[vbox-dev] "Disgruntled Security Researcher Publishes Major VirtualBox 0-Day Exploit"
quake2iasi at gmail.com
Sun Nov 11 07:09:37 UTC 2018
According to the same researcher, Virtualbox 5.2.22 fixes the vulnerability:
On Sat, 10 Nov 2018, 23:26 Stéphane Charette <stephanecharette at gmail.com
> This just hit Slashdot: "According to a text file uploaded on GitHub,
> Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs
> that can allow malicious code to escape the VirtualBox virtual machine
> (the guest OS) and execute on the underlying (host) operating system."
> One example article:
> His github repo has the technical details. He shows how you can create a
> console shell to start on the host by using a buffer overrun in the guest:
> The "disgruntled security researcher" part is difficult to read and
> understand due to broken English. More info is available on his github
> Stéphane Charette
> vbox-dev mailing list
> vbox-dev at virtualbox.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vbox-dev