Fortinet Discovers Oracle VirtualBox Denial of Service Vulnerability
Fortinet's FortiGuard Labs has discovered a Denial of Service (DoS) vulnerability in Oracle VirtualBox.
Oracle VirtualBox is a cross-platform virtualization application.
A DoS vulnerability has been discovered in Oracle VirtualBox versions prior to 5.2.26 and 6.0.4. It exists because VirtualBox fails to handle a crafted TCP session sent from a Virtual Machine (VM), which will cause all the VMs in the VirtualBox can't connect the network.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jan 11, 2019
Users should apply the solution provided by Oracle.
Fortinet reported the vulnerability to Oracle on December 6, 2018.
Oracle confirmed the vulnerability on January 11, 2019.
Oracle patched the vulnerability on January 28, 2019.
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.