Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ?
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Tue, 26 Jul 2011 11:26:29 -0400

On Tue, Jul 26, 2011 at 11:19 AM, Moritz Muehlenhoff <jmm () debian org> wrote:
Hi,
does anyone have further information on
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2300 and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305
and whether if affects the open source version of Virtual Box?


These issues were found by Tarjei Mandt, and are described in this blog post:
http://mista.nu/blog/author/mista/

CVE-2011-2300 allows gaining elevated privileges within a Windows
guest due to a vulnerability in the Windows Guest Additions.
CVE-2011-2305 allows executing arbitrary code on the host due to a
vulnerability in the VirtualBox graphics stack.

Tarjei found these issues via code auditing, so it follows that they
affect the open source version of VirtualBox.

-Dan


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]