Candidate: CVE-2014-0983
PublicDate: 2014-03-31 14:58:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0983
 http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
 https://www.virtualbox.org/changeset/50441/vbox
 http://secunia.com/advisories/57384
 http://seclists.org/fulldisclosure/2014/Mar/95
Description:
 Multiple array index errors in programs that are automatically generated by
 VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle
 VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D
 Acceleration, allow local guest OS users to execute arbitrary code on the
 Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted
 index, which are not properly handled by the (1)
 CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB
 function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the
 crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE
 to the crServerDispatchVertexAttrib1fARB function, (4)
 CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB
 function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the
 crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE
 to the crServerDispatchVertexAttrib2fARB function, (7)
 CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB
 function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the
 crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE
 to the crServerDispatchVertexAttrib3fARB function, (10)
 CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB
 function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the
 crServerDispatchVertexAttrib4dARB function, (12)
 CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB
 function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the
 crServerDispatchVertexAttrib4sARB function.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741602
 https://bugs.launchpad.net/ubuntu/precise/+source/virtualbox/+bug/1307725
Priority: medium
Discovered-by: Francisco Falcon
Assigned-to:
CVSS: 

Patches_virtualbox-ose:
upstream_virtualbox-ose: not-affected
lucid_virtualbox-ose: ignored (reached end-of-life)
precise_virtualbox-ose: DNE
quantal_virtualbox-ose: DNE
saucy_virtualbox-ose: DNE
trusty_virtualbox-ose: DNE
trusty/esm_virtualbox-ose: DNE
devel_virtualbox-ose: DNE

Patches_virtualbox:
 upstream: https://www.virtualbox.org/changeset/50441/vbox
upstream_virtualbox: released (4.3.8)
lucid_virtualbox: DNE
precise_virtualbox: released (4.1.12-dfsg-2ubuntu0.6)
quantal_virtualbox: ignored (reached end-of-life)
saucy_virtualbox: released (4.2.16-dfsg-3ubuntu0.1)
trusty_virtualbox: not-affected (4.3.10-dfsg-1)
trusty/esm_virtualbox: DNE (trusty was not-affected [4.3.10-dfsg-1])
devel_virtualbox: not-affected (4.3.10-dfsg-1)