[ad_1]
A now-patched vulnerability affecting Oracle VM VirtualBox might be probably exploited by an adversary to compromise the hypervisor and trigger a denial-of-service (DoS) situation.
“Simply exploitable vulnerability permits excessive privileged attacker with logon to the infrastructure the place Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox,” the advisory reads. “Profitable assaults of this vulnerability can lead to unauthorized means to trigger a cling or incessantly repeatable crash (full DoS) of Oracle VM VirtualBox”
Tracked as CVE-2021-2442 (CVSS rating: 6.0), the flaw impacts all variations of the product prior to six.1.24. SentinelLabs researcher Max Van Amerongen has been credited with discovering and reporting the problem, following which fixes have been rolled out by Oracle as a part of its Crucial Patch Replace for July 2021.
Oracle VM VirtualBox is an open-source and cross-platform hypervisor and desktop virtualization software program that permits customers to run a number of visitor working techniques comparable to Home windows, Linux distributions, OpenBSD, and Oracle Solaris on a single bodily machine.
“Works as each an out-of-bounds learn within the host course of, in addition to an integer underflow. In some cases, it will also be used to remotely DoS different Virtualbox digital machines,” Van Amerongen famous again in August.
Received one other Virtualbox vuln mounted (CVE-2021-2442)
Works as each an OOB learn within the host course of, in addition to an integer underflow. In some cases, it will also be used to remotely DoS different Virtualbox VMs! pic.twitter.com/Ir9YQgdZQ7
— maxpl0it (@maxpl0it) August 1, 2021
Additionally found by Van Amerongen are two different flaws affecting variations earlier than 6.1.20 and resolved by Oracle in April 2021 —
- CVE-2021-2145 (CVSS rating: 7.5): Oracle VirtualBox NAT Integer Underflow Privilege Escalation Vulnerability
- CVE-2021-2310 (CVSS rating: 7.5): Oracle VirtualBox NAT Heap-based Buffer Overflow Privilege Escalation Vulnerability (impacts , patched in April
Each the aforementioned points reside throughout the implementation of NAT that come up from an absence of correct validation of user-supplied information. Profitable assaults of the 2 shortcomings can allow an area adversary to escalate privileges and execute arbitrary code that ends in full takeover of a weak Oracle VM VirtualBox.
Provided that menace actors are recognized to maneuver quick to make the most of the safety hole afforded by unpatched vulnerabilities, it is important that organizations replace their VirtualBox installations to the most recent model to mitigate any danger of potential exploitation.
[ad_2]
