[vbox-dev] "Disgruntled Security Researcher Publishes Major VirtualBox 0-Day Exploit"
Mihai Hanor
quake2iasi at gmail.com
Sun Nov 11 07:09:37 GMT 2018
Hi,
According to the same researcher, Virtualbox 5.2.22 fixes the vulnerability:
https://github.com/MorteNoir1/virtualbox_e1000_0day/issues/12
Regards,
Mihai
On Sat, 10 Nov 2018, 23:26 Stéphane Charette <stephanecharette at gmail.com
wrote:
> This just hit Slashdot: "According to a text file uploaded on GitHub,
> Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs
> that can allow malicious code to escape the VirtualBox virtual machine
> (the guest OS) and execute on the underlying (host) operating system."
>
> One example article:
> https://www.zdnet.com/article/virtualbox-zero-day-published-by-disgruntled-researcher/
>
> Slashdot:
> https://developers.slashdot.org/story/18/11/10/1739206/disgruntled-security-researcher-publishes-major-virtualbox-0-day-exploit
>
> His github repo has the technical details. He shows how you can create a
> console shell to start on the host by using a buffer overrun in the guest:
> https://github.com/MorteNoir1/virtualbox_e1000_0day
>
> The "disgruntled security researcher" part is difficult to read and
> understand due to broken English. More info is available on his github
> page.
>
> Stéphane
>
> --
>
> <https://about.me/stephane.charette?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>
> Stéphane Charette
> about.me/stephane.charette
> <https://about.me/stephane.charette?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20181111/b6e9be97/attachment.html>
More information about the vbox-dev
mailing list