Hi, According to the same researcher, Virtualbox 5.2.22 fixes the vulnerability:
https://github.com/MorteNoir1/virtualbox_e1000_0day/issues/12 Regards, Mihai On Sat, 10 Nov 2018, 23:26 Stéphane Charette <[email protected] wrote: > This just hit Slashdot: "According to a text file uploaded on GitHub, > Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs > that can allow malicious code to escape the VirtualBox virtual machine > (the guest OS) and execute on the underlying (host) operating system." > > One example article: > https://www.zdnet.com/article/virtualbox-zero-day-published-by-disgruntled-researcher/ > > Slashdot: > https://developers.slashdot.org/story/18/11/10/1739206/disgruntled-security-researcher-publishes-major-virtualbox-0-day-exploit > > His github repo has the technical details. He shows how you can create a > console shell to start on the host by using a buffer overrun in the guest: > https://github.com/MorteNoir1/virtualbox_e1000_0day > > The "disgruntled security researcher" part is difficult to read and > understand due to broken English. More info is available on his github > page. > > Stéphane > > -- > > <https://about.me/stephane.charette?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb> > Stéphane Charette > about.me/stephane.charette > <https://about.me/stephane.charette?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb> > _______________________________________________ > vbox-dev mailing list > [email protected] > https://www.virtualbox.org/mailman/listinfo/vbox-dev >
_______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev
