English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2018.0437
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2018-0437)
Resumen:The remote host is missing an update for the 'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) announced via the MGASA-2018-0437 advisory.
Descripción:Summary:
The remote host is missing an update for the 'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) announced via the MGASA-2018-0437 advisory.

Vulnerability Insight:
This update provides virtualbox 5.2.20 and fixes the following security
vulnerabilities:

During key agreement in a TLS handshake using a DH(E) based ciphersuite
a malicious server can send a very large prime value to the client. This
will cause the client to spend an unreasonably long period of time
generating a key for this prime resulting in a hang until the client has
finished. This could be exploited in a Denial Of Service attack
(CVE-2018-0732).

Vulnerability in VirtualBox contains an easily exploitable vulnerability
that allows unauthenticated attacker with logon to the infrastructure
where VirtualBox executes to compromise VirtualBox. Successful attacks
require human interaction from a person other than the attacker and while
the vulnerability is in VirtualBox, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result
in takeover of VirtualBox (CVE-2018-2909, CVE-2018-3287, (CVE-2018-3288,
CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293,
CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, CVE-2018-3298).

Vulnerability in VirtualBox contains an easily exploitable vulnerability
that allows unauthenticated attacker with llow privileged attacker with
network access via VRDP to compromise VirtualBox. Successful attacks
require human interaction from a person other than the attacker and while
the vulnerability is in VirtualBox, attacks may significantly impact
additional products. Successful attacks of this vulnerability can result
in takeover of VirtualBox (CVE-2018-3294).

For other fixes in this update, see the referenced changelog.

Affected Software/OS:
'kmod-vboxadditions, kmod-virtualbox, virtualbox' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-0732
BugTraq ID: 104442
http://www.securityfocus.com/bid/104442
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8b3ece4745cac4f8575b19098
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
https://security.netapp.com/advisory/ntap-20181105-0001/
https://security.netapp.com/advisory/ntap-20190118-0002/
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
https://www.openssl.org/news/secadv/20180612.txt
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.tenable.com/security/tns-2018-12
https://www.tenable.com/security/tns-2018-13
https://www.tenable.com/security/tns-2018-14
https://www.tenable.com/security/tns-2018-17
Debian Security Information: DSA-4348 (Google Search)
https://www.debian.org/security/2018/dsa-4348
Debian Security Information: DSA-4355 (Google Search)
https://www.debian.org/security/2018/dsa-4355
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
https://security.gentoo.org/glsa/201811-03
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
RedHat Security Advisories: RHSA-2018:2552
https://access.redhat.com/errata/RHSA-2018:2552
RedHat Security Advisories: RHSA-2018:2553
https://access.redhat.com/errata/RHSA-2018:2553
RedHat Security Advisories: RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3221
RedHat Security Advisories: RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2018:3505
RedHat Security Advisories: RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1296
RedHat Security Advisories: RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1297
RedHat Security Advisories: RHSA-2019:1543
https://access.redhat.com/errata/RHSA-2019:1543
http://www.securitytracker.com/id/1041090
https://usn.ubuntu.com/3692-1/
https://usn.ubuntu.com/3692-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-2909
BugTraq ID: 105619
http://www.securityfocus.com/bid/105619
http://www.securitytracker.com/id/1041887
Common Vulnerability Exposure (CVE) ID: CVE-2018-3287
Common Vulnerability Exposure (CVE) ID: CVE-2018-3288
SuSE Security Announcement: openSUSE-SU-2019:1814 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-3289
Common Vulnerability Exposure (CVE) ID: CVE-2018-3290
Common Vulnerability Exposure (CVE) ID: CVE-2018-3291
Common Vulnerability Exposure (CVE) ID: CVE-2018-3292
Common Vulnerability Exposure (CVE) ID: CVE-2018-3293
Common Vulnerability Exposure (CVE) ID: CVE-2018-3294
BugTraq ID: 105624
http://www.securityfocus.com/bid/105624
Common Vulnerability Exposure (CVE) ID: CVE-2018-3295
Common Vulnerability Exposure (CVE) ID: CVE-2018-3296
Common Vulnerability Exposure (CVE) ID: CVE-2018-3297
Common Vulnerability Exposure (CVE) ID: CVE-2018-3298
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.