Security
Qubes OS and colored-border spoofing
A bug in the graphical user interface (GUI) of the security-focused
Qubes OS distribution
("A reasonably secure operating system
") would allow malicious
applications to fool
users—just the kind of thing that the OS focuses on preventing. While the
bug itself is fairly run of the mill, its existence is more evidence, if
any is really needed, that security is hard—and that there are plentiful
pitfalls for distributions of this type.
The idea behind Qubes OS has not changed much since we first looked at it back in 2010: isolate different applications (and groups of applications) into separate security domains using Xen virtual machines (VMs). That way, a compromise in a web browser, say, cannot access programs, devices (e.g. webcams or microphones), or data that is not sharing the same VM with the compromised program.
![[Qubes OS desktop]](https://static.lwn.net/images/2016/qubes-colors-sm.png "Qubes OS desktop")
In order to help users differentiate the programs running in different domains, Qubes OS colors the window borders of each application with a color that indicates which "qube" it belongs to. In the default install, three qubes are created: work, personal, and untrusted. Programs running within each get the same color; the Get Started document suggests using green for a trusted qube, red for untrusted, and yellow/orange for those in between. An example from that page (seen at right) shows a word processor with a green border and a web browser with red.
But applications control the contents of their windows and can create their own
"windows" that have any border color
they choose, as long as those windows are completely within the main
application window. As the Security
Guidelines document says: "Remember that a 'red' Firefox, can
always draw a 'green' password prompt box, and you don’t want to enter your
password there!
" It suggests using desktop effects (such as Alt-Tab
or
"Present Windows" in KDE/Plasma) or moving suspect windows to the trusted
background wallpaper. That way, Qubes OS can show the window with its
proper
border color or otherwise indicate which VM the window belongs to.
Qubes OS does all of this by running the desktop environment and main X server in the privileged domain (i.e. dom0). A GUI protocol is used to communicate from the qubes to the X server. There is an X server and GUI client running in each qube that communicate with a GUI daemon running in dom0. That is what allows Qubes OS to enforce its rules on windows that are created in the qubes.
However a bug reported in mid-September provides another way that a malicious application could fool users into entering sensitive information into untrusted qubes. X11 has an override_redirect flag that can be set by applications for windows that are not meant to be handled by the window manager (typically for UI elements like tooltips or menus). The Qubes OS GUI component uses the flag to determine if it should manage the window (to draw small colored borders around menus/tooltips and to ensure that those borders are visible on the screen) or if the window manager will draw the window decorations that include the larger colored border.
Applications are allowed to change the value of the override_redirect property and Qubes OS will track that change. But, due to the bug, it only tracks it internally and does not actually make the change to the window using the X API. That means a window that disables override_redirect will be treated by Qubes OS as if it is being managed by the window manager, but the window manager will not be informed that it should be doing so. That will allow malicious applications to spoof windows and confuse users.
Using the Alt-Tab window switcher or "Expose-like" effects (as suggested before inputting sensitive information) in the desktop environment may help users see that something strange is going on. But that adds another "ease of use" barrier for users—even if it has been the recommended practice all along.
While spoofing in the GUI is clearly the biggest threat, there is a kind of
denial-of-service (DoS) attack that a malicious application can perform.
Creating large windows that are not managed can completely obscure the rest
of the desktop and, since there is no window manager placing controls on
the windows for closing or minimizing them, the user will have no easy way
to get rid of them. The advisory does list some ways around that problem,
which may involve blindly typing into a privileged terminal
application—something that seems a bit worrisome. This GUI DoS
attack has been known for some time and the advisory notes that "Qubes should offer a more user-friendly solution to deal
with such GUI DoS attacks
".
The problem has existed since the initial commit of the GUI daemon back in 2010. It was fixed in mid-September and is available in version 3.2.5 and higher of the qubes-gui-dom0 package (or 3.1.5 and higher for those running Qubes OS 3.1).
The bug in some ways highlights the difficulties in providing a more secure environment for users—and in how to display that information in a cohesive and comprehensible way. Qubes OS has done an admirable job of trying to make it easier for users but, as always, bugs will creep in. Part of the problem may be the need to rely on applications that have been built on top of protocols and libraries that long pre-date the security needs of today's users. The window handling in X11 leads to the suggested Alt-Tab dance, for example.
