[vbox-dev] "Disgruntled Security Researcher Publishes Major VirtualBox 0-Day Exploit"
Stéphane Charette
stephanecharette at gmail.com
Sat Nov 10 21:25:12 GMT 2018
This just hit Slashdot: "According to a text file uploaded on GitHub,
Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs
that can allow malicious code to escape the VirtualBox virtual machine (the
guest OS) and execute on the underlying (host) operating system."
One example article:
https://www.zdnet.com/article/virtualbox-zero-day-published-by-disgruntled-researcher/
Slashdot:
https://developers.slashdot.org/story/18/11/10/1739206/disgruntled-security-researcher-publishes-major-virtualbox-0-day-exploit
His github repo has the technical details. He shows how you can create a
console shell to start on the host by using a buffer overrun in the guest:
https://github.com/MorteNoir1/virtualbox_e1000_0day
The "disgruntled security researcher" part is difficult to read and
understand due to broken English. More info is available on his github
page.
Stéphane
--
<https://about.me/stephane.charette?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>
Stéphane Charette
about.me/stephane.charette
<https://about.me/stephane.charette?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20181110/525058d1/attachment.html>
More information about the vbox-dev
mailing list