漏洞类别:Local
漏洞等级: 
漏洞信息
VirtualBox is a general-purpose full virtualizer for x86 hardware, targeted at server, desktop and embedded use.
Multiple vulnerabilities were reported in Oracle VM VirtualBox. A local user can cause denial of service conditions on the target system. A local user can access and modify data on the target system. A local user can obtain elevated privileges on the target system.
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to gain elevated privileges [CVE-2017-3561, CVE-2017-3563, CVE-2017-3576].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service [CVE-2017-3558].
A local user can exploit a flaw in the Oracle VM VirtualBox Shared Folder component to modify data and cause denial of service conditions [CVE-2017-3587].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service [CVE-2017-3559].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to modify data and cause denial of service conditions [CVE-2017-3575].
A local user can exploit a flaw in the Oracle VM VirtualBox Shared Folder component to access and modify data [CVE-2017-3538].
A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data [CVE-2017-3513].
Affected Versions :
Oracle VM VirtualBox prior to 5.0.38, prior to 5.1.20
漏洞危害
A local user can cause denial of service conditions on the target system.
A local user can obtain data on the target system.
A local user can obtain elevated privileges on the target system.
A local user can modify data on the target system.
解决方案
The vendor has issued a fix (5.0.38, 5.1.20). Download latest version from here.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论