Vulnerability Name:

CVE-2009-3940 (CCN-54282)

Assigned:2009-11-13
Published:2009-11-13
Updated:2010-03-04
Summary:Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-3940

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:002

Source: CCN
Type: SA37363
Sun VirtualBox Guest Additions Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
38420

Source: CCN
Type: Sun Alert ID: 271149
Security Vulnerability in VirtualBox Guest Additions May Lead to Denial of Service against the Virtual Machine

Source: SUNALERT
Type: Patch, Vendor Advisory
271149

Source: CCN
Type: OSVDB ID: 60098
Sun VirtualBox Guest Additions Kernel Memory Exhaustion Local DoS

Source: CCN
Type: BID-37024
Sun VirtualBox Guest Additions Local Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
sun-xvm-virtualbox-dos(54282)

Source: SUSE
Type: SUSE-SR:2010:002
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:virtualbox:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:sun:virtualbox:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:virtualbox:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:virtualbox:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:virtualbox:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:virtualbox:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:virtualbox:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:sun:virtualbox:*:*:*:*:*:*:*:* (Version <= 3.0.8)
  • OR cpe:/a:sun:xvm_virtualbox:*:2.1:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:1.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:1.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:1.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:xvm_virtualbox:1.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:xvm_virtualbox:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:virtualbox:3.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20093940
    V
    		CVE-2009-3940
    2015-11-16
    BACK
    sun virtualbox 2.0.8
    sun virtualbox 2.0.10
    sun virtualbox 2.2
    sun virtualbox 3.0
    sun virtualbox 3.0.0
    sun virtualbox 3.0.2
    sun virtualbox 3.0.4
    sun virtualbox 3.0.6
    sun virtualbox *
    sun xvm virtualbox * 2.1
    sun xvm virtualbox 1.6
    sun xvm virtualbox 1.6.0
    sun xvm virtualbox 1.6.2
    sun xvm virtualbox 1.6.4
    sun xvm virtualbox 2.0.0
    sun xvm virtualbox 2.0.2
    sun xvm virtualbox 2.0.4
    sun xvm virtualbox 2.0.6
    sun xvm virtualbox 2.0.8
    sun xvm virtualbox 2.0.10
    sun xvm virtualbox 2.1.0
    sun xvm virtualbox 2.1.2
    sun xvm virtualbox 2.2
    sun xvm virtualbox 1.6.0
    sun xvm virtualbox 2.0.0
    sun xvm virtualbox 2.1.0
    sun virtualbox 3.0.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.0
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    mandriva linux 2009.1
    mandriva linux 2009.1
    mandriva linux 2010
    mandriva linux 2010