[vbox-dev] "Disgruntled Security Researcher Publishes Major VirtualBox 0-Day Exploit"

Mihai Hanor quake2iasi at gmail.com
Sun Nov 11 07:09:37 GMT 2018


According to the same researcher, Virtualbox 5.2.22 fixes the vulnerability:



On Sat, 10 Nov 2018, 23:26 Stéphane Charette <stephanecharette at gmail.com

> This just hit Slashdot:  "According to a text file uploaded on GitHub,
> Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs
> that can allow malicious code to escape the VirtualBox virtual machine
> (the guest OS) and execute on the underlying (host) operating system."
> One example article:
> https://www.zdnet.com/article/virtualbox-zero-day-published-by-disgruntled-researcher/
> Slashdot:
> https://developers.slashdot.org/story/18/11/10/1739206/disgruntled-security-researcher-publishes-major-virtualbox-0-day-exploit
> His github repo has the technical details.  He shows how you can create a
> console shell to start on the host by using a buffer overrun in the guest:
> https://github.com/MorteNoir1/virtualbox_e1000_0day
> The "disgruntled security researcher" part is difficult to read and
> understand due to broken English.  More info is available on his github
> page.
> Stéphane
> --
> <https://about.me/stephane.charette?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>
> Stéphane Charette
> about.me/stephane.charette
> <https://about.me/stephane.charette?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20181111/b6e9be97/attachment.html>

More information about the vbox-dev mailing list