漏洞类别:Local
漏洞等级: 
漏洞信息
An x86 virtualization software package developed by Oracle.
Multiple vulnerabilities were reported in Oracle VM VirtualBox.
A remote user can exploit a flaw in the Oracle VM VirtualBox VirtualBox Remote Desktop Extension (VRDE) component to access and modify data [CVE-2016-5605].
A remote authenticated user can exploit a flaw in the Virtual Desktop Infrastructure Apache Commons Collection component to gain elevated privileges [CVE-2015-7501].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to gain elevated privileges [CVE-2016-5501].
A remote user can exploit a flaw in the Virtual Desktop Infrastructure Bouncy Castle Java component to access data [CVE-2015-7940].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to gain elevated privileges [CVE-2016-5538].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially modify data and cause partial denial of service conditions [CVE-2016-5610].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to cause denial of service conditions [CVE-2016-5608].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data [CVE-2016-5611].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to cause partial denial of service conditions [CVE-2016-5613].
Affected versions
Oracle VM VirtualBox prior to 5.0.28, 5.1.4, 5.1.8
漏洞危害
A remote user can obtain data on the target system.
A remote user can modify data on the target system.
A local user can cause denial of service conditions on the target system.
A local user can obtain data on the target system.
A local user can obtain elevated privileges on the target system.
A local user can modify data on the target system.
解决方案
The vendor has issued a fix as part of the October 2016 Oracle Critical Patch Update. Download it from here.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论