One wonders if Wayland, which was designed with security more in mind, will eventually help here. It will seemingly be a while (still) before Wayland-native applications are commonplace and, of course, bugs will still be present, but a security-focused design may eventually lead to better desktop security for Qubes OS and others—or not, only time will truly tell.
Brief items
Security quotes of the week
More information about Dirty COW (aka CVE-2016-5195)
The security hole fixed in the 4.8.3, 4.7.9, and 4.4.26 stable kernel updates has been dubbed Dirty COW (CVE-2016-5195) by a site devoted to the kernel privilege escalation vulnerability. There is some indication that it is being exploited in the wild. Ars Technica has some additional information. The Red Hat bugzilla entry and advisory are worth looking at as well.
New vulnerabilities
asterisk: two vulnerabilities
| Package(s): | asterisk | CVE #(s): | CVE-2016-2232 CVE-2016-7551 | ||||||||
| Created: | October 26, 2016 | Updated: | October 26, 2016 | ||||||||
| Description: | From the CVE entry:
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost. (CVE-2016-2232) From the Debian advisory: Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation. | ||||||||||
| Alerts: |
| ||||||||||
bind: denial of service
| Package(s): | bind | CVE #(s): | CVE-2016-2848 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 21, 2016 | Updated: | October 26, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat advisory:
A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. (CVE-2016-2848) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
graphicsmagick: multiple vulnerabilities
| Package(s): | graphicsmagick | CVE #(s): | CVE-2016-6823 CVE-2016-7101 CVE-2016-7515 CVE-2016-7517 CVE-2016-7519 CVE-2016-7522 CVE-2016-7524 CVE-2016-7528 CVE-2016-7529 CVE-2016-7531 CVE-2016-7533 CVE-2016-7537 | ||||||||||||||||||||||||||||||||||||
| Created: | October 26, 2016 | Updated: | October 26, 2016 | ||||||||||||||||||||||||||||||||||||
| Description: | From the openSUSE advisory:
- security update: * CVE-2016-7529 [boo#1000399] * CVE-2016-7528 [boo#1000434] * CVE-2016-7515 [boo#1000689] * CVE-2016-7517 [boo#1000693] * CVE-2016-7519 [boo#1000695] * CVE-2016-7522 [boo#1000698] * CVE-2016-7524 [boo#1000700] * CVE-2016-7531 [boo#1000704] * CVE-2016-7533 [boo#1000707] * CVE-2016-7537 [boo#1000711] * CVE-2016-6823 [boo#1001066] * CVE-2016-7101 [boo#1001221] * do not divide by zero in WriteTIFFImage [boo#1002206] * fix buffer overflow [boo#1002209] | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
graphicsmagick: multiple vulnerabilities
| Package(s): | graphicsmagick | CVE #(s): | CVE-2015-8957 CVE-2015-8958 CVE-2016-7516 CVE-2016-7526 CVE-2016-7527 | ||||||||||||||||||||
| Created: | October 26, 2016 | Updated: | October 26, 2016 | ||||||||||||||||||||
| Description: | From the openSUSE advisory:
- CVE-2015-8957: Buffer overflow in sun file handling (bsc#1000690) - CVE-2015-8958: Potential DOS in sun file handling due to malformed files (bsc#1000691) - CVE-2016-7516: Out of bounds problem in rle, pict, viff and sun files (bsc#1000692) - CVE-2016-7526: out-of-bounds write in ./MagickCore/pixel-accessor.h (bsc#1000702) - CVE-2016-7527: out of bound access in wpg file coder: (bsc#1000436) | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
graphicsmagick: three vulnerabilities
| Package(s): | graphicsmagick | CVE #(s): | CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 | ||||||||||||||||||||||||||||||||||||
| Created: | October 26, 2016 | Updated: | October 26, 2016 | ||||||||||||||||||||||||||||||||||||
| Description: | From the Mageia advisory:
Stack-based buffer overflow in ReadSCTImage (CVE-2016-8682). Memory allocation failure in ReadPCXImage (CVE-2016-8683). Memory allocation failure in MagickMalloc (CVE-2016-8684). | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
kdump: denial of service
| Package(s): | kdump | CVE #(s): | CVE-2016-5759 | ||||
| Created: | October 24, 2016 | Updated: | October 26, 2016 | ||||
| Description: | From the openSUSE advisory:
CVE-2016-5759: Use full path to dracut as argument to bash. See the bug report for more information. | ||||||
| Alerts: |
| ||||||
kernel: local privilege escalation (Dirty COW)
| Package(s): | kernel | CVE #(s): | CVE-2016-5195 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 26, 2016 | Updated: | November 1, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The so-called "Dirty COW" vulnerability is a race condition in the kernel's memory-management code that is readily exploitable by a local attacker to run code in kernel mode. The bug is several years old, and numerous exploits exist. Fixes were shipped in the 4.8.3, 4.7.9, and 4.4.26 stable updates and will appear in the mainline in 4.9. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel: three vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2016-0823 CVE-2016-6327 CVE-2016-7117 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 26, 2016 | Updated: | February 15, 2017 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries:
