Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0420

Overview

Vulnerability Score 2.4 2.4
CVE Id CVE-2013-0420
Last Modified 02 Nov 2013 11:29:48
Published 16 Jan 2013 08:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2013-0420

Summary

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."

Vulnerable Systems

Operating System

  • Novell Opensuse 12.1

  • Novell Opensuse 12.2

Application

  • Oracle Virtualization 4.0

  • Oracle Virtualization 4.1

  • Oracle Virtualization 4.2

  • Oracle Vm Virtualbox 4.0

  • Oracle Vm Virtualbox 4.1.0

  • Oracle Vm Virtualbox 4.2.0


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

MISC - https://www.virtualbox.org/changeset/44055/vbox

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=798776

SUSE - openSUSE-SU-2013:0231

MANDRIVA - MDVSA-2013:150


Last Updated: 27 May 2016 11:01:42