Beschreibung
Multiple serious vulnerabilities were found in Oracle VM Virtual Box. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service.
Below is a complete list of vulnerabilities:
- Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited by attacker and human interaction from a person other than the attacker remotely via VRDP network access to to bypass security restrictions;
- Multiple vulnerabilities in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited by attacker and human interaction from a person other than the attacker localy via logon to the infrastructure without authentication to bypass security restrictions;
- Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited remotely via using OpenSSL protocol to cause denial of service.
Technical details
Vulnerability (3) is related to OpenSSL vulnerability (Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)). During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished.
Ursprüngliche Informationshinweise
Betroffene Produkte
CVE Liste
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com