製品・ソフトウェアに関する情報

JVN脆弱性詳細

Oracle VM VirtualBox における Guest Additions for Windows の処理に関する脆弱性

Title	Oracle VM VirtualBox における Guest Additions for Windows の処理に関する脆弱性
Summary	Oracle VM VirtualBox には、Guest Additions for Windows に関する処理に不備があるため、機密性、完全性、可用性に影響のある脆弱性が存在します。
Possible impacts	ローカルユーザにより、情報が漏えいする、あるいは情報を改ざんされたり、サービス運用妨害 (DoS) 攻撃が行われる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 19, 2011, midnight
Registration Date	Aug. 4, 2011, 10:08 a.m.
Last Update	Sept. 9, 2011, 9:57 a.m.

Affected System

オラクル

Oracle VM VirtualBox 3.0

Oracle VM VirtualBox 3.1

Oracle VM VirtualBox 3.2

Oracle VM VirtualBox 4.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-2300	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2300
National Vulnerability Database (NVD)
2	CVE-2011-2300	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2300

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Oracle Critical Patch Update
1	cpujuly2011-313328	http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
SECURITY BLOG
2	july_2011_critical_patch_update	http://blogs.oracle.com/security/entry/july_2011_critical_patch_update
富士通セキュリティ情報
3	TA11-201A	http://software.fujitsu.com/jp/security/vulnerabilities/ta11-201a.html

その他

No	Name	URL
JVN
1	JVNTA11-201A	http://jvn.jp/cert/JVNTA11-201A
US-CERT Technical Cyber Security Alert
2	TA11-201A	http://www.us-cert.gov/cas/techalerts/TA11-201A.html

Change Log

No	Changed Details	Date of change
0	[2011年08月04日] 掲載 [2011年09月09日] 影響を受けるシステム：オラクル (cpujuly2011-313328) の情報を更新	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-2300

Summary	Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.
Publication Date	July 21, 2011, 9:55 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:27 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:oracle:vm_virtualbox:4.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://secunia.com/advisories/48755	Permissions Required Third Party Advisory
2	http://security.gentoo.org/glsa/glsa-201204-01.xml	Third Party Advisory
3	http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html	Patch Vendor Advisory
4	http://www.securitytracker.com/id?1025805	Third Party Advisory VDB Entry
5	http://www.us-cert.gov/cas/techalerts/TA11-201A.html	Third Party Advisory US Government Resource
6	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13148
7	http://secunia.com/advisories/48755	Permissions Required Third Party Advisory
8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13148
9	http://www.us-cert.gov/cas/techalerts/TA11-201A.html	Third Party Advisory US Government Resource
10	http://www.securitytracker.com/id?1025805	Third Party Advisory VDB Entry
11	http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html	Patch Vendor Advisory
12	http://security.gentoo.org/glsa/glsa-201204-01.xml	Third Party Advisory

Common Vulnerabilities List