You are here

V-189: Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target Host

July 1, 2013 - 12:48am

Addthis

PROBLEM:

Oracle VirtualBox 'tracepath' Bug Lets Local Guest Users Deny Service on the Target Host

PLATFORM:

VirtualBox 4.2.12

ABSTRACT:

A vulnerability was reported in Oracle VirtualBox.

REFERENCE LINKS:

VirtualBox ticket: 11863
SecurityTracker Alert ID:  1028712

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A local user on the guest operating system can issue a 'tracepath' command to cause the network on the target host system to become unavailable.

IMPACT:

A local user on a guest operating system can cause denial of service conditions on the target host system.

SOLUTION:

The vendor has issued a workaround (4.2.14).

Addthis