Oracle VM VirtualBox Privilege Escalation Vulnerability
BID:105854
Info
Oracle VM VirtualBox Privilege Escalation Vulnerability
| Bugtraq ID: | 105854 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2018 12:00AM |
| Updated: | Nov 07 2018 12:00AM |
| Credit: | Sergey Zelenyuk |
| Vulnerable: |
Oracle VM VirtualBox 5.2.20 Oracle VM VirtualBox 5.2.18 Oracle VM VirtualBox 5.2.16 Oracle VM VirtualBox 5.2.10 Oracle VM VirtualBox 5.2.6 Oracle VM VirtualBox 5.2.4 Oracle VM VirtualBox 5.2.2 Oracle VM VirtualBox 5.2 Oracle VM VirtualBox 5.1.36 Oracle VM VirtualBox 5.1.32 Oracle VM VirtualBox 5.1.20 Oracle VM VirtualBox 5.1.16 Oracle VM VirtualBox 5.1.14 Oracle VM VirtualBox 5.1.10 Oracle VM VirtualBox 5.1.8 Oracle VM VirtualBox 5.0.38 Oracle VM VirtualBox 5.0.34 Oracle VM VirtualBox 5.0.32 Oracle VM VirtualBox 5.0.28 Oracle VM VirtualBox 5.0.26 Oracle VM VirtualBox 5.0.22 Oracle VM VirtualBox 5.0.16 Oracle VM VirtualBox 5.0.14 Oracle VM VirtualBox 5.0.13 Oracle VM VirtualBox 5.0.12 Oracle VM VirtualBox 5.0.11 Oracle VM VirtualBox 5.0.10 Oracle VM VirtualBox 5.0.9 Oracle VM VirtualBox 5.0.8 Oracle VM VirtualBox 4.3.36 Oracle VM VirtualBox 4.3.35 Oracle VM VirtualBox 4.3.34 Oracle VM VirtualBox 4.3.33 Oracle VM VirtualBox 4.3.32 Oracle VM VirtualBox 4.3.26 Oracle VM VirtualBox 4.3.20 Oracle VM VirtualBox 4.3.19 Oracle VM VirtualBox 4.3.18 Oracle VM VirtualBox 4.3.17 Oracle VM VirtualBox 4.3.16 Oracle VM VirtualBox 4.3.15 Oracle VM VirtualBox 4.3.14 Oracle VM VirtualBox 4.3.12 Oracle VM VirtualBox 4.3.10 Oracle VM VirtualBox 4.3.9 Oracle VM VirtualBox 4.3.8 Oracle VM VirtualBox 4.3.7 Oracle VM VirtualBox 4.3.5 Oracle VM VirtualBox 4.2.36 Oracle VM VirtualBox 4.2.35 Oracle VM VirtualBox 4.2.34 Oracle VM VirtualBox 4.2.30 Oracle VM VirtualBox 4.2.27 Oracle VM VirtualBox 4.2.26 Oracle VM VirtualBox 4.2.24 Oracle VM VirtualBox 4.2.23 Oracle VM VirtualBox 4.2.19 Oracle VM VirtualBox 4.2.18 Oracle VM VirtualBox 4.2.14 Oracle VM VirtualBox 4.2.12 Oracle VM VirtualBox 4.2 Oracle VM VirtualBox 4.1.44 Oracle VM VirtualBox 4.1.43 Oracle VM VirtualBox 4.1.42 Oracle VM VirtualBox 4.1.38 Oracle VM VirtualBox 4.1.35 Oracle VM VirtualBox 4.1.34 Oracle VM VirtualBox 4.1.32 Oracle VM VirtualBox 4.1.31 Oracle VM VirtualBox 4.1.29 Oracle VM VirtualBox 4.1.28 Oracle VM VirtualBox 4.1.24 Oracle VM VirtualBox 4.1.22 Oracle VM VirtualBox 4.1.20 Oracle VM VirtualBox 4.1.18 Oracle VM VirtualBox 4.1.16 Oracle VM VirtualBox 4.1.14 Oracle VM VirtualBox 4.1.10 Oracle VM VirtualBox 4.1.8 Oracle VM VirtualBox 4.0.36 Oracle VM VirtualBox 4.0.35 Oracle VM VirtualBox 4.0.34 Oracle VM VirtualBox 4.0.30 Oracle VM VirtualBox 4.0.27 Oracle VM VirtualBox 4.0.26 Oracle VM VirtualBox 4.0.24 Oracle VM VirtualBox 4.0.23 Oracle VM VirtualBox 4.0.21 Oracle VM VirtualBox 4.0.20 Oracle VM VirtualBox 4.0.18 Oracle VM VirtualBox 3.2.25 Oracle VM VirtualBox 3.2.24 Oracle VM VirtualBox 3.2.22 Oracle VM VirtualBox 3.2.21 Oracle VM VirtualBox 3.2.19 Oracle VM VirtualBox 3.2.18 Oracle VM VirtualBox 3.2.14 Oracle VM VirtualBox 3.0.1 Oracle VM VirtualBox 1.6.6 Oracle VM VirtualBox 5.1.30 Oracle