SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle VM VirtualBox Vendors:   Oracle
Oracle VM VirtualBox Multiple Flaws Let Local and Remote Users Gain Elevated Privileges
SecurityTracker Alert ID:  1041887
SecurityTracker URL:  http://securitytracker.com/id/1041887
CVE Reference:   CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, CVE-2018-3298   (Links to External Site)
Date:  Oct 16 2018
Impact:   User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5.2.20
Description:   Multiple vulnerabilities were reported in Oracle VM VirtualBox. A remote or local user on the guest system can gain elevated privileges on the host system.

A remote authenticated user can exploit a flaw in the Oracle VM VirtualBox Core component to gain elevated privileges [CVE-2018-3294].

A local user can exploit a flaw in the Oracle VM VirtualBox Core component to gain elevated privileges [CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, CVE-2018-3298].

Add of MeePwn (via Trend Micro's Zero Day Initiative), Anonymous (via Trend Micro's Zero Day Initiative), Hysterical Raisins (via Trend Micro's Zero Day Initiative), Koustav Sadhukhan, Li Qiang of the Qihoo 360 Gear Team, Quang Nguyen of Viettel Cyber Security, and Root Object (via Trend Micro's Zero Day Initiative) reported these vulnerabilities.

Impact:   A local user on the guest system can gain elevated privileges on the host system.

A remote authenticated user can gain elevated privileges on the target system.

Solution:   The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - October 2018.

The vendor advisory is available at:

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC