[German]Security researchers from SentinelLabs have taken a closer look at Oracle's virtualization solution Virtualbox, which runs on Windows, macOS and Linux. They found three vulnerabilities in the virtualization tool. A vulnerability in Oracle VM VirtualBox allows program takeover and denial-of-service (DoS) attacks by attackers. However, an update for Virtualbox is now available.
Virtualization Solution Virtualbox
Oracle VM VirtualBox is an open-source, cross-platform hypervisor and desktop virtualization software that allows users to run multiple guest operating systems such as Windows, Linux distributions, OpenBSD and Oracle Solaris on a single physical computer.
Virtualization is an exceedingly complex discipline. The complexity involved in both emulating hardware devices and securely routing data to real hardware is astounding. And one of the fundamental rules in cybersecurity is that where there is complexity, there are bugs
The vulnerabilities in Virtualbox
While analyzing Virtualbox, security researchers from SentinelLabs, the research division of SentinelLabs, discovered three vulnerabilities in the Oracle VM VirtualBox virtualization tool. Among other things, the vulnerabilities could be exploited by an attacker to compromise the hypervisor and cause a denial-of-service (DoS) condition.
- CVE-2021-2145: Oracle VirtualBox NAT Integer Underflow Privilege Escalation Vulnerability; Affects Virtualbox versions prior to 6.1.20. The hard-to-exploit vulnerability allows attackers with high privileges who log in to the infrastructure running Oracle VM VirtualBox to compromise Oracle VM VirtualBox.
- CVE-2021-2310: Oracle VirtualBox NAT Heap-based Buffer Overflow Privilege Escalation Vulnerability; Affects Virtualbox versions prior to 6.1.20. While the vulnerability is in Oracle VM VirtualBox, attacks can impact other products as well. Successful attacks against this vulnerability can lead to the takeover of Oracle VM VirtualBox.
- CVE-2021-2442: Oracle VirtualBox NAT UDP Header Out-of-Bounds; Affects Virtualbox versions prior to 6.1.24 The easily exploitable vulnerability allows attackers with high privileges who log in to the infrastructure running Oracle VM VirtualBox to compromise Oracle VM VirtualBox. While the vulnerability resides in Oracle VM VirtualBox, attacks can impact other products as well. Successful attacks against this vulnerability could cause Oracle VM VirtualBox to shut down or crash (full DOS) frequently on a repetitive basis by an unauthorized person.
The vulnerabilities listed with their CVE codes have already been patched in current versions of the software. Users with older versions should update to fix the problem.
Disclosure and countermeasures
The findings were proactively reported by SentinelLabs to the Zero Day Initiative and Oracle. At this time, SentinelOne has not discovered any evidence of successful exploits of the protocol by cybercriminals. Update patches to the vulnerabilities can be found in the latest version of the Oracle Critical Patch Update Advisory.
Since threat actors are known to act quickly to exploit a vulnerability resulting from unpatched vulnerabilities, it is imperative that enterprises and home users update their VirtualBox installations to the latest version to reduce the risk of potential exploitation. For more technical details on the disclosed vulnerabilities, see the full report from SentinelLabs.
Cookies helps to fund this blog: Cookie settings