Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ?
From: Moritz Mühlenhoff <jmm () inutil org>
Date: Tue, 26 Jul 2011 22:12:55 +0200

On Tue, Jul 26, 2011 at 11:26:29AM -0400, Dan Rosenberg wrote:
On Tue, Jul 26, 2011 at 11:19 AM, Moritz Muehlenhoff <jmm () debian org> wrote:
Hi,
does anyone have further information on
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2300 and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2305
and whether if affects the open source version of Virtual Box?


These issues were found by Tarjei Mandt, and are described in this blog post:
http://mista.nu/blog/author/mista/

CVE-2011-2300 allows gaining elevated privileges within a Windows
guest due to a vulnerability in the Windows Guest Additions.
CVE-2011-2305 allows executing arbitrary code on the host due to a
vulnerability in the VirtualBox graphics stack.

Tarjei found these issues via code auditing, so it follows that they
affect the open source version of VirtualBox.

Thanks, adding MITRE to CC:, so that they can update the descriptions
of the entries.

Cheers,
        Moritz


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault