KLA11405
Multiple vulnerabilities in Oracle Virtual Box
Updated: 06/26/2019
Detect date
?
01/15/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in Oracle Virtual Box. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions and cause denial of service.

Below is a complete list of vulnerabilities:

  1. Multiple vulnerabilities in Core component of Oracle VM VirtualBox can be exploited locally to obtain sensitive information.
  2. Multiple vulnerabilities in Core component of Oracle VM VirtualBox can be exploited locally to cause denial of service.
  3. Multiple vulnerabilities in Core component of Oracle VM VirtualBox can be exploited locally to obtain sensitive information, bypass security restrictions and cause denial of service.
  4. Vulnerability in Web Server (Apache HTTP Server) component of Oracle Secure Global Desktop (SGD) can be exploited remotely to cause denial of service.
  5. Vulnerability in Core component of Oracle VM VirtualBox can be exploited remotely to cause denial of service.
  6. Vulnerability in Application Server (Apache Tomcat) component of Oracle Secure Global Desktop (SGD) can be exploited remotely to bypass security restrictions.
  7. Vulnerability in Core (OpenSSL) component of Oracle VM VirtualBox can be exploited remotely to obtain sensitive information.
Affected products

Oracle VM Virtual Box versions earlier than 5.2.24
Oracle VM Virtual Box versions earlier than 6.0.2
 

Solution

Update to the latest version
Download Oracle Virtual Box

Original advisories

Oracle Critical Patch Update Advisory – January 2019

Impacts
?
OSI 
[?]

DoS 
[?]
CVE-IDS
?
CVE-2019-25008.8Critical
CVE-2019-25248.8Critical
CVE-2019-25528.8Critical
CVE-2018-33098.2Critical
CVE-2019-25207.8Critical
CVE-2019-25217.8Critical
CVE-2019-25227.8Critical
CVE-2019-25237.8Critical
CVE-2019-25267.8Critical
CVE-2019-25487.8Critical
CVE-2019-25117.5Critical
CVE-2019-25086.5High
CVE-2019-25096.5High
CVE-2019-25276.5High
CVE-2019-24506.5High
CVE-2019-24516.5High
CVE-2019-25556.5High
CVE-2019-25546.5High
CVE-2019-25566.5High
CVE-2018-07345.9High
CVE-2019-25255.6High
CVE-2019-24465.5High
CVE-2019-24485.5High
CVE-2019-25013.8Warning
CVE-2019-25043.8Warning
CVE-2019-25053.8Warning
CVE-2019-25063.8Warning
CVE-2019-25533.8Warning