VM VirtualBox 5.1.24 Oracle VM VirtualBox 5.0.18 Oracle VM VirtualBox 5.0 Oracle VM VirtualBox 4.3.6 Oracle VM VirtualBox 4.3.4 Oracle VM VirtualBox 4.3.2 Oracle VM VirtualBox 4.3.0 Oracle VM VirtualBox 4.3 Oracle VM VirtualBox 4.2.8 Oracle VM VirtualBox 4.2.6 Oracle VM VirtualBox 4.2.4 Oracle VM VirtualBox 4.2.22 Oracle VM VirtualBox 4.2.20 Oracle VM VirtualBox 4.2.2 Oracle VM VirtualBox 4.2.16 Oracle VM VirtualBox 4.2.10 Oracle VM VirtualBox 4.2.0-RC3 Oracle VM VirtualBox 4.2 Oracle VM VirtualBox 4.1.6 Oracle VM VirtualBox 4.1.4 Oracle VM VirtualBox 4.1.30 Oracle VM VirtualBox 4.1.26 Oracle VM VirtualBox 4.1.2 Oracle VM VirtualBox 4.1.12 Oracle VM VirtualBox 4.1.0 Oracle VM VirtualBox 4.1 Oracle VM VirtualBox 4.0.8 Oracle VM VirtualBox 4.0.6 Oracle VM VirtualBox 4.0.4 Oracle VM VirtualBox 4.0.22 Oracle VM VirtualBox 4.0.2 Oracle VM VirtualBox 4.0.16 Oracle VM VirtualBox 4.0.14 Oracle VM VirtualBox 4.0.12 Oracle VM VirtualBox 4.0.10 Oracle VM VirtualBox 4.0.0 Oracle VM VirtualBox 4.0 Oracle VM VirtualBox 3.3 Oracle VM VirtualBox 3.2.8 Oracle VM VirtualBox 3.2.6 Oracle VM VirtualBox 3.2.4 Oracle VM VirtualBox 3.2.20 Oracle VM VirtualBox 3.2.2 Oracle VM VirtualBox 3.2.16 Oracle VM VirtualBox 3.2.12 Oracle VM VirtualBox 3.2.10 Oracle VM VirtualBox 3.2.0 Oracle VM VirtualBox 3.2 Oracle VM VirtualBox 3.1.8 Oracle VM VirtualBox 3.1.6 Oracle VM VirtualBox 3.1.4 Oracle VM VirtualBox 3.1.2 Oracle VM VirtualBox 3.1.0 Oracle VM VirtualBox 3.1 Oracle VM VirtualBox 3.0.8 Oracle VM VirtualBox 3.0.6 Oracle VM VirtualBox 3.0.4 Oracle VM VirtualBox 3.0.2 Oracle VM VirtualBox 3.0.14 Oracle VM VirtualBox 3.0.12 Oracle VM VirtualBox 3.0.10 Oracle VM VirtualBox 3.0.0 Oracle VM VirtualBox 2.2.4 Oracle VM VirtualBox 2.2.2 Oracle VM VirtualBox 2.2.0 Oracle VM VirtualBox 2.2 Oracle VM VirtualBox 2.1.4 Oracle VM VirtualBox 2.1.2 Oracle VM VirtualBox 2.1.0 Oracle VM VirtualBox 2.1 Oracle VM VirtualBox 2.0.8 Oracle VM VirtualBox 2.0.6 Oracle VM VirtualBox 2.0.4 Oracle VM VirtualBox 2.0.2 Oracle VM VirtualBox 2.0.12 Oracle VM VirtualBox 2.0.10 Oracle VM VirtualBox 2.0.0 Oracle VM VirtualBox 1.6.4 Oracle VM VirtualBox 1.6.2 Oracle VM VirtualBox 1.6.0 Oracle VM VirtualBox 1.6 |
| Not Vulnerable: | |
Discussion
Oracle VM VirtualBox Privilege Escalation Vulnerability
Oracle VM VirtualBox is prone to a remote privilege-escalation vulnerability.
An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks.
VirtualBox 5.2.20 and prior are vulnerable.
Oracle VM VirtualBox is prone to a remote privilege-escalation vulnerability.
An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks.
VirtualBox 5.2.20 and prior are vulnerable.
Exploit / POC
Oracle VM VirtualBox Privilege Escalation Vulnerability
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution / Fix
Oracle VM VirtualBox Privilege Escalation Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Oracle VM VirtualBox Privilege Escalation Vulnerability
References:
References:
- VirtualBox Homepage (Sun Microsystems)
- virtualbox_e1000_0day (Github)
- VirtualBox zero-day published by disgruntled researcher (Zdnet)