SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle VM VirtualBox Vendors:   Oracle
Oracle VM VirtualBox Multiple Flaws Let Local Users Access and Modify Data, Deny Service, and Gain Elevated Privileges
SecurityTracker Alert ID:  1041296
SecurityTracker URL:  http://securitytracker.com/id/1041296
CVE Reference:   CVE-2018-3005, CVE-2018-3055, CVE-2018-3085, CVE-2018-3086, CVE-2018-3087, CVE-2018-3088, CVE-2018-3089, CVE-2018-3090, CVE-2018-3091   (Links to External Site)
Date:  Jul 17 2018
Impact:   Denial of service via local system, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Prior to 5.2.16
Description:   Multiple vulnerabilities were reported in Oracle VM VirtualBox. A local user can obtain elevated privileges on the target system. A local user can cause denial of service conditions on the target system. A local user can access and modify data on the target system.

A local user can exploit a flaw in the Oracle VM VirtualBox Core component to gain elevated privileges [CVE-2018-3086, CVE-2018-3087, CVE-2018-3088, CVE-2018-3089, CVE-2018-3090].

A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, modify data, and deny service [CVE-2018-3085].

A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data and cause denial of service conditions [CVE-2018-3055].

A local user can exploit a flaw in the Oracle VM VirtualBox Core component to access data [CVE-2018-3091].

A local user can exploit a flaw in the Oracle VM VirtualBox Core component to cause partial denial of service conditions [CVE-2018-3005].

An anonymous researcher working with Trend Micro's Zero Day Initiative, Niklas Baumstark working with Trend Micro's Zero Day Initiative, Root Object working with Trend Micro's Zero Day Initiative, and Thomas Barabosch of Fraunhofer FKIE reported these vulnerabilities.

Impact:   A local user can cause denial of service conditions on the target system.

A local user can obtain data on the target system.

A local user can obtain elevated privileges on the target system.

A local user can modify data on the target system.

Solution:   The vendor has issued a fix as part of the July 2018 Critical Patch Update.

The vendor advisory is available at:

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC