Descripción
Multiple serious vulnerabilities were found in Oracle VM Virtual Box. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service.
Below is a complete list of vulnerabilities:
- Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited by attacker and human interaction from a person other than the attacker remotely via VRDP network access to to bypass security restrictions;
- Multiple vulnerabilities in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited by attacker and human interaction from a person other than the attacker localy via logon to the infrastructure without authentication to bypass security restrictions;
- Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited remotely via using OpenSSL protocol to cause denial of service.
Technical details
Vulnerability (3) is related to OpenSSL vulnerability (Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)). During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished.
Notas informativas originales
Explotación
Public exploits exist for this vulnerability.
Productos relacionados
Lista CVE
- CVE-2018-3294 critical
- CVE-2018-3288 critical
- CVE-2018-3289 critical
- CVE-2018-3290 critical
- CVE-2018-3296 critical
- CVE-2018-3297 critical
- CVE-2018-2909 critical
- CVE-2018-3298 critical
- CVE-2018-3291 critical
- CVE-2018-3292 critical
- CVE-2018-3293 critical
- CVE-2018-3295 critical
- CVE-2018-3287 critical
- CVE-2018-0732 critical
Leer más
Conozca las estadísticas de las vulnerabilidades que se propagan en su región statistics.securelist.com