Stories
Slash Boxes
Comments

SoylentNews is people

10 New VM Escape Vulnerabilities Discovered in VirtualBox

posted by Fnord666 on Monday January 29 2018, @11:40AM   Printer-friendly
from the don't-let-your-guests-escape dept.
Security

mrpg writes:

10 new VM escape vulnerabilities discovered in VirtualBox

Oracle has released patches for ten vulnerabilities in VirtualBox which allow attackers to break out of guest operating systems and attack the host operating system that VirtualBox runs on. Exploits using this method, known as a "virtual machine escape," have been the subject of intense interest among security researchers following the disclosure of the Venom vulnerability in 2015.

The vulnerabilities are collectively published as CVE-2018-2676, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE-2018-2694, and CVE-2018-2698. While they all share the same resultant effect, the method involved—and subsequently the ease with which attackers can leverage the vulnerability—varies.

Original Submission

This discussion has been archived. No new comments can be posted.
10 New VM Escape Vulnerabilities Discovered in VirtualBox | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 2) by NotSanguine on Monday January 29 2018, @03:14PM (3 children)

    by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Monday January 29 2018, @03:14PM (#629827) Homepage Journal

    I didn't use VirtualBox. I just thought it was that it was crap and from Oracle (fuck you, Larry Ellison).

    Apparently there are other reasons too. Who knew?

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr

    • (Score: 1, Informative) by Anonymous Coward on Tuesday January 30 2018, @03:04AM (2 children)

      by Anonymous Coward on Tuesday January 30 2018, @03:04AM (#630158)

      It's mostly FOSS and it wasn't created by Oracle.

      • (Score: 0) by Anonymous Coward on Tuesday January 30 2018, @08:43AM

        by Anonymous Coward on Tuesday January 30 2018, @08:43AM (#630248)

        So is MySQL and OpenOffice.

        You know, the database and office suite that nobody sane uses anymore.

      • (Score: 2) by NotSanguine on Tuesday January 30 2018, @02:48PM

        by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Tuesday January 30 2018, @02:48PM (#630370) Homepage Journal

        Regardless of who wrote it, it's still crap. I overwhelmingly prefer FOSS to COTS software. But a product actually has to be *good* for me to want to use it.
        Fortunately, there's xen and KVM and even esxi (free, not FOSS) which are all significantly superior to VirtualBox.

        The fact that Oracle maintains it is just another reason not to use it.

        --
        No, no, you're not thinking; you're just being logical. --Niels Bohr

  • (Score: 4, Insightful) by janrinok on Monday January 29 2018, @06:29PM (2 children)

    by janrinok (52) Subscriber Badge on Monday January 29 2018, @06:29PM (#629924) Journal

    I'd rather read about a company fixing known vulnerabilities than use software that is rarely updated. With the latter, one never knows whether no bugs are known, bugs are known but not being fixed, somebody has actually written 'perfect code' (yeah, course they have!), or nobody cares about the software at all.

    • (Score: 2) by mendax on Monday January 29 2018, @08:09PM (1 child)

      by mendax (2840) on Monday January 29 2018, @08:09PM (#629999)

      Does anyone even care about VirtualBox anymore? Oracle doesn't seem to care much about it anymore. They did release patches. I suppose that means something.

      --
      It's really quite a simple choice: Life, Death, or Los Angeles.

      • (Score: 0) by Anonymous Coward on Tuesday January 30 2018, @12:13AM

        by Anonymous Coward on Tuesday January 30 2018, @12:13AM (#630104)

        You are damned right people care.

(1)