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. (CVE-2016-0823) drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. (CVE-2016-6327) Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. (CVE-2016-7117) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel: denial of service
| Package(s): | kernel | CVE #(s): | CVE-2016-8658 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 24, 2016 | Updated: | October 26, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the openSUSE advisory:
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2015-8956 CVE-2016-7042 CVE-2016-7425 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 20, 2016 | Updated: | December 1, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
CVE-2015-8956: It was discovered that missing input sanitising in RFCOMM Bluetooth socket handling may result in denial of service or information leak. CVE-2016-7042: Ondrej Kozina discovered that incorrect buffer allocation in the proc_keys_show() function may result in local denial of service. CVE-2016-7425: Marco Grassi discovered a buffer overflow in the arcmsr SCSI driver which may result in local denial of service, or potentially, arbitrary code execution. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
libX11: denial of service
| Package(s): | libX11 | CVE #(s): | CVE-2016-7942 CVE-2016-7943 | ||||||||||||||||
| Created: | October 24, 2016 | Updated: | October 27, 2016 | ||||||||||||||||
| Description: | From the openSUSE advisory:
insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
mozilla: two vulnerabilities
| Package(s): | firefox seamonkey | CVE #(s): | CVE-2016-5287 CVE-2016-5288 | ||||||||||||||||||||
| Created: | October 26, 2016 | Updated: | November 9, 2016 | ||||||||||||||||||||
| Description: | From the openSUSE advisory:
* CVE-2016-5287: Crash in nsTArray_base (bsc#1006475) * CVE-2016-5288: Web content can read cache entries (bsc#1006476) | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
mysql: multiple unspecified vulnerabilities
| Package(s): | mysql | CVE #(s): | CVE-2016-5584 CVE-2016-7440 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 25, 2016 | Updated: | November 16, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Ubuntu advisory:
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.53 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 16.10 have been updated to MySQL 5.7.16. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nginx: privilege escalation
| Package(s): | nginx | CVE #(s): | CVE-2016-1247 | ||||||||||||||||||||||||||||
| Created: | October 26, 2016 | Updated: | January 16, 2017 | ||||||||||||||||||||||||||||
| Description: | From the Debian advisory:
Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability (www-data to root) due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made accessible to local users, and local users may be able to read the log files themselves local until the next logrotate invocation. | ||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||
nspr, nss: information disclosure
| Package(s): | nspr nss | CVE #(s): | |||||||||
| Created: | October 26, 2016 | Updated: | October 26, 2016 | ||||||||
| Description: | From the Debian LTS advisory:
The Network Security Service (NSS) libraries uses environment variables to configure lots of things, some of which refer to file system locations. Others can degrade the operation of NSS in various ways, forcing compatibility modes and so on. Previously, these environment variables were not ignored SUID binaries. This version of NetScape Portable Runtime Library (NSPR) introduce a new API, PR_GetEnVSecure, to address this. | ||||||||||
| Alerts: |
| ||||||||||
openslp: code execution
| Package(s): | openslp | CVE #(s): | CVE-2016-7567 | ||||||||
| Created: | October 21, 2016 | Updated: | October 26, 2016 | ||||||||
| Description: | From the Mageia advisory:
A memory corruption bug was present in openslp due to lack of bounds checking in SLPFoldWhiteSpace() (CVE-2016-7567). | ||||||||||
| Alerts: |
| ||||||||||
perl-Image-Info: information disclosure
| Package(s): | perl-Image-Info | CVE #(s): | CVE-2016-9181 | ||||||||
| Created: | October 26, 2016 | Updated: | November 4, 2016 | ||||||||
| Description: | From the Red Hat bugzilla:
The Image::Info package makes no precautions against external entity expansion in SVG files. A crafted file could cause information disclosure or denial of service. See also the CVE assignment email. | ||||||||||
| Alerts: |
| ||||||||||
php: multiple vulnerabilities
| Package(s): | php | CVE #(s): | CVE-2016-9137 | ||||||||||||||||||||||||||||||||||||
| Created: | October 24, 2016 | Updated: | November 21, 2016 | ||||||||||||||||||||||||||||||||||||
| Description: | PHP 5.6.27 fixes multiple vulnerabilities. See the PHP changelog for details.
One of these issues was assigned CVE-2016-9137. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
php-pecl-zip: multiple vulnerabilities
| Package(s): | php-pecl-zip | CVE #(s): | |||||||||
| Created: | October 24, 2016 | Updated: | October 26, 2016 | ||||||||
| Description: | From the Fedora advisory:
**Version 1.13.5** - Fixed bug php#72660 (NULL Pointer dereference in zend_virtual_cwd). (Laruence) - Fixed bug php#68302 (impossible to compile php with zip support). (cmb) - Fixed bug php#70752 (Depacking with wrong password leaves 0 length files). (cmb) | ||||||||||
| Alerts: |
| ||||||||||
potrace: multiple vulnerabilities
| Package(s): | potrace | CVE #(s): | CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 | ||||
| Created: | October 26, 2016 | Updated: | October 26, 2016 | ||||
| Description: | From the Debian LTS advisory:
CVE-2016-8694, CVE-2016-8695, CVE-2016-8696: Multiple NULL pointer dereferences in bm_readbody_bmp. This bug was discovered by Agostino Sarubbo of Gentoo. CVE-2016-8697: Division by zero in bm_new. This bug was discovered by Agostino Sarubbo of Gentoo. CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, CVE-2016-8703: Multiple heap-based buffer overflows in bm_readbody_bmp. This bug was discovered by Agostino Sarubbo of Gentoo. | ||||||
| Alerts: |
| ||||||
qemu: denial of service
| Package(s): | qemu | CVE #(s): | CVE-2016-7155 | ||||||||||||
| Created: | October 24, 2016 | Updated: | October 26, 2016 | ||||||||||||
| Description: | From the SUSE advisory:
In the VMWARE PVSCSI paravirtual SCSI bus a OOB access and/or infinite loop issue could have allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#997858) | ||||||||||||||
| Alerts: |
| ||||||||||||||
qemu: three vulnerabilities
| Package(s): | qemu | CVE #(s): | CVE-2016-8577 CVE-2016-8578 CVE-2016-8669 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | October 26, 2016 | Updated: | October 26, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Debian LTS advisory:
CVE-2016-8577: Quick Emulator (Qemu) built with the virtio-9p back-end support is vulnerable to a memory leakage issue. It could occur while doing a I/O read operation in v9fs_read() routine. CVE-2016-8578: Quick Emulator (Qemu) built with the virtio-9p back-end support is vulnerable to a null pointer dereference issue. It could occur while doing an I/O vector unmarshalling operation in v9fs_iov_vunmarshal() routine. CVE-2016-8669: Quick Emulator (Qemu) built with the 16550A UART emulation support is vulnerable to a divide by zero issue. It could occur while updating serial device parameters in 'serial_update_parameters'. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
virtualbox: multiple unspecified vulnerabilities
| Package(s): | virtualbox | CVE #(s): | CVE-2016-5501 CVE-2016-5538 CVE-2016-5605 CVE-2016-5608 CVE-2016-5610 CVE-2016-5611 CVE-2016-5613 | ||||||||||||||||||||
| Created: | October 25, 2016 | Updated: | January 24, 2017 | ||||||||||||||||||||
| Description: | From the NVD entries:
CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538. CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501. CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613. CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core. CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
Page editor: Jake Edge
Next page:
Kernel development>>