KLA11295
Multiple vulnerabilities in Oracle Virtual Box
Обновлено: 26/06/2019
Дата обнаружения
17/07/2018
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities were found in Virtual Box. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions and read local files.

Below is a complete list of vulnerabilities:

  1. Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited by attacker and human interaction from a person other than the attacker localy to bypass security restrictions or cause denial of service;
  2. Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited localy via unauthorized creation, deletion or modification access to critical data to cause denial of service;
  3. Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited by attacker and human interaction from a person other than the attacker localy to cause denial of service and read local files;
  4. Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core) can be exploited localy to cause partial denial of service.
Пораженные продукты

Oracle Virtual Box versions earlier than 5.2.16

Решение

Update to the latest version
Download Oracle Virtual Box

Первичный источник обнаружения
Oracle Critical Patch Update Advisory - July 2018
Оказываемое влияние
?
DoS 
[?]

SB 
[?]

RLF 
[?]
Связанные продукты
Oracle VirtualBox
CVE-IDS
CVE-2018-30864.4Warning
CVE-2018-30874.4Warning
CVE-2018-30884.4Warning
CVE-2018-30894.4Warning
CVE-2018-30904.4Warning
CVE-2018-30854.4Warning
CVE-2018-30553.3Warning
CVE-2018-30911.9Warning
CVE-2018-30052.1Warning