than 0:6.1.24-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212470019",
"Comment": "virtualbox-webservice is earlier than 0:6.1.24-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue Copy Permalink