Summary
Francisco Falcon discovered that missing input sanitizing in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system.
Solution
For the oldstable distribution (squeeze), these problems have been fixed in version 3.2.10-dfsg-1+squeeze3.
For the stable distribution (wheezy), these problems have been fixed in version 4.1.18-dfsg-2+deb7u3.
For the testing distribution (jessie), these problems have been fixed in version 4.3.10-dfsg-1.
For the unstable distribution (sid), these problems have been fixed in version 4.3.10-dfsg-1.
We recommend that you upgrade your virtualbox packages.
Insight
VirtualBox is a free x86 virtualization solution allowing a wide range of x86 operating systems such as Windows, DOS, BSD or Linux to run on a Linux system.
Affected
virtualbox on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0981, CVE-2014-0983